With the rise of new and agile technology in the mobile industry, the potential for and evidence of fraud has also gone up.
There are two types of fraud that specifically have hit the quick service restaurant (QSR) vertical - customer fraud and employee fraud. In this article, we highlight two.
Loyalty apps and mobile ordering options are more than a popular trend. The new form of commerce, dubbed m-commerce, is becoming an integral part of many businesses’ growth strategy — 33% of merchants believe the mobile channel will represent at least half of their total revenue by 2020.
Mobile sales are especially crucial to the QSR vertical. Many customers who frequent QSRs are already accustomed to both apps-based payments (digital wallets) and mobile loyalty programs, which means QSRs without the capability may quickly fall behind the competition.
With every new innovation comes growing pains. We are quickly finding that increased functionality with mobile payment and loyalty program options creates new risks for fraud.
In fact, about 75% of merchants from the food and beverage industry reported that mobile fraud attempts increased in 2017. Unfortunately, 54% of the same merchants said detecting fraud is one of their most significant challenges when it comes to mobile.
Let’s dive into some of the specific examples of mobile fraud.
Types of Fraud QSRs face
Fraud has evolved from simple schemes like card testing or “friendly” fraud into more complex attacks that monetize every aspect of the digital customer journey.
Account takeover (ATO)
Purchasing someone’s identity can cost as little as $1 on the Dark Web. Fraudsters can easily buy hundreds of account credentials and continue testing them until they gain access to someone’s existing account. Once a fraudster gains access to an account, they are able to take full advantage of its information, including using saved payment methods or loyalty points to make purchases.
ATOs are particularly damaging if customers are duplicating passwords across platforms. If this is the case, fraudsters can make purchases on the breached account, and any other account with similar information like bank accounts or digital wallets.
Many QSRs are making ordering functionality via third-party apps or systems a cornerstone of their mobile strategy. Many customers can now place an order ahead of time using voice-activated systems like Apple HomePods or Google’s Alexa. Dunkin Donuts is giving customers the ability to order ahead using the Waze app.
While these order ahead features make consumers’ lives more convenient, they’re also susceptible to ‘friendly-fraud’, i.e. someone other than the customer—a child who can yell ‘Alexa!’ for example—that can accidentally place an order. Many businesses will authorize a refund, which can create losses for the company.
Chargebacks are also classified as “friendly fraud.” In this case, consumers may illegitimately click the “I didn’t order the product” or “the product never arrived” options of an app to receive money back for a product that they did in fact accept. Unfortunately, for user-experience, these options are a necessity for customers who need to use these options legitimately, but as a merchant chargebacks cost upwards of $40 billion annually.
Another type of mobile-based fraud occurs when hackers exploit software vulnerabilities (like an error in the code or a flaw in response requests) to gain access to sensitive information stored within apps.
Mobile apps are also at risk of social engineering attacks. Developers with a hacking background can install malware within their applications so that each time an app is used or downloaded, a user’s account information is accessible.
Both of these hacks are difficult for consumers to catch, and businesses may not know how to determine if this is affecting their mobile apps.
Employee Paycard Fraud
The QSR industry is also vulnerable to employee fraud through a platform meant to make life easier - instant payment programs utilizing pay card technology.
Instant payment programs that utilize pay cards have become a hub for employee fraud in the QSR space. These services that seek to make lives easier ironically add a layer of fraud and frustration for companies that use them.
When instant payment programs utilize pay card technology, each pay card is associated with a specific account identifier that is meant to correspond with the employee that uses that pay card. As such, instant payment platforms that use pay cards enable employees to request money be sent directly to their pay card. Platforms utilizing this technology check whether or not an employee associated with a pay card account identifier has already requested payment, and if they have not, will withdraw the requested amount from the associated account.
Employees can easily defraud this system. Because pay cards operate in connection with account identifiers (and not individual employees themselves), the mechanism to send payments is not directly tied to the individuals requesting payment. As the disbursement of requested payments is tied to a pay card account identifier, fraudsters are essentially able to flit from account identifier to account identifier, taking various requested amounts out each time.
This specifically impacts the employer - the payouts to employees come straight from the company’s coffers. Companies are directly hit by these inefficiencies in pay card technology (and the inability for providers who utilize this technology to do anything about it).
The way pay card technology works necessitates certain safeguards against fraudulent activity - these safeguards don’t exist and don’t seem to be coming anytime soon.
Companies Must Stay Vigilant
The reality is 35% of merchants do not track mobile fraud even though 60% of overall fraud originates from a mobile device. But, mobile payments aren’t going away anytime soon.
As the demand for mobile payment functionality quickly grows, businesses must organize and strengthen their technical support, so their mobile features function efficiently. Companies must stay vigilant to ensure their mobile strategies are secure.
If not executed properly, QSRs — and all industries alike —can face massive monetary loss in addition to customer dissatisfaction and brand damage.
Learn why DailyPay is the most secure and flexible daily payment benefit for QSR employees
More Articles by DailyPay CEO and co-founder, Jason Lee
Today, we are in a once-in-a-generation perfect storm in the payroll industry. Unrelenting market forces—unrelated to payroll—are conspiring to create major change in our industry. The result of this perfect storm is that employees want to control the timing of their pay. And employers will have to meet this demand. READ MORE...
DailyPay’s mission is to give people their first steps toward financial security, and in doing so, to enable companies to reimagine their workforce. To do that, we have to meet people where they are. Our demographic is asking for a small but important step to give them the feeling of control they lost when they started to get behind on their bills. READ MORE...