Multi-Factor Authentication Makes QSRs Promotions, Discounts Fraud-Free

In keeping with the adage that “no good deed goes unpunished, it turns out that those popular promotions and discounts that restaurants use to reward existing customers and attract new ones are also a favorite venue for fraud.

In a recent conversation with PYMNTS, Vikram Dhawan, vice president and senior product leader at Kount, an Equifax company said quick-service restaurants (QSRs) and other merchants must tighten their defenses against an onslaught of faceless, digitally-mounted attackers to protect their promotions and their customers’ accounts.

The revelation came against a backdrop where PYMNTS research found that 44 percent of customers said they were more likely to order from restaurants that offer promotions or discounts. A scenario that opens the door for promo abuse and fraud, Dhawan said.

“Anytime you have opportunity to offer something either free or at a very discounted rates,” said Dhawan, “you are going to attract traffic. And the question is how much is good traffic versus how much is bad traffic?”

Discerning which is which is no easy task, especially when a good promotion can drive traffic up exponentially.

He recounted that one of the restaurants that Kount now works with encountered problems when it began offering free items and saw what he called an enormous number of sign-ups to get free products.

“When you start seeing growth, in terms of volume of transactions, of 100x, 200x, it’s hard to pinpoint how many of them are legitimate.”

Monitoring Endpoints

Against such volume surges, he said, fraudsters find avenues to attempt account takeover strategies. For merchants to prevent account takeovers, the first thing they need to understand is the endpoints of a transaction. He pointed to a technology offer from Kount that gives customers insight into the number of accounts being created from the same endpoint device — a phone, a laptop or a tablet, for example. A few accounts coming in might be fine … but hundreds, and even thousands of accounts from a single endpoint signal trouble.

Many merchants mandate that email addresses be used for signups, he said, but then again, creating an email address these days can be done pretty much for free and ad infinitum. Criminals can create multiple fake emails to sign up and take advantage of a promotion. He said his firm’s “Email Insights” solution can give firms info into the “reputation” of an email — whether it was created recently and how often it might be used. The restaurants or merchants can decide whether they want to stop those account creations or send them to a secondary means of authentication.

He said advanced technologies — and online platforms — can also stop promo code abuse in its tracks. Bad actors, he said, understand the structure of a promotional code or 17-digit alphanumeric string and work to discover active promo codes.

“When they [discover an active promo] code they proliferate [that code] among their networks,  [which is] how promo code abuse happens,”  he said. Tracking several attempts of such fraud to a single device can find whether a fraudster is trying to use “brute force” on a code.

The Balancing Act 

There’s a balancing act when it comes to anti-fraud efforts and consumer experiences. Raise the wall too high so that no one can get in also impacts the legitimate consumers.

Based on the business processes merchants have in place, they need to decide how high to raise the threat level and what level they begin to employ authentication challenges. 

Maybe it’s based on the price or the money you spend,” Dhawan said, offering an example of a consumer spending $5 and $10 per transaction, and now all of a sudden spends $5,000 on an order. That’s a good indication that we should “make sure that it is you.”

The need to use advanced technologies and appropriate levels of friction remains especially urgent, he said, in an age when even after the pandemic, online ordering, and online promotions, especially among QSRs, will persist.

“Consumers who got a taste of using digital technology to order products and services from the QSRs — they are not stepping down,” Dhawan told PYMNTS. “They love the way the systems work, they don’t have to stand in the lines … There are so many ways consumers can consume these products now. So that change and that dynamic nature is what’s going to be very interesting for merchants to adapt to.”