Over the last two years, Incognia has worked closely with the leading food delivery mobile apps and platforms in Latin America. Its during this time that we’ve had the opportunity to work alongside Trust & Safety teams to block attacks in many different forms. More recently, Incognia started collaborating with leading food delivery companies in North America, Europe, and Asia and currently protects more than 90 million food delivery users worldwide.
Food Delivery technology platforms usually utilize two or three different mobile apps, one for each key stakeholder:
Each one of these apps needs to be protected with tools that ensure the safety of its users. The fact that food delivery companies deal with a more complex ecosystem than traditional eCommerce makes this goal more difficult. Most of the fraud prevention tools used by food delivery apps were built with a specific focus on eCommerce fraud. Another complicating factor is that food has to be delivered hot, meaning that transactions need to be verified and decided on much more quickly than purchases of goods, which adds an increased need for automation and quick decision making.
Below we’ve broken down the most common scams impacting the food delivery industry.
Some delivery apps compensate drivers based on the distance they must travel to complete the delivery. GPS spoofing applications have become widely used by bad actors to mask their real location and simulate longer trips.
A less sophisticated scam involves using GPS spoofing tools to pretend to deliver the food to the customer, while in fact they have kept it for themselves.
In some cases, fraudsters were creating fake accounts using the gig worker App to pose as drivers. In this way, they were allowed to talk directly with end users and tried to perpetrate "social engineering" scams.
Bad actors will commit repeat offenses by opening new accounts under different identities so as to bypass identity verification checks.
Many gig worker apps have a wallet feature where drivers receive their delivery earnings. Just like any other account with stored value, these gig worker wallets are targets of account takeover fraud enabled by social engineering scams or leaked credentials.
Customer accounts are also taken over through social engineering techniques, such as smishing and phishing, enabling bad actors to defraud them using their stored payment credentials.
To take advantage of promos offered to new customers, bad actors will use many devices, and even emulators, to create multiple new accounts to take advantage of the vouchers and coupons offered. In an audit performed by Incognia, a food delivery company uncovered a single fraud farm that had created more than 200 accounts and claimed over $10,000 in coupons.
Bad actors also use stolen credit card information to order free meals. This theft often goes unnoticed until the legitimate card owner requests a chargeback from the card issuer and the merchant is penalized, often resulting in high fees.
Bad actors have also been known to impersonate legitimate restaurants by creating fake listings to accept transactions with no intention of delivering the order. The delivery app is then left to field the complaints and chargeback disputes.
Incognia has been successfully used by leading Food Delivery apps to combat these specific Trust & Safety issues.
By employing a mix of Location Identity, Behavioral Analytics and Device Fingerprinting, Incognia can help Food Delivery apps block bad actors for increased Trust and Safety.