Quick-service restaurants (QSRs) are pushing ahead with their digital efforts, with mobile-ahead ordering among the hottest areas for that. But that also brings more opportunity for fraud — and protecting against fraud can often become an afterthought for QSR operators.
That’s the premise of a recent PYMNTS discussion between Karen Webster and Tricia Phillips, senior vice president of product and strategy at fraud prevention company Kount.
Progress always comes with problems, and one challenge that QSRs face when making digital a more important part of their business is that such improvement often attracts attention from the wrong people.
“When a QSR launches a digital app, (criminals) swarm on it,” Phillips told Webster. “Sometimes they buy a block of credit card numbers on the dark web and try them out at QSRs.”
QSRs, Phillips said, tend to initially attract the “less sophisticated fraudsters, the ones after the low-hanging fruit.”
Some of that low-hanging fruit takes the form of gift cards, as fraudsters steal them and then sell them to unsuspecting consumers for less than face value. “It’s an easy way to make money,” she said, “and because QSRs are new to this, they don’t have the protections in place as other businesses do to flag it.”
Then there’s the unsophisticated, sophisticated teenager food hacks – the digital-age version of taking a $20 bill from Mom’s wallet is using her card number to order pizzas for friends. Mom gets her credit card statement, sees a $75 charge for pizza and disputes the charge, but not before the friends of the friends of the friends have all tried their hand at the same food hack.
“We’re not talking about the nefarious cybercrooks who hang out on the dark web and get their tips and tricks – there are tips all over the web on how to do this, right out there in the open,” Phillips remarked.
Then, believe it or not, “friendly” fraud can also involve people who eat food and then complain — saying a burger was cold, for instance, even after eating all of it — and then initiate chargebacks.
All of these things end up as losses, but in many cases without the QSR even knowing there’s a problem. Banks, Phillips said, sometimes just write off these fraudulent transactions since the amounts are so low. QSRs may not really even know they are the victims of fraud until the hit to their margins just becomes too steep.
This problem is exacerbated given the franchise model that underpins the QSR business with many of these franchise operators, known as “mom-and-pops.” Fraud is synonymous with hacks – and on that score, they feel protected. Fraud of the sort that now pervades QSRs is a foreign concept.
“They’re not technologists,” Phillips said. “They are restaurant owners. They are doing everything they can to keep their businesses running. They are not concerned about digital engagement or running the future of the brand at a high level. They didn’t sign up for all these new use cases.”
Faced with a wave of fraud, those franchise owners can feel overwhelmed. “When those chargebacks start coming, those losses are totally unplanned and they have no control over it,” she said. “There is no way the franchisee can control it, because they cannot control that app. It creates enormous tension.”
That said, most QSRs do care about the franchise owners, and are “really sensitive to these issues,” Phillips said. But there is a fine line between preventing QSR fraud and making sure your mobile order-ahead offerings or other digital features work smoothly, and without too many roadblocks for consumers.
“If you stop the bleeding too aggressively, then you create really high friction,” she said. The key? Forward planning and figuring out the threats and responses beforehand, so franchise owners and the larger brands do not react to fraud in a such a way to bring frustration to the consumer side.
Is it a difficult job to persuade franchise owners about fraud prevention?
“It’s not really a matter of it being a hard sell,” Phillips said when Webster asked her about Kount’s pitch to QSRs. “It’s a matter of they don’t know what they don’t know. It’s really a matter of education.”
On that score, fraud prevention systems are increasingly able to analyze various attributes, including zip codes, email addresses and mobile phone numbers. Fraud prevention technology can determine whether the device potentially engaging in fraud is “correlated” to high-risk activity, and whether the device is a burner phone, Phillips said. A high number of chargebacks also indicates trouble.
Restaurants are increasingly offering mobile ordering capabilities to give customers the convenient dining experiences they crave, according to the PYMNTS Mobile Order-Ahead Tracker and other sources of data. Consumers seem unlikely to stand by QSRs that fail to up their digital and mobile games, given the immense competition out there.
If those QSRs do not give ample attention to fraud prevention, then those digital efforts could be in vain. “Then you are basically undoing all the work you’ve done,” Phillips said.