7 Fraud Schemes Targeting Restaurants and QSRs
Online ordering, mobile apps, and delivery services are all excellent ways to increase revenue for your quick-service restaurant (QSR). And you’ve probably noticed a surge in sales as customers embrace your innovation.
But some of those sales are likely from restaurant fraudsters and opportunistic customers looking for ways to take advantage of you. And they can introduce a lot of fraud risks you may not be fully aware of yet.
From Card Testing to Social Engineering
Even if you have noticed suspicious activity, such as an increase in chargebacks or a wave of new account creations during promotional periods, you probably haven’t realized how big of a risk these threats pose.
Because there are seven dangerous fraud schemes that your restaurant can easily be exposed to.
1. Card Testing
When fraudsters obtain stolen payment information, they usually test it to see if the account is still active. They do this by making small purchases to see if the payments are accepted.
Fraudsters love using QSRs to test the validity of stolen payment cards because it’s not unusual for a typical customer to make more than one purchase from you in a day.
Plus, fraudsters can test thousands of cards at a time without putting in a ton of effort. All they have to do is program a network of computers (botnets) to run low-value transactions to verify if a card works.
Once they find valid cards, fraudsters will probably move on from your business and make larger purchases somewhere else. But they’ll leave you with the chargebacks from all the test purchases they made to your restaurant. And that could put your merchant account at risk.
If you notice a large number of transactions with a high authorization decline rate, it may be that fraudsters are submitting orders on cards that have already been flagged as stolen. And without fraud controls in place to catch botnets, this scheme can turn into an expensive problem fast.
It’s difficult to monitor low-dollar transactions, especially when several come through at once. But you want to look for the ones with high decline rates. Fraud technology specifically designed to detect card testing and botnet attacks can automatically look for those patterns and decline or flag them for you.
2. eGift Card Fraud
Electronic gift cards are heavily targeted because fraudsters can easily turn them into cash. Typically, fraudsters buy electronic gift cards with stolen payment cards. They’ll often purchase thousands of dollars’ worth of digital gift cards, then sell them online at a discount.
When cardholders see unauthorized charges to your restaurant on their statements, they’ll call their bank to dispute the charges. Then you’ll be responsible for all those chargebacks. And they add up quickly.
Start asking for a buyer or recipient’s name, address, or email to help match the identity of the gift card buyer with the payment information. Additionally, you can implement a fraud solution that analyzes customer data, such as the creation date of an email address, to help determine if a gift card purchase is coming from a legitimate customer.
3. Account Takeover
Customer accounts are huge assets for fraudsters, especially if they come with loyalty rewards points. And it usually only takes a couple brute-force or credential stuffing attacks for fraudsters to crack into your customers’ accounts.
Once fraudsters gain access to these accounts, they can steal the loyalty points by redeeming them for money or transferring them to another account. They may even change the account passwords so that they can sell the accounts online.
But a bigger risk is that fraudsters may also access the account holder’s card information, digital wallets, and other payment methods linked to the account. And they can use that payment information to make fraudulent purchases elsewhere.
It can be difficult to detect this kind of fraud scheme because you usually don’t see chargebacks. But it’s extremely upsetting for your customers and can ruin your business’s reputation. And it can waste a lot of your employees’ time trying to clean up the damage done to your customers and their accounts.
Your best defense against account takeover is using fraud technology that can monitor account login activity — such as location, device used, IP address, etc. Anything unusual will be flagged. You can also customize the technology to implement multi-factor authentication when activity seems suspicious to further stop fraudsters from breaking into accounts.
4. Promotion Fraud
Offering sign up bonuses or discounted food items are great ways to bring in new customers. Unfortunately, these promo offerings also attract a lot of fraudsters and opportunistic customers.
Fraudsters and customers alike will abuse promos by signing up for multiple accounts with different email addresses, manipulating promo codes to get more use out of one-time discounts, or cracking referral codes to stack discounts.
When you get hundreds of new account sign ups from a promo, it may look like you’re gaining tons of new customers. But the reality is, you may be wasting money on customers who won’t stay in your ecosystem. Plus, manipulated codes can cost you a lot in lost revenue and products.
You can carefully monitor your promotions — evaluate the number of discounts or codes given against the revenue you earned. But that may take time, and you may not discover fraud until months after the promotion has ended.
A better option is to implement fraud technology to take the guesswork out of the equation. A fraud detection solution can look for characteristics that seem suspicious — like multiple emails from the same IP address, device, or delivery address — to help you detect and block this kind of scam.
5. Friendly Fraud
Friendly fraud differs from other types of fraud schemes in that it is a legitimate customer who commits the fraud rather than a criminal. It happens when a customer contacts the bank to dispute a purchase, and the reasoning for the chargeback is invalid.
For example, maybe the customer just wants a free meal, so they make a false claim that they never received their food or the order was incorrect. Or maybe a child gets a hold of their parent’s payment card and makes a large order.
Technically, a legitimate customer made a valid purchase, but you can’t take back eaten food. So you have no way to recuperate losses when customers want a refund for their meals. But you can fight invalid chargebacks. If you win, you’ll get your money back.
6. New Account Fraud
Fraudsters commit new account fraud when they create new accounts with the intent to commit fraud without being detected. They use stolen identities or create synthetic identities using a combination of real and false information. Even good customers can perpetuate new account fraud using multiple email addresses or aliases.
Typically, fraudsters and opportunistic customers open a bunch of new accounts to take advantage of free trials, first-time-user discounts, and referral bonuses. And this influx of new accounts may look like positive growth. But these new accounts are risky and you get no return on investment — no repeat customers.
Even though they involve some risk, promotional offerings are important for growing your business. So it’s vital that you implement a strategy to verify account credentials like email, address, or name are current and match the identity of the user signing up for an account. And fraud technology can help you verify a user’s credentials by analyzing these data points against a global network of data.
7. Social Engineering
Your restaurant’s greatest asset isn’t always the food — it’s usually the data. And fraudsters want it. They’ll go to great lengths to steal it with social engineering scams. Social engineering happens when a fraudster or opportunistic customer manipulates an employee to get goods or gain access to a secure system.
One way fraudsters will target your restaurant is by researching your vendors and inbound shipments. Then they’ll send fake invoices. And you wind up paying the fraudster before you get the real bill and discover your mistake.
But often, they go after your company data by posing as an HR representative or tax official. Or they target your employees by sending phishing emails directing them to a fake website that prompts them to input their credentials.
As a result, you can suffer from data breaches, compromising your customers’ payment and personal information. And this problem often goes unnoticed until it’s too late.
Teach your employees about social engineering scams and have policies in place so they know how to respond if they suspect an attack. And make sure they are well-trained in account security protocols so they never unknowingly share their password credentials with a fraudster.
Protect Your Business and Save Revenue
Fraud is inconvenient. There are so many ways that fraudsters, and even customers, perpetuate fraud. It’s difficult to understand the different threats and recognize them when they happen. Plus, managing fraud takes time and resources away from what you do best – serving your customers and running a great business.
But in today’s digital world, fraud management is a necessity. And on your own, it’s incredibly difficult and expensive to do right.
That’s where fraud expertise comes in. Kount is a fraud detection and prevention technology that has helped restaurants like yours reduce risk and increase revenue — with the highest ROI possible.
Kount’s Average Results for QSRs
We understand the challenges unique to your business. And we can help you solve them all. Plus, our fraud experts will be there to guide you every step of the way.