Why Restaurants are Experiencing an Increase in Fraud

In recent years, the restaurant industry has experienced a massive shift in customer buying behaviors. This is especially true for quick-service restaurants (QSRs). A post-pandemic world wrought with the rising cost of goods has led customers to expect high quality food at low prices, with easy online ordering and delivery options.

As a merchant in the industry, you have had to quickly adapt and respond to these new customer demands. But fulfilling those demands has also exposed you to new threats and restaurant fraud attacks that you don’t have experience with.

To keep up with evolving trends in the industry and to minimize risk, you need to be aware of the threats targeting your business.

Difficulty Managing Risk and Customer Friction

Consumers now expect flexible ways of ordering and receiving food from their favorite restaurants.

According to Restaurant Business, 60% of restaurant operators say that offering delivery options has increased their sales. Meanwhile, about 56% of customers and restaurant owners want online ordering in a restaurant app, according to madmobile. Some even want options to order digitally at a restaurant.

These trends indicate that, if you haven’t already, you may want to consider offering delivery services, online ordering, and in-store kiosks. Implementing these offerings are great ways to boost your business.

But they unfortunately come with a lot of risk. And managing those risks can be a challenge for a few reasons.

Experience

Managing fraud is not your core competency — building the business is. So mitigating risks may not be part of your strategy at all.

Even if you are aware of the different types of fraud that are threatening the restaurant industry today, you might not know how to effectively deal with them.

Low Profit Margins

Restaurants generally have low profit margins, so you need to generate the most revenue possible. However, the more customers you bring in, the higher your chances are of accepting orders from fraudsters and opportunistic customers who increase your risk of fraud. And the more fraud you experience, the more revenue you’ll lose.

It is a vicious cycle of risk and reward.

Friction & False Positives

Fraud management is all about detecting suspicious activity and stopping those who want to take advantage of you.

However, that review and decision-making process has to be completed in a matter of seconds. Because delays like additional verification steps or declined orders add unnecessary friction for your customers.

So the process has to be quick, and it has to be accurate. Because if you make the wrong decision and incorrectly block a good customer — a mistake known as a false positive — you will most likely upset that customer.

And upset customers probably won’t give you a second chance — even ones that used to be loyal. They might leave you for a competitor and never come back.

That’s a lot of bad news. But fortunately, there’s an easy solution: technology.

Fraud detection and prevention technology can be customized to detect the unique challenges you face with three major benefits.

• Accurate assessments: Technology can catch fraudsters without scaring away good customers.
• Quick decision-making: Technology makes decisions in less than 200 milliseconds.
• Easy implementation: A team of experts will help you set up the technology so you get the results you expect.

Inundation of Account Takeover Fraud

Customers are looking for more personalized experiences and rewards in exchange for their loyalty to your business. In fact, 43% of customers want restaurant loyalty programs.

Adapting these offerings is great for boosting your business, and you would be wise to do so. But they unfortunately come with a lot of risk.

Introducing loyalty programs and online ordering services means that customers will create online accounts. And because these online accounts — filled with payment information and rewards that are equal to cash — are incredibly valuable, they are highly vulnerable to account takeover attacks.

Account takeover (ATO) fraud is the act of breaking into a user’s account with malicious intent. This can be done through credential stuffing or brute force attack.

ATO attacks are an increasing threat. According to a press release from Restaurant Dive, more than half of the restaurants and grocery stores surveyed (54.2%) said they had seen fraud issues with their loyalty programs.

One of the reasons ATO attacks are so popular is because more than 60% of consumers admit to reusing passwords across online accounts. This means it’s relatively easy for fraudsters to gain access to accounts. And once they break in, they get access to valuable information that can be used or sold.

The consequences of account takeover fraud are severe.

The first thing you lose when an account takeover happens is revenue — lots of it. If one customer files a dispute for a $50 purchase, you lose that $50 plus the cost of the food — and you’ll have to pay for chargeback fees.

That’s just one customer. Imagine if you’re dealing with a massive attack and 1,000 customers file disputes for $50 or more. In 2021, the average cost of a data breach for hospitality services cost $3.03 million dollars.

Second, and perhaps more devastating, is that your brand image becomes tainted. An account takeover attack can cost customers up to $290 and 15 hours to resolve, according to an article from PYMNTS. That’s a lot for customers to deal with — and they are going to tell people how frustrated they are.

You may have already lost loyal customers to the attack. But you could lose more potential customers when you show up in news articles for fraud.

The key to preventing account takeover attacks is to make sure you have the right protection in place before an attack happens.

Implement a fraud solution that can assess suspicious behavior on your apps and online ordering systems. Then automatically block or challenge the behavior so that you don’t have to waste time guessing what might be wrong with your systems.

Easy Targets for Card Testing

Card testing is the process of making small purchases to test the validity of stolen payment information. And you are a prime target for this kind of fraud.

Fraudsters want to see if the stolen payment information is still good. They do that by making a low-dollar transaction that won’t be flagged as fraud. And QSRs are ideal for card testing because low-dollar transactions aren’t usually suspicious.

Plus, fraudsters can test dozens of cards at once, especially if you have an app. They might not need to actually buy anything to test the card. They could just add the card to the app and run it through authorization. And they can do that thousands of times in a row.

Simply submitting an authorization request might not seem like a big deal. But it is.

All authorization requests include a fee. Maybe it’s only a nickel per authorization. But if you have to pay a nickel for 10,000 plus interactions, the bill adds up quickly.

Declined authorizations also put your merchant account at risk.

If you have a lot of authorization declines for fraudulent transactions, banks will notice and label you a high-risk merchant. Then, when new transactions come in — even from good customers — banks might automatically decline the requests. This means you’ll lose lots of sales.

Unfortunately, it’s really difficult to track this kind of fraud on your own. Manually reviewing every small transaction to find the card testers would be a waste of your time.

Instead, employ a fraud detection system that analyzes data from a global network and compares that data to the interactions happening in your ecosystem. Then, you can decipher good activity from bad — and reject the bad automatically.