Fraud Prevention for QSRs: Securing customer loyalty with Digital Trust & Safety
By Arwen Heredia /
18 Nov 2021
The quick-service restaurant (QSR) industry exploded with a decade’s worth of digital acceleration and rapid growth over the past 18 months. As disruption caused by the pandemic led merchants worldwide to reimagine the dining and delivery experience, many QSRs struggled to manage surging online order volumes, unanticipated demand for delivery, and rising online fraud—often without trust and safety tools or tactics in place that could scale with the challenge.
Sift Trust and Safety Architect, Jeff Sakasegawa, and Rob West, EVP & Business Transformation Specialist at OneDine, recently hosted a live webinar exploring why leading merchants in the highly-competitive quick-service space are increasingly turning to Digital Trust & Safety to manage payment fraud, account takeover, content abuse, and disputes in real time. Payment abuse is up by more than 35% YoY for QSRs, and 76% of consumers report that they’d stop shopping on an app or site permanently if it were compromised by fraud.
Protecting PII and Payment Data from the Growing Fraud Economy
Even before the pandemic forced businesses everywhere to move more operations online, quick-service restaurants were ramping up faster, hybrid digital/in-store experiences to meet growing consumer demand. The rapid shift has left merchants and their customers vulnerable to sophisticated cybercriminals hungry for credentials, payment and PII data, and loyalty points they can trade or sell on the dark web.
According to Sakasegawa, this industry’s value—forecasted at $297 billion for 2021—coupled with the volume of transactions and the extremely short user journey window typical to QSR transactions, makes the QSR market especially vulnerable, and an ideal target for criminals. Even more attractive to fraudsters is the near ubiquity of quick-service restaurant locations, and the fact that diners may have a harder time recognizing illegitimate transactions due to their lower dollar amount.
Complicated by an increasingly sophisticated global Fraud Economy, quick-service merchants face rising account takeovers (ATO), payment abuse, and scams. At best, surging digital fraud leads to limited cases of compromised user data, stolen profits and loyalty points; at worst, it undermines the overarching security of a brand’s entire site and associated mobile apps, motivating merchants to implement reactive fraud mitigation strategies that rely on adding friction to the user journey.
But friction is nearly as effective a method for losing customers as fraud can be—recent research surfaced an average mobile e-commerce cart abandonment rate of 85.6%, with the average number of user journey form elements (points in the customer transaction flow that require information or interaction from the consumer) at nearly 24 separate instances. While not every one of those points of friction will be as time-consuming as entering credentials or a credit card number, all friction has the potential to drive buyers to competitors with more streamlined user experiences—which in the end, all come down to trust.
“It’s about being able to accurately determine who to trust, and how much to trust them,” says Sakasegawa. “Guests entrust brands with their information, their private details. Merchants need to make sure they’re not setting themselves up to be the source of a breach, and that they prevent fraudsters from transacting with them in the first place—and without the assistance or accuracy of manual review, since customer expectations require these transactions to happen in in a matter of seconds. Approaching fraud prevention with a Digital Trust & Safety mindset allows businesses to scale fraud operations, align risk with revenue goals, and fuel growth by drastically reducing digital abuse and removing friction from the customer journey.”
Frictionless user experiences are paramount for quick-service merchants like McDonald’s and DoorDash, but a market disrupted by COVID-19 forced many providers to choose between scaling with demand and keeping customers safe from fraud. Restaurants experience the biggest slowdowns during the ordering and payment stages of a transaction, and are laser-focused on reducing time spent manually reviewing those phases of a sale. This, coupled with consumer expectations for speed and increased use of alternative payment methods, make the post-pandemic QSR customer journey rife with blind spots—and make an end-to-end, real-time fraud prevention solution a necessity for sustaining secure growth.
Transitioning from Traditional Loss Prevention to Digital Trust & Safety
“Fraudsters are distributed and highly-coordinated, and their business is to perpetrate fraud. That’s their job,” says OneDine’s Rob West. He points out that even brands with fraud protection in place aren’t eliminating fraudsters by shutting down attacks—they’re preventing those attacks from impacting their specific site and users. But a global marketplace infected with fraud is risky for all digital merchants and consumers. For that reason, West’s aspiration is that industries at large will follow the lead of businesses turning to real-time fraud prevention, for the greater good of all merchants in the space.
A huge hurdle stopping some QSRs from implementing a Digital Trust & Safety approach is the widespread, long-standing use of in-person, in-store security protocols, such as those available with EMV (Europay, Mastercard, and Visa) and End-to-End Encryption (E2EE). And if a merchant intends to only ever offer their services to in-person, in-store customers, it’s true that those lines of defense will be effective. But today’s consumers demand the flexibility of digital storefronts, and even merchants without a robust online presence are increasingly adopting online payment processing tools—meaning that, even when a customer is physically present in a dining room, the transaction itself can take place online via QR codes or other pay-at-table technologies, where fraudsters are ready and waiting to exploit hiccups in the system.
For the average QSR offering hybrid physical/digital experiences to their customers, on-premise tools even have the potential to expose a business to more digital fraud. Securing one physical channel doesn’t eliminate fraud; rather, it pushes fraudsters to focus their efforts on less secure digital channels and alternative payments. And focused they are: the average value of fraudulent orders jumped by 34% for QSRs in 2020. The growing sophistication and speed of digital abuse is reason enough to put urgency behind adopting a real-time solution—that 74% of consumers would permanently churn from a brand compromised by fraud is an even stronger one.
“As new digital payments channels come into play, they have to be protected and the experience has to be smooth,” says Sakasegawa. “Consumers are telling us now exactly where, when, and how they expect to consume, and they’re not willing to wait for businesses to catch up.”