The rise of common food delivery scams
Business is booming for online food delivery services and apps, meal kit providers, and grocery options. The market is predicted to achieve $353.30 billion in revenue in 2024, a dramatic increase on the $221.65 billion in revenue in 2022. However, as demand rises, so does the risk of your business and customers falling victim to common food delivery scams.
What are food delivery scams?
Fraudsters mainly use food delivery scams to order food from restaurants or other businesses and get away without paying for their meals. This often leaves your business to cover the cost of the food, delivery, and even chargeback fees. Some bad actors also take the opportunity to steal the payment information of trusted customers to use themselves or sell on the dark web.
What are the 7 most common types of food delivery scams?
Food fraudsters continually come up with new ways to deceive businesses, but almost all their scams fall into the following categories:
- First-party fraud
Also known as friendly fraud, this involves a customer using their own details to pay for an order and then claiming the charge was unauthorized after delivery is made. Nearly 1 in 4 (23%) consumers who have filed chargebacks admit the claim was fraudulent.
- Phishing emails, websites, and apps
These are messages or emails with links that lure customers into using fake food delivery websites or apps. Customers are tricked into believing the service is genuine and enter their payment information, which scammers use to pay for their own orders or sell to others. Research by Sift found that nearly 20% of customers have been victims of phishing.
- Account takeovers
In an account takeover attack (ATO), fraudsters steal logins through phishing, data breaches, malware, or keylogging software. As the name suggests, they take over user accounts and place orders for themselves. In the first quarter of 2023, the rate of ATOs rose 427% compared to all of 2022.
- CNP fraud
CNP, or card-not-present, fraud is when stolen card information is used on platforms that don’t require a physical card. The result is that the cardholders lose money or, if they dispute the payment, the app or restaurant has to foot the bill for the fraud.
- Location spoofing
In this case, the scammer isn’t an anonymous hacker but one of your own delivery drivers. Drivers can use software to send bogus GPS location data to fake a delivery. The false data appears to show they collected and delivered the order. The customer never gets their order, but the driver is still paid. Drivers can also use fake GPS data to rapidly change their apparent location to areas with higher-paying orders and accept these orders even if it’s impossible to deliver them in time.
Bad actors advertise heavy discounts of up to 75% off food and beverage deliveries in places like Telegram forums. A ‘customer’ sends their order to the scammer, who purchases it using stolen payment information. The customer then pays the scammer using cryptocurrency and waits for their delivery.
- Promo abuse
Some customers may create fake accounts to exploit special offers, discounts, or free trials multiple times. They can also receive rewards for referrals to fake accounts. Another method of promo abuse involves customers using counterfeit vouchers or working out how to generate promo codes, costing businesses money and blocking trusted customers from using genuine codes.
Why is it important to prevent food delivery fraud?
Food delivery scams cost you money on lost inventory, but you can also suffer knock-on effects that damage your business in other ways.
If a bank or payment company authorizes a chargeback, you’re out of pocket for the order, as well as liable for any chargeback fees or administrative costs. You might even lose access to your account.
You must also devote time and resources to investigating the event, dealing with the legitimate card owner or payment provider, and processing the paperwork.
More than half of consumers (54%) believe they shouldn’t be liable if their payment information is used for fraud without their knowledge. A defrauded customer may hold the restaurant or delivery app responsible for their losses and leave negative feedback on social media or review sites, hurting your reputation and deterring potential customers.
DoorDash used Sift to tackle food delivery fraud, prevent thousands of dollars in daily losses, and increase risk review efficiency by 2x to 3x, all without impacting trusted users.
How to prevent common food delivery scams
The food delivery business runs on high-speed, low-volume transactions, which is perfect for fraudsters. Unfortunately, this environment also leaves little time for manual checks, such as spotting unusually large or expensive orders. Fraud prevention measures are necessary to prevent common food delivery scams, but if the measures are badly implemented, they can damage the experience for trusted customers. The most effective way to detect and prevent fraud is with technology and automation.
Here are some tips to help your business avoid common food delivery scams:
Enforce strong passwords
You should require complex and unique passwords that contain a mixture of numbers, uppercase and lowercase letters, and special characters. Users should also be prompted to change their passwords periodically. These steps help prevent scammers from using stolen credentials or attempting to crack logins with brute force.
Require 2FA or MFA
In two-factor authentication (2FA) and multi-factor authentication (MFA), users must provide multiple forms of identification before accessing accounts. Passwords can be stolen or guessed, but 2FA and MFA mean scammers also need a victim’s phone, security key, or biometric information before they can log in. Enabling 2FA provides more robust security, and MFA can block 99% of account takeover attempts.
Alert users to account changes
Any significant account activities, such as login attempts from an unknown device or password changes, should trigger a real-time SMS or email alert. This allows users to quickly identify and confirm or deny changes.
Rate limit logins
Brute-force attacks use automated software to try thousands of login combinations quickly. To protect trusted customers and your business, limit the amount of login attempts that can be made within a given period.
Check remote or unknown IP addresses
Fraud prevention software can identify the location of login attempts and spot if a user attempts to log in from an unusual area or uses a VPN to disguise their IP address. These activities are often a sign of an ATO.
Check breached credentials databases
Publicly known stolen logins are recorded in breached credentials databases. Check your user credentials against these frequently to identify compromised accounts and request password changes or multi-factor authentication.
Regularly review and update your security
Fraudsters are always looking for weaknesses, and as soon as you close one gap in your defenses, they move on to another. That’s why it’s crucial to ensure you keep your software up-to-date and frequently reassess your security procedures. You should also consider investing in a comprehensive fraud prevention platform with automated real-time protection.
How Sift can help you prevent food scams
Sift’s Digital Trust & Safety Platform uses cutting-edge technology and trillions of data points to help you stop fraud proactively and secure each step of your customer’s journey.
Using machine learning, Sift can automatically block fraudsters from making transactions with Dynamic Friction while eliminating false positives and allowing your trusted customers a seamless experience.
With machine learning automation, you can grow faster by eliminating manual checks, increasing volume securely, and serving customers with the speed they expect.
Whether you have thousands of customers or millions, Sift scales as your business grows. You can easily provide new features without compromising your security and onboard new users quickly with low friction.