Cybercriminals are targeting online food orders, and the numbers are staggering.
While food delivery apps aren’t immune to account takeovers, they’re particularly vulnerable because of their low-security standards.
What’s the Extent of the Problem?
According to the Online Merchant Perspectives Survey 2022: Nearly 60 percent of merchants say taken-over accounts are their biggest security concern. A whole 70 percent have recorded a rise in account takeovers in the past year.
But this was expected: at the start of COVID, darknet comments related to “food delivery apps” went up 230 percent and criminals won’t stop at anything. But why? What makes food delivery apps the perfect target?
Why are Fraudsters Going after Food Delivery?
Food sellers want a smoother food-ordering experience for their customers. This means only a few security layers in the food delivery apps, as a complex one would send off impatient customers.
Cybercriminals take advantage of this, and once they have taken over an account, they can access the credit card data, address info and any other accumulated loyalty points.
And it doesn’t end here, the worst fraudsters use these stolen accounts to commit refund fraud. After taking over a loyal customer’s account, they can easily request a refund. After all, criminals know businesses wouldn’t want to disappoint their loyal followers.
Fraudsters can use stolen credentials to order food at premium prices, or worse — resell orders on secondary markets such as Craigslist or eBay.
This increasing need for a smooth customer experience coupled with the fast-moving speed of food deliveries presents a lucrative opportunity for fraudsters. And we may see even more sophisticated attacks in the future.
How are Retailers Tracking Account Takeover?
Research shows food delivery retailers often track password and email changes. Though these actions are significant warning signs, a CNP research shows cybercrooks will more likely change the phone number. And not the email address.
Only 10 percent of fraudsters make email address changes, while nearly 50% change the user’s phone number. In fact, fraudsters changed phone numbers two times or more in 15% percent of the cases. Yet, only 52% of retailers monitor changes in the user phone numbers.
Generally, only a few vendors in the sector say they track every aspect of user activity.
Food delivery retailers are also losing money from account takeovers — 44% reported losses in excess of $5,000. In addition to direct financial loss, merchants also face reputational damage as well as increased customer service costs.
Blair Thomas has been a music producer, bouncer, and screenwriter and for over a decade has been the proud Co-Founder of eMerchantBroker, the highest-rated chargeback insurance providers in the country. He has climbed in the Himalayas, survived a hurricane, and lived on a gold mine in the Yukon. He currently calls Thailand his home with a lifetime collection of his favorite books.