That the average experience in a quick-service restaurant (QSR) has been greatly enhanced by the addition of mobile technology is almost inarguable. The customer journey these days is frankly much smoother, much faster and a lot more rewarding. It is safe to assume that no one misses standing in line for coffee during their morning commute, nor is there anyone who has ever demanded to pay full price out of respect for the old ways when offered a free drink to reward their loyalty.
And beyond the anecdotal evidence, Kount CEO Brad Wiskirchen told Karen Webster, they can see it in their data. Kount, he noted, is partnered with many of the largest QSR brands in the world — and had a front seat for their rapid emergence of a whole host of mobile and digital transaction touchpoints that have exploded across the market in the last several years. Large, established and internationally recognized chains, he told Webster, have almost overnight seen their businesses transform from being 100 percent brick-and-mortar operations to having 60 percent of their orders coming through on digital channels.
The upsides, he noted, are well known: more channels, a smoother consumer experience and enhanced ability to drive sales. All wonderful things, he said, but with a tendency to obscure an important reality.
“What we have seen with some of these QSRs, particularly when they are historically brick and mortar that then move into developing their own digital platforms or partnering with third parties on things like delivery, is that their risk profile went up. And not a little — by a lot.”
And it’s not just more attacks — though that is undoubtedly part of the problem, he noted. It is that these attacks are coming in at a speed and in forms that are alien to these operators. The unforeseen consequence of removing friction for consumers, Wiskirchen told Webster, is that doing so has the nasty tendency to remove them for fraudsters as well — and in the QSR industry those dropped barriers are adding up to millions and even tens of millions of dollars in losses.
“The reality is with every step you take to remove friction you have to be thinking about two things. How are you using technology to make the consumer’s life smarter, and at the same time how is that friction-free transaction making their life safer?” he asked.
Right now, QSRs are aware of the first part of that equation — and their mounting fraud losses are making them quick studies in the latter half.
Seeing The Whole Fraud Picture
In some ways, it can be hard to imagine the QSR segment being this massive bastion for fraud, if for no other reason than the goods themselves aren’t that valuable. There are only so many sandwiches or burgers any one person can eat, and only so much coffee anyone can drink
“If you told me five years ago that we’d be looking at the biggest QSRs in the world getting racked by fraud, I would have been shocked. I didn’t see it yet,” Wiskirchen told Webster.
But the fraudsters, are a surprisingly inventive group and they are very aware of all the digital tools available to consumers — and more focused than one might imagine in turning them against consumers. A few years ago, he noted, there was a rash of QSR frauds that were pegged to whenever a new service would launch on a platform — mobile order ahead, digital prepaid gift card storage and delivery services — and then the fraudsters would try credentials stolen from other sites. Once they’d confirmed they had a set of credentials linked to a live account with the QSR — they would drain any value from the card, set it to reload, and drain it again — over and over until the card was disabled.
The reality, Wiskirchen said, is that QSRs have been at the forefront of layering mobile services and shortcuts throughout the mobile offerings for the last several years. That is convenient for customers, he noted, right until the point that a fraudster gains access to that services hub and starts wreaking havoc.
“The fraudsters have been able to leverage data and capture the functional equivalent of mobile wallets on restaurant and delivery platforms. Once they have done that, they are able to leverage those tools for a whole lot more than a free meal or two.”
Turning The Tide
There is no easy answer or simply one-off trick that will run fraudsters off, Wiskirchen told Webster, the answer is the same difficult answer that it usually is in security. Build rock-solid, airtight defenses, view every channel as a potential vector for a fraudster and continuously update your assumptions and data sets to reflect the new tactics that are coming.
And they will be coming — as surely as new channels like voice commerce are emerging in the market for consumers. If it is something a consumer will use to make their journey easier, a fraudster will be happy to try to turn it to the same purpose, he noted.
From there, the modifications they make are a matter of the individual business and their own specific needs around fraud.
“Not every restaurant has the same appetite for fraud, pardon the pun, and so individual adjustments will always have to be made for clients. Our first month of partnership in most cases is spent working to develop the business goal and expectations for the fraud management program.”
And though the fraudster is increasingly present, aggressive and fast acting — ultimately, Wiskirchen told Webster, there is light at the end of this tunnel.
The restaurants know the problem is out there — and are increasingly acting to counteract it and working with third-party providers like Kount to start locking down their systems. The great advantage that the fraudster had in this market was the element of surprise, he noted, without it — they are much less formidable.
Plus, at the end of the day — the restaurant is motivated to offer a smooth and safe experience — and work overtime to build both. The fraudsters, he said, never want to work any harder than they must.
“The fraudsters quickly realize that this isn’t as easy a target anymore — and so the mass attacks start to run down because they move on to the next greatest, easiest to hit target.”