Food Fraud: The Top Three Scams Impacting the Food Delivery Industry

By André Ferraz, co-founder and CEO, Incognia, the innovator of next-generation identity solutions for secure digital experiences [ Join Cybersecurity Insiders ]
457
Cybersecurity Research

The appetite for food delivery apps has grown exponentially—more than 2.85 billion people used them globally last year. In the United States alone, the $350 billion industry expanded by roughly 50% during the pandemic.

With rising popularity has come rising fraud as bad actors identify new ways to exploit weaknesses in these platforms, well-known food delivery companies are seeing as much as $1.5 million in losses every month as a result of fraud.

In order to combat today’s sophisticated scams, companies need to know what to look for and how to identify and address the gaps in their fraud prevention stack. Here are the top three:

1.Promotion Abuse: Everyone likes a good deal, and we have all at one time or another, created a second account on a website to take advantage of a promotional offer – like 15% off your first order or free shipping as a new member. While an individual occasionally doing this won’t make a big impact in the long run, organized bad actors are exploiting apps at scale and causing significant loss.

Multi-accounting is a fraud technique used to exploit a service for financial or personal gain. Multi-accounters use promotions by creating multiple accounts with different names, email addresses, and/or phone numbers. Additionally, they have tools like Parallel Space and App Cloner at their disposal to scale their schemes by enabling fraudsters to sign into different accounts simultaneously and change certain features in the source code, allowing them to abuse exponentially faster. With multi-accounting, fraudsters can not only abuse promotions for their own gain but can also sell these promotions to others or the services they received at a discounted rate for more than face value.

This wide-scale promotional abuse causes companies to lose money on initiatives meant to increase revenue and also interferes with marketing campaigns. Additionally, companies often interpret these accounts as churn and as a result, spend more money on customer acquisition.

Reliable data is the first step in protecting a promotional campaign from fraud. Using tamper-resistant signals enables companies to understand the full scale of their fraud problem and not misinterpret it as a lost customer. It’s important that companies consistently monitor their data to identify promo abuse signs, which may be less obvious.

Promotional campaigns are a crucial part of any company’s growth strategy, but it’s important to recognize the vulnerabilities to combat them. Remember, organized fraudsters treat promo abuse as a business and take into account their return on investment. If the promotion doesn’t leave for fraudsters to make money, it isn’t worth it to them to commit the fraud.

2.Driver Fraud: Driver fraud on food delivery apps is more common than one might think. Account sharing is a workaround technique drivers use to rent out their accounts so others can use them for a cut of the unverified driver’s earnings. This naturally presents a trust and safety issue while also leaving the food delivery company open to liability issues if the driver were in an accident or committed a crime while pretending to be someone else.

Location spoofing or a driver manipulating the location signals their device gives off, is another way drivers commit fraud on food delivery apps. On most apps, a driver has a delivery radius based on their location. When drivers trick the app with a different radius through location spoofing, they can sometimes make more money because different locations have different fees. However, this can mean longer wait times for customers and reduced efficiency of the logistics algorithm. Drivers can also use location spoofing to make it look like they’re delivering orders when they actually aren’t. These “Superman” drivers are in one location one minute and, the next, appear miles away.

Device identifiers with tamper-detection capabilities and location intelligence are emerging as a tool to fight against driver fraud on food delivery apps. Identity verification uses a combination of signals to provide a comprehensive picture of a device’s real-time location. Each person creates a unique location fingerprint on their device through their daily activities. Now, apps can compare that device location identity with the driver’s location to identify if someone other than the account owner is signed in.

3.Collusion: Collusion is harder to spot because much of the fraud occurs outside the app or by a single person. Companies are most likely to encounter courier-customer collusion. In this scenario, a customer orders food, a driver delivers it, and the customer cancels the order, resulting in a refund and free food. Another example of collusion is restaurant-courier collusion. In this case, a restaurant maintains multiple fake accounts, using one to order food and another to give the illusion that it was delivered. From there, the restaurant leaves positive reviews to encourage more orders.

Device ID, the unique identifier linked to a particular device, has emerged as a way to fight collusion on food delivery apps. When paired with location, it becomes even stronger because traditional device ID spoofing measures like factory resets won’t be enough to hide the phone’s true identity. Using device ID and location, platforms can tie multiple accounts to the same device or location, eliminating one tool fraudsters use to collude against platforms.

Food delivery fraud is happening and growing, just like using these apps. To get ahead of it, the first step is to identify it to ensure businesses have the right processes and technology in place to protect against it. It is critical to deploy agile solutions to enable your company to evolve with the fraudsters. This means deploying sophisticated fraud prevention solutions that can combat more sophisticated attacks, and ensure companies can protect their brand reputation, decrease losses and thrive with their industry.

Ad

No posts to display