A customer pays by swiping their card at a restaurant.


Full-service restaurants need to consider a holistic and real-time approach to fraud prevention.

Online Fraud is Growing for Restaurants. Here's How to Stop It

In the past year, the food and beverage industry has experienced an increase of 60 percent.

Our world becomes increasingly more digital by the day, and consumer expectations are shifting as a result. This opens up exciting new ways for brands to interact with customers. Full-service restaurants like TGI Fridays are seeing traction with their digital ordering apps, and grocery delivery services are now becoming the norm rather than the exception. But with this new foray into the digital world comes an increased risk for exploitation.

Fraud rates in the past year have increased by 13 percent according to Forter’s Fraud Attack Index. However, the food and beverage industry experienced an increase of 60 percent, more than four times above average. With a new data breach occurring every day, and an expansive dark web marketplace for online criminals to exchange customer data, fraudsters have direct access to the information they need to commit online fraud at scale unlike ever before. Restaurants must be aware of not only the trends in online fraud, but also of the most effective ways to protect themselves and their customers.

A New Frontier

The food and beverage industry is becoming a favorite target for fraudsters. Because of the exponential growth of digital payments and online ordering systems, restaurants and grocers are encountering a growing number of fraudsters eager to exploit their platforms. Unlike other industries that are much more established in the digital realm, many merchants in the food and beverage sector are exploring a new frontier and have not had as much time to put preventative measures in place. Fraudsters know this and identify vulnerable industries to attack.

Full-service restaurants with online and mobile channels continue to be an excellent platform to “card and wallet test.” This is when a thief obtains stolen credit card information, and uses a restaurant’s payment platform to test the validity of the credit card number. But fraudsters are rapidly expanding their techniques.

“Click-and-collect” is a simple method by which online food services can be disrupted by fraudsters, and it is growing more popular every day. Fraudsters may make use of multiple credit cards and devices to place orders at various stores in a proximal distance to their location.

By doing so, the fraudster could then quickly pick up each order from the selected stores and be gone before the restaurant or beverage retailer realizes they have been hit with fraud. This type of fraud will demand that restaurants and food industry businesses with an online presence increase their level of scrutiny of online shoppers and be able to verify the identity of their online customers.

Beyond Checkout

The point of transaction has traditionally been thought of as the most vulnerable moment of  the buyer journey. However, clever fraudsters are constantly looking for new ways to commit online fraud. Gaining access to a user’s online account—also known as account takeover—can oftentimes result in a far bigger payout than simply using stolen credit cards.

According to Forter data, there was a 31 percent increase in attempted ATOs year-over-year as of Q3 2017, with a significant spike of 53 percent in Q3 2017, compared to the previous quarter. This uptick is likely connected to the availability of account information resulting from large data breaches, and it puts customers at a great risk of exploitation.

Once an account has been hacked, a fraudster not only gains access to payment information, but they also have the opportunity to further abuse the customer account by depleting it of accrued rewards or loyalty points. Food and beverage brands are particularly at risk for this type of exploitation, as they frequently offer loyalty programs that can be usurped by online criminals.

It is easy for these types of attacks to go undetected. While a stolen credit card number may be noticed by a consumer or credit card company after only one use, an exploited account can go undetected for long periods of time. Fraudsters can manipulate account details without the account owner ever noticing, and shortly thereafter use legitimate payment methods associated with the account to make fraudulent transactions.  

Protecting Your Brand and Your Customers

Full-service restaurants need to consider a holistic and real-time approach to fraud prevention. In an age when customers expect on-demand service, restaurants can’t afford to delay delivery or pickup in order to verify a customer’s identity. By leveraging a technology-driven fraud solution, brands can provide the service their customers deserve while also protecting themselves from exploitation. Fraudsters are increasingly targeting the food industry in sophisticated and creative ways. In turn, restaurants must take ample precautions to protect themselves and their customers from falling victim to fraud.

Michael Reitblat is the co-founder and CEO of leading e-commerce fraud prevention company, Forter. Michael began his career in Israeli military intelligence where he was trained in cybersecurity techniques and the prevention of fraudulent or criminal cyber activities. He played a key part in building the first company to specialize in online payment fraud, Fraud Sciences. After the business was acquired by PayPal, he helped to develop the successful fraud prevention system that the payments giant still uses to this day. Michael was determined to make his vision of completely fraud-free e-commerce a reality, which is why he founded Forter in 2013.

read more