7 Fraud Schemes Targeting Restaurants and QSRs

When fraudsters obtain stolen payment information, they usually test it to see if the account is still active. They do this by making small purchases to see if the payments are accepted. 

Fraudsters love using QSRs to test the validity of stolen payment cards because it’s not unusual for a typical customer to make more than one purchase from you in a day.

Plus, fraudsters can test thousands of cards at a time without putting in a ton of effort. All they have to do is program a network of computers (botnets) to run low-value transactions to verify if a card works. 

Once they find valid cards, fraudsters will probably move on from your business and make larger purchases somewhere else. But they’ll leave you with the chargebacks from all the test purchases they made to your restaurant. And that could put your merchant account at risk.

If you notice a large number of transactions with a high authorization decline rate, it may be that fraudsters are submitting orders on cards that have already been flagged as stolen. And without fraud controls in place to catch botnets, this scheme can turn into an expensive problem fast.

Electronic gift cards are heavily targeted because fraudsters can easily turn them into cash. Typically, fraudsters buy electronic gift cards with stolen payment cards. They’ll often purchase thousands of dollars’ worth of digital gift cards, then sell them online at a discount. 

When cardholders see unauthorized charges to your restaurant on their statements, they’ll call their bank to dispute the charges. Then you’ll be responsible for all those chargebacks. And they add up quickly.

Customer accounts are huge assets for fraudsters, especially if they come with loyalty rewards points. And it usually only takes a couple brute-force or credential stuffing attacks for fraudsters to crack into your customers’ accounts.

Once fraudsters gain access to these accounts, they can steal the loyalty points by redeeming them for money or transferring them to another account. They may even change the account passwords so that they can sell the accounts online.

But a bigger risk is that fraudsters may also access the account holder’s card information, digital wallets, and other payment methods linked to the account. And they can use that payment information to make fraudulent purchases elsewhere.

It can be difficult to detect this kind of fraud scheme because you usually don’t see chargebacks. But it’s extremely upsetting for your customers and can ruin your business’s reputation. And it can waste a lot of your employees’ time trying to clean up the damage done to your customers and their accounts.

Offering sign up bonuses or discounted food items are great ways to bring in new customers. Unfortunately, these promo offerings also attract a lot of fraudsters and opportunistic customers.

Fraudsters and customers alike will abuse promos by signing up for multiple accounts with different email addresses, manipulating promo codes to get more use out of one-time discounts, or cracking referral codes to stack discounts.

When you get hundreds of new account sign ups from a promo, it may look like you’re gaining tons of new customers. But the reality is, you may be wasting money on customers who won’t stay in your ecosystem. Plus, manipulated codes can cost you a lot in lost revenue and products.

Friendly fraud differs from other types of fraud schemes in that it is a legitimate customer who commits the fraud rather than a criminal. It happens when a customer contacts the bank to dispute a purchase, and the reasoning for the chargeback is invalid. 

For example, maybe the customer just wants a free meal, so they make a false claim that they never received their food or the order was incorrect. Or maybe a child gets a hold of their parent’s payment card and makes a large order.

Fraudsters commit new account fraud when they create new accounts with the intent to commit fraud without being detected. They use stolen identities or create synthetic identities using a combination of real and false information. Even good customers can perpetuate new account fraud using multiple email addresses or aliases.

Typically, fraudsters and opportunistic customers open a bunch of new accounts to take advantage of free trials, first-time-user discounts, and referral bonuses. And this influx of new accounts may look like positive growth. But these new accounts are risky and you get no return on investment — no repeat customers.

Your restaurant’s greatest asset isn’t always the food — it’s usually the data. And fraudsters want it. They’ll go to great lengths to steal it with social engineering scams. Social engineering happens when a fraudster or opportunistic customer manipulates an employee to get goods or gain access to a secure system.

One way fraudsters will target your restaurant is by researching your vendors and inbound shipments. Then they’ll send fake invoices. And you wind up paying the fraudster before you get the real bill and discover your mistake.

But often, they go after your company data by posing as an HR representative or tax official. Or they target your employees by sending phishing emails directing them to a fake website that prompts them to input their credentials. 

As a result, you can suffer from data breaches, compromising your customers’ payment and personal information. And this problem often goes unnoticed until it’s too late.