Americans are dining out again in many cities, albeit on a very limited test basis, as individual U.S. states reopen restaurants according to various phased plans. That’s a positive sign, with summer underway and people longing for a return to familiar pre-pandemic routines.
But some shifts that occurred due to COVID-19 will have lasting impacts, and the restaurant sector is seeing more of that than most. The habit of mobile ordering food for delivery hit new heights during the lockdowns, for example, and it’s one change that isn’t going anywhere.
With its new importance as a revenue stream, mobile ordering is driven in part by reviews and the exchange of customer data. Where you find customer data, you also find cybercrooks.
“Social media and online review websites play crucial roles in attracting business, with 72 percent of customers using Facebook to decide where to eat or where to place a mobile order and one-third of customers avoiding restaurants with less than a four-star Yelp rating,” according to the June 2020 edition of PYMNTS’ Mobile Order-Ahead Tracker® done in collaboration with Kount. “Both of these channels are thus perfect targets for fraud, with cybercriminals posing as restaurants on social media and attempting to scam customers of their personal data, and fake reviews driving customers away from restaurants.”
A Fraudster’s Feast
With studies showing that 92 percent of consumers read online restaurant reviews, and one-third of them bypassing any eatery with less than four stars, it’s not surprising that close to 60 percent of restaurant owners feel reviews drive business better than advertising. It’s a powerful inducement to social, but quick-service restaurants (QSRs) and other food establishments that have heavied-up on mobile order-ahead are also seeing upticks in cybercrime riding along.
The ensuing attack vector known “card testing” is a technique favored by fraudsters, where a series of small purchases are made to mimic valid user behavior before a larger theft is tried. Successful attacks are often the result of inadequate digital defenses meeting these methods.
“Many QSRs are not ‘digital natives’ and lack the depth of technology and fraud prevention experience to anticipate card testing attacks, and fast approvals without manual reviews are essential when dealing with consumers looking to quickly grab their food and go,” Stuppy said.
“After one of these attacks, businesses are left with lost product and costly chargebacks when the consumer realizes [her] card was stolen. Those chargebacks can lead to fees and expensive dispute monitoring programs. A solid fraud prevention solution is a QSR’s first line of defense against card testing attacks.”
Securing Social for the MOA Future
Mobile order-ahead kept many Americans fed during the lockdowns, as evidenced by findings of digital bank Current that “… 16 percent [of the $1,200 stimulus payments made to individuals was spent on] restaurant and takeout orders,” according to the latest Tracker.