Pepperoni Payments Peril: Massive Payment Swindle Used Mobile Pizza

It's long been common practice for cyberthieves to test stolen cards online, often with a tiny charge on a charity site, to quickly determine which have been shut down and which are still valid. But the latest tactic involves ordering pizzas from Domino's—OK, so food connoisseurs they ain't—and to then sell the pizzas on the street. Said one police chief: "There is a secondary market for pizza."

The cheesy tactic—detailed in a New York Times story—was marked by the cyberthief codeword (I swear we're not making this up): "Who wants pizza?"

"The seemingly harmless question raised suspicions among police officers in Brooklyn when they saw the query posed repeatedly on Facebook, by users whose profiles they were keeping an eye on because of suspected gang ties. The pizza question was sometimes accompanied by the red-and-blue Domino’s logo. Officers contacted Domino’s and a bigger story came into focus, a curious blend of high-tech fraud and street-level word of mouth. With pepperoni and extra cheese."

Domino's reported a record spike in sales, the story said, because thieves were verifying stolen card numbers through the chain's mobile app. "When they found a number to be valid, authorities said, the thieves used it to order bigger-ticket items online — while people in pockets of Brownsville and East New York in Brooklyn ate the pizzas."

From a payments security perspective, it seems that mobile apps—and E-Commerce sites as well—should have a cap on invalid transaction efforts before the order is shut down and the IP address and other details logged and routed to Loss Prevention. The story quoted Brooklyn Deputy Chief Kevin P. Harrington finding that some phones had a huge number of invalid attempts before stumbling on a valid card—and the Domino's system never blocked or even noted it. Yes, shoppers can make typos, but there is a limit before suspicions should be raised.

"This account has tried 50 attempts," Inspector Gulotta said of one phone. "Two thousand attempts in the last month."



The September 2020 Leveraging The Digital Banking Shift Study, PYMNTS examines consumers’ growing use of online and mobile tools to open and manage accounts as well as the factors that are paramount in building and maintaining trust in the current economic environment. The report is based on a survey of nearly 2,200 account-holding U.S. consumers.

Click to comment