Imagine this scenario: after a long day at work, you order some takeout on a food delivery app and patiently wait for it to arrive. Only, when it does, the person who greets you at the door isn’t the same person whose name and picture you saw on the app. Maybe you don’t think much of it, maybe you report it to the app, but the fact is that what just happened could represent a security risk for you and the app you ordered from.
Unauthorized driver account sharing happens for a myriad of reasons, but the lack of oversight it leaves food delivery platforms with can have serious consequences.
There are a couple different reasons why drivers might share accounts. Most commonly, people interested in renting someone else’s account are people who either can’t get work with the app under their own name or don’t want to wait out the process, such as someone just looking for quick cash. Other examples might include people with criminal records, people without insurance, people without work authorization, people with traffic violations and speeding tickets, and so on.
As for the how, these arrangements tend to happen by word-of-mouth, either in person or online. You might imagine a scenario where one person has an authorized driver account, and on his day off, his family member asks if they can use his app for the day in exchange for a cut of the money he makes. This sort of arrangement can also happen online, between strangers, using forums or private chat groups.
Not taking into account the risk of the account being banned, this is a win-win situation for the people involved. The account owner gets to make money even on their day off, and the person who borrows the account gets to make a fast day’s pay without having to undergo a background check.
The people who lose out in this scenario, however, are your platform and customers who use it. Both your platform and your customers are exposed to more risk and more liability at worst, and statistically poorer service standards at best.
Delivery drivers sometimes get privileged access to people’s homes, such as lobby or stairwell access for people who live in apartment buildings or door or gate codes, as well as getting their customer’s name, address, and phone number.
If someone who doesn’t match the profile associated with them comes back with a door code they got to make a delivery and breaks into an apartment building, there’s less information to help police identify them. In one case from California, someone claiming to work on behalf of UberEats stole packages from a mail room after delivering a cake, only for the customers to realize they didn’t match the name and picture on the app.
This pseudo-anonymity can give bad actors a golden opportunity to commit crimes against people who order from your platform, because their real names and faces are a degree removed from the app’s IDV process.
The Trust & Safety concerns are the most pressing issue, but there are also significant liability concerns. Drivers who contract with your app are protected under your liability insurance and have to provide proof of their own vehicle insurance. This isn’t the case with an unauthorized driver that the app has no knowledge of, but if a driver claiming to deliver on your app’s behalf gets into a car accident, there might be a liability case against you. In the UK, food delivery apps also received governmental pressure to curb illegal work happening on their apps, indicating the possibility for legal liabilities as well.
Lastly, Incognia’s work with different delivery companies during our proof-of-value process has shown that drivers using another person’s accounts are about 65% more likely to skip out on completing deliveries than drivers using their own accounts. From Trust & Safety issues, to liability concerns, to poor service quality, the effects of unauthorized driver account sharing are manifold.
Unauthorized account sharing can be hard to detect since it’s typically an arrangement between peers that your app might have light insight into. Thankfully, there are still some ways to curb the practice before your drivers leave the curb.
Some food delivery apps have started asking drivers to submit a selfie at the start of their shift to verify that they’re the ones making the deliveries. This practice can work in some circumstances, but it might fall short if unauthorized drivers have an app tampering tool that allows them to submit an existing picture of the account owner instead of being forced to use the on-phone camera.
Additionally, this method might fall short for verifying drivers who know their account sharer in person, such as people who share a household.
Not all location technology is reliable enough for fraud prevention purposes, but Incognia’s location identity verification uses a combination of signals to provide a comprehensive picture of a device’s real-time location and location behavior.
The way that each person moves about in the world is unique to them; by comparing the location identity on the device signing into the app with the location identity of the driver on file, your platform can more easily identify when someone other than the account owner is signing on to start a shift. Additionally, real-time location verification can help verify that the person signing on is at the driver’s home address, which can be helpful to identify account sharing between drivers living in different locations.
Device ID is another way to help identify if the same driver as normal is signing on to start a shift. Short of handing over their entire phone to the person using their account for the day, there’s little drivers can do to replicate their exact device ID onto their sharer’s phone instead. However, it’s important to note that relying solely on device ID can create unnecessary friction for good drivers who get a new phone or factory reset their device for legitimate reasons.
Food delivery platforms bring the unlimited convenience of the Internet age into play with the modern gig economy for an equal exchange between people willing to pay for delivery, people willing to provide it, and restaurants eager to take advantage of the larger market. Bad actors and other people not willing to play by the rules of the market, however, add more risk and liability into the equation. By keeping up to date with the latest anti-fraud and identity signals, however, delivery apps can come step closer to knowing their drivers are always who they say they are.