Ever since the pandemic began, restaurants and diners alike have embraced online ordering for takeout and delivery. Alongside the rise in apps like DoorDash or UberEats, QR code ordering has also become a popular option for those looking to comfortably dine-in.
What all these types of ordering have in common is they enable consumers to order and pay without having to physically show their credit card. That’s led to bad actors using these food delivery apps and QR codes, along with first party ordering, as an opportunity to steal from hard working restaurants and their staff. This type of fraud has even caused some restaurants to close for good according to the L.A. Times and Eater.
Thankfully, there are patterns to these online ordering hacks, such as disputing a credit card charge or even manipulating no-contact deliveries. Here’s what you need to know to help protect your restaurant.
True fraud vs. friendly fraud
Since fraudulent charges happen now and then, it’s vital to know the different types of online ordering fraud before diving into the best ways to protect yourself from them. Most importantly, it’s extremely important to remember that the main difference between true fraud, friendly fraud, and a chargeback relies entirely on diner intention. By knowing the intent behind these different types of fraud, you’ll then get a better sense of how you can prevent friendly fraud or stop true fraud from happening in real time.
1. What is a chargeback?
A chargeback occurs when a cardholder disputes a legitimate transaction with their bank or credit card company without intending to harm anyone. Guests typically claim an online ordering purchase was fraudulent or unauthorized when they honestly didn’t make the purchase, or their order never arrived. Afterall, they rightfully want their money back since they didn’t receive their food order for whatever reasons.
2. What is true fraud?
True fraud occurs when someone uses stolen or false information for their own financial gain. Even if they act like it was an accident or a misunderstanding, true fraud scammers know exactly what they’re doing. They’re working with the intent to deceive, cheat, or steal.
Restaurants experience true fraud when someone intentionally uses a stolen credit card or provides a card number generated randomly by a computer. For stolen cards, the original card holder sees the charge then disputes it, resulting in a lot of frustration and a loss of profit.
3. What is “friendly fraud,” or chargeback fraud?
While some might claim there’s a difference between friendly fraud vs. chargeback fraud, they are both names that generally refer to the same thing. Friendly fraud occurs when a cardholder disputes a purchase to get a full refund without returning what was just bought. They might hide behind the excuse of a regular chargeback, but these scammers are 100% aware of their own intentions. Since they aren’t using a program to generate credit card numbers, the card is typically attached to their name and credit score.
For example, someone can receive a food order from UberEats on their front door, and enjoy their meal. To commit chargeback fraud, they would need to claim that the food order was never delivered, then trigger the protocols for a fraudulent charge on their credit card.
How to protect yourself from online ordering fraud
1. Use a trusted first-party online ordering service
In addition to saving you money from 3rd party delivery commissions, a first-party online ordering system gives you more control over how your guests order takeout or delivery. A trusted provider will have a secure ordering portal that syncs with your cloud-based point-of-sale system. It should include AVS, otherwise known as an address verification service, as well as an option for CVV. It may also include optional AI-driven fraud prevention tools. For example, at SpotOn, we work with a third party, Kount, to provide advanced digital fraud solutions with our online ordering system, SpotOn Order.
2. Turn on CVV for online ordering
Turning on CVV, otherwise known as card verification value, for every order is the easiest way to protect yourself from online ordering fraud. Card issuers rely on CVV to know when a valid credit card number is actually being used since the cardholder needs to physically see the backside of the credit card to find that information.
Most issuing banks let the card holder know that the card verification value isn’t stored on the credit card’s magnetic strip or EMV chip. Enabling CVV helps add an extra layer of protection against digital fraudsters using a Visa, Mastercard, or an American Express card with a fake credit card number.
3. Set a maximum limit for online ordering
Fraudsters often make large online ordering purchases to get as much as they can before a credit card gets flagged as stolen or missing. For extra security besides enabling CVV, you can set a maximum limit for extra security with online ordering. While it’s always great to have a larger food order, establishing an ordering limit helps make sure one scammer can’t come along and drain all your kitchen resources, then suddenly ask for a refund on the entire purchase.
Setting an online ordering limit will also make it easier for delivery drivers since there’s much less food to handle on their own. A good rule of thumb is to set your limit to 10% above your average online order value.
4. Call to verify with large online orders
For large or suspicious online orders, you can call the guest for extra verification and security. By asking for their name, address, or credit card information, you help make sure there’s a real person genuinely interested in ordering your food. On top of that verification, you also get the added benefit of establishing a callback number in case of any concerns with your customer service.
Watch out for QR code fraud
While we’ve covered the main types of online ordering fraud, there have also been reports of scammers stealing personal information by using fake QR codes. This fraud happens all the time in restaurants using QR codes for their digital menus because QR ordering technology often runs on the same software platform as online ordering.
These scams typically target guests scanning a QR code rather than overall actual restaurant data. Thankfully, we’ve got a blog post that covers three simple tips any restaurant can use to avoid any QR code scam.
By routinely auditing your QR codes, you make sure guests are able to order without any extra headache or worry for their safety. You’ll also see what extra steps can be taken to prove your QR codes are safe to use in the future.
For example, you can place your restaurant’s logo on your QR placards and table-tents. That way, you can spot if any QR code looks out of the ordinary, all while educating your staff to keep an eye out for any suspicious materials as well.