Deep Dive: Cybercrime Rises As Consumers Migrate To Digital Food Ordering Amid Pandemic

Consumers are still staying home and avoiding in-person activities during the pandemic, prompting continued growth in online shopping.

Conservative estimates in mid-March — even before the health crisis prompted many governments to enforce stay-at-home orders — predicted that this year’s online sales would total $630 billion. These high figures are drawing attention from bad actors, however, with a recent report noting that cybercriminals are expected to steal $12 billion of this total.

This trend is especially worrisome for quick-service restaurants (QSRs) as they roll out contactless pickup options to cater to safety-conscious customers. States’ stay-at-home orders have led to declining sales due to dine-in area closures. Customers have been relying more on web- and app-enabled mobile payments for drive thru, mobile order-ahead and curbside pickup, but these options have opened new doors for potential fraud.

A recent study revealed that online fraud in the restaurant sector had risen 32 percent by early June, with cybercriminals buying gift cards with stolen credentials or breaking into users’ delivery accounts, for example. Fraudsters who have pilfered consumers’ details and cracked their mobile order-ahead QSR delivery accounts often sell access to them via online platforms, which can contain accounts from a multitude of brands.

Many bad actors are taking advantage of pandemic-related uneasiness to launch various schemes. The FBI’s Internet Crime Complaint Center recently warned about cybercriminals referring to fake pandemic-related regulations and fees for delivering products, for example, allowing them to trick unwitting victims into paying for “newly enacted” shipping laws.

Fraudulent promo code use is another method that can eat into QSRs’ bottom lines. QSRs often leverage promo codes to draw more guests, but some customers open numerous accounts to capitalize on one-time offers multiple times. This can cause serious losses for QSRs that have not taken measures to anticipate and address such behaviors.

The following Deep Dive examines some of the fraud tactics that are becoming more prevalent in the mobile order-ahead space amid the pandemic, as well as what authorities and QSRs are doing to fight these schemes.

Confronting ‘Pizza Plugs’

The pandemic has brought about changes in consumers’ food-purchasing behaviors, prompting many to seek low prices and contactless deliveries. Some QSRs are continuing to confront schemes in which fraudsters use stolen credit cards to place online orders for food, then ship them to consumers seeking bargain prices via payment apps. Restaurant owners say these scams, called “pizza plugs” because they frequently target pizza chains, can cause devastating losses.

The schemes proliferate primarily on social media, where users send direct messages containing their delivery information to the fraudulent accounts as well as payment via a mobile app such as PayPal. The theft occurs when the fraudsters offering the deals use stolen credit card details to place customers’ orders. These scams allow bad actors to abscond with cash from customers receiving deep discounts on the food, while restaurants lose thousands in costs and chargeback fees.

Catching cybercriminals perpetrating pizza plugs can be difficult, as doing so requires legitimate cardholders to spot fraudulent transactions and notify restaurants as they occur. Some restaurant employees have remarked in hindsight that pizza plug scammers often reveal themselves by attempting to make purchases with multiple credit cards before their transactions are successful. Eateries can ultimately do little to tamp down on such schemes, aside from charging customers who pay through pizza plugs with receiving stolen goods.

A recent survey shows that digital fraud in the U.S. has grown since the COVID-19 outbreak, with 22 percent of Americans being targeted through pandemic-related schemes. This is prompting restaurants catering to more digitally oriented customers to examine their operations and determine how to best address the uptick.

Chicago-based fast casual chain LYFE Kitchen is one such business that has been affected by the pandemic. The QSR has dramatically altered its operations to enable mobile ordering and deliveries, shutting down all but one of its three locations and consolidating its services there.

This digital shift has required a robust approach to fraud prevention, however, and LYFE has turned to mobile and online food ordering system Olo and customer engagement and loyalty platform Punchh to guard its transactions. The systems provide different protection layers, enabling each to cover for the other’s blind spots. The platforms also analyze each fraud attempt to better identify and thwart such schemes in the future.

QSRs and other eateries are continuing to see heightened interest in mobile order-ahead and other digital options during the pandemic, and fraudsters can be expected to modify their tactics to capitalize on these trends. The restaurants that can tailor their fraud prevention tactics to block bad actors’ latest scams stand to both satisfy and safeguard their customers.