How Jersey Mike’s Is Stacking Its Fraud Protection Strategy With AI, 2FA

In-restaurant dining is tentatively reemerging around the world, but with the pandemic showing no signs of slowing down, takeout remains the more popular choice for a growing number of consumers. Fraudsters have unfortunately followed suit, targeting mobile apps and online ordering platforms with an expanding variety of schemes. Protecting against bad actors on these mobile platforms is essential for quick service restaurants (QSRs) as they compete for consumers’ attention.

Some restaurants are holding fraudsters back by treating the mobile device as an authentication factor for consumers’ identities and orders. Jersey Mike’s Subs, a sub and sandwich chain currently operating more than 1,800 U.S. stores, has seen its mobile app boom in both order volume and downloads. Yet the fast-casual chain has managed to keep fraud rates relatively low, according to Scott Scherer, the company’s chief information officer. He explained in a recent PYMNTS interview that this is partly because the chain uses both two-factor authentication (2FA) and artificial intelligence (AI) to help verify registered users’ devices and payment details.

“We do not have a tremendous amount of fraud, which was odd because with that shift to mobile, there is a much higher risk of payments [fraud], and our chargeback rate and things like that have not really increased,” Scherer said. “Most of our customers order not as a guest but as an authorized user. It does not make a lot of sense for [a fraudster] to create an account that is authorized to their device — we use 2FA to set up their accounts — [and it] does not make a lot of sense for them to use a stolen credit card [with] that account.”

Authenticating mobile consumers in this manner first requires that they feel comfortable enough to make orders via this channel as well as loyal enough to register their accounts and payment details with brands. Pairing 2FA with emerging technologies such as AI and machine learning (ML) on the back end puts up further barriers to fraud, and Jersey Mike’s is looking to include these tools as part of its fraud protection strategy in the future.

How Mobile Engagement Breeds Mobile Security

Authenticating the devices consumers are using as well as their personal information and payment details is not a new concept, but putting it into practice successfully requires finesse. Most fast-casual restaurants have made the jump to mobile ordering, offering it through their own apps or third-party aggregators, such as DoorDash and Uber Eats. This has made the battle for consumers’ first orders competitive. Enticing customers to register accounts or create loyalty profiles — at which point the brand can begin to treat their mobile devices as part of the authentication process — is even harder. Jersey Mike’s increased its focus on its loyalty program at the start of the pandemic to help create more engagement on mobile, Scherer said.

“Our online ordering has doubled in the last year, partially because of the pandemic and partially because we really pushed our mobile app prior to the pandemic,” he said. “We used incentives with our loyalty program to convert a lot more people to mobile.”

Among the promotions the brand is launching to boost app usership is an extension of its Month of Giving, a charity event the chain holds every March. Events such as these may be particularly appealing to millennials, 74 percent of whom have donated to charity since the start of the pandemic. This demographic also favors online and mobile order-ahead, with 41 percent of this generation ordering from QSRs or full-service restaurants at least twice a week. The company has offered other discounts and deals that it has actually seen sway customers toward mobile.

“Early in the pandemic, we did 50 percent off your entire ticket, but only through the app,” Scherer explained. “So, that gave the customers a nice break financially, and it also gave them the ability to download and try our app … rather than picking up the phone and calling or going to the website or going into a store. … At first we thought maybe those customers are going to come for that 50 percent … and then drop off, but we did not see a significant drop-off. I think they appreciated the discount, but also they changed [ordering] habits because of the ease of use of the mobile app.”

Authenticating the mobile devices of newly engaged digital diners will block only certain types of fraud on these platforms, however. The method may be effective at preventing chargebacks, for example, but these are not the only schemes bad actors are using to skim money and data from restaurants and their customers. The biggest form of fraud the chain has seen over the course of the pandemic is credential stuffing, in which fraudsters make use of bots or AI to spam platforms with emails and passwords previously stolen from large-scale data breaches. This is where implementing advanced learning technologies could come into greater play.

How AI can invisibly provide mobile security backup

AI can be used to fight fraud that originates outside of mobile platforms, such as credential stuffing or other synthetic identity scams. The chain already utilizes this technology through a third-party authentication provider to help it ward off these schemes, Scherer said. It is also seeking to expand its use of the technology over the next two years to aid customer service and phone orders as well as boost security.

“We do have some back-end processes right now that use AI to help [with] fraud detection on credit cards,” he said. “It looks at [things] like, ‘This person is in Florida, but this credit card was used in three different states in the last 20
minutes, so that is impossible.’”

Leveraging AI in this manner can help determine customers’ identities invisibly, meaning it has much wider fraud protection applications than other emerging tools. Finding ways to intercept a growing variety of fraud attacks is going to become critical for fast casual chains as diners continue to reach for their phones first. AI and ML could be key to successfully and securely driving customer engagement and orders as the restaurant industry adjusts to new realities.