Mobile ordering fraud is a constant struggle for QSRs, with bad actors leveraging account takeovers (ATOs) and social engineering to steal money or hijack customers’ personal data. Consumers are also concerned about security, with a 2019 survey finding that 62 percent of QSR customers feared that using mobile ordering apps would result in them being victimized. Their reservations vary, but 49 percent reported concerns about their payment data being stolen and 41 percent worried that their accounts would be taken over.
Preventing fraud and keeping customers safe are key priorities, but many QSRs still rely on static rules and manual reviews to identify bad actors. The sheer volume of fraud attempts woefully outmatch these methods, which often mistakenly block legitimate customers from completing transactions. Restaurants are thus turning to artificial intelligence (AI) and machine learning (ML) technologies to dynamically customize their rules, identify attacks and delegate human analysts to more efficient roles in the fight against mobile ordering fraud.
The following Deep Dive explores the shortcomings of manual review and static rules-based prevention processes, as well as how restaurants are leveraging AI- and ML-driven cybersecurity systems to outmaneuver and stop bad actors.
The Trouble With Fixed Defenses
Static rules (which set strict thresholds for fraudulent behavior and block transactions that violate them) and manual reviews have three major problems: The processes are time-consuming, do not effectively prevent fraud and regularly ban paying customers. A single analyst requires 50 hours to review 1,000 transactions, according to one report, meaning a business would need to employ seven workers to get through those transactions in an eight-hour workday.
QSRs need to process transactions instantly so customers aren’t waiting around for their meals, making it impractical to conduct manual reviews for every transaction. Many rely on static rules, because they only have to conduct manual reviews on a small percentage of suspicious transactions — but such rules are underequipped for fraud prevention. Bad actors alter their tactics to get around these obstacles, and 45 percent of companies that use static rules say the method does a poor job of preventing fraud.
Another serious flaw with static rules is their penchant for inadvertently blocking legitimate customers, with 65 percent of companies reporting accidentally blocking customers who unwittingly mimicked fraudsters. Those who were not blocked outright suffered needless friction if their transactions were subject to a manual review, and 60 percent of businesses said that static rules hindered their abilities to provide seamless customer experiences.
Transaction friction is especially important to QSRs, as customers typically desire their food quickly and won’t hesitate to order from different restaurants after unsatisfactory experiences. These businesses thus cannot rely on legacy methods to vet customer legitimacy.
Fraudsters can change tactics quickly, so any tool for fighting them needs to be just as fast. AI- and ML-based options could be the answer to reducing static rules’ frictions and subsequent manual reviews.
How AI Outwits Fraudsters
AI-driven fraud detection systems can holistically analyze each transaction and compare included data points to every other data point in seconds. These systems can also compare orders against every other transaction the QSR has processed and consider variables a human analyst might never notice to determine their likelihood of being fraudulent. An AI-based system might recognize a credit card being used in another customer’s account, for example, or that the same account has been entering different usernames and passwords over the course of several months.
ML-enhanced systems bring new advantages to the table, as they can learn from past transactions and automatically apply these rules to detect fraud. This is particularly useful when finding ongoing patterns that could be signs of fraud: Multiple identical orders coming from IP addresses in a single geographic region in a short period of time could indicate that a group of coordinated hackers are working together to breach a QSR’s defenses, for example.
These bolstered systems stand in stark contrast to their rules-based counterparts, which filter each transaction in a vacuum and block it if the user displays potentially fraudulent surface-level activities, like entering multiple passwords in quick succession. This lack of thorough review results in bad actors being let through and verified customers being locked out. AI systems can mitigate these problems, and have helped organizations reduce their false positive rates by 60 percent and increase their fraud detection by 50 percent.
AI system adoption at restaurants is slow, however, with a recent study finding that two-thirds had not invested in these solutions due to a lack of understanding and concerns about spending too much on evolving technologies. However, these costs could be pocket change in comparison if their old-fashioned manual review and rules-based processes mistakenly block customers from placing orders, and fraud risks could drive consumers away from restaurants forever.
LIVE PYMNTS ROUNDTABLE: MODERNIZING & SCALING FOR THE NEW NORMAL
The pressure on banks to modernize their payments capabilities to support initiatives such as ISO 20022 and instant/real time payments has been exacerbated by the emergence of COVID-19 and the compelling need to quickly scale operations due to the rapid growth of contactless payments, and subsequent increase in digitization. Given this new normal, the need for agility and optimization across the payments processing value chain is imperative.