More people are enjoying the convenience of ordering meals online. Customers love fulfilling their last-minute cravings without having to leave their homes or offices and taking advantage of special offers — which have all led to a significant increase in the number of consumers using online delivery services in the past few years. This growth trend is projected to continue, with the online food delivery market expected to grow by 9.04% (2024-2029) globally, resulting in a market volume of US$1.85tn in 2029. The Asia Pacific region is especially poised for high growth.

Unfortunately, growing industries are always targets for criminals. And because online food delivery is usually a multi-party endeavor that involves restaurants, independent food delivery services, financial services, and consumers, there are diverse opportunities for fraud and criminal activity. It's crucial to be aware of these risks and take necessary precautions. 

Many of these fraud types involve vulnerabilities in account security — people pretending to be people they are not to perpetrate promo abuse, driver account sharing, ghost orders, and account takeovers. I'll cover some of these in this post.

Driver account sharing fraud puts customers at risk

Driver account sharing fraud is a significant issue, with drivers selling their account information for a fee. The numbers are staggering — The New York Times estimated that there are over 65,000 of these “shadow” food delivery workers in New York City alone.  

When delivery drivers share accounts, food delivery companies lose control over who makes the deliveries. This lack of control can lead to unvetted or non-background-checked individuals interacting with customers, posing a significant safety risk. In addition, with multiple people using a single account, holding specific drivers accountable for issues or misconduct is hard. Negative experiences resulting from account sharing can lead to poor customer reviews and a tarnished reputation for the delivery platform. 

And, like many account security frauds, driver account sharing also results in adjunct crimes. The Washington Post recently wrote that, in the District of Columbia, these shadow delivery workers are driving unregistered mopeds and motorcycles, sometimes recklessly — violating policies, endangering pedestrians, and exposing delivery companies to potential lawsuits. A Wired article shared that one woman was earning nearly $10,000 per month in passive income from “renting” fake driver accounts — created from legitimate Social Security numbers and driver’s license images bought from the dark web — to other drivers. 

There have even been allegations of organized crime syndicates using shared accounts to facilitate illegal drug distribution and other crimes, exposing brands to tremendous risks.

Promo abuse fraud poses financial risk

Fraudsters often use privacy-preserving and multi-accounting browsers to pretend to be many different people, creating multiple fake accounts to take advantage of promotional offers, referral bonuses, and discounts meant for genuine customers and drivers. 

Promo abuse fraud involves the exploitation of a business's promotional offers for unauthorized discounts or advantages, leading to potential financial losses. Tactics typically include redeeming the same promotional code multiple times, coupon glittering, stacking codes in unintended ways, creating multiple accounts to benefit from one-time offers, and self-referring accounts to get referral bonuses. On the driver side, drivers may create multiple accounts to take advantage of new driver bonuses. 

Ghost orders

Fraudsters can also create fake or “ghost” orders that appear to be legitimate deliveries but are never completed. This practice can artificially inflate a driver's delivery completion rate or earnings. Ghost order fraud involves several different device intelligence indicators, including app cloning, creating fake accounts, and GPS spoofing.

In a typical ghost ordering scenario, fraudsters clone instances of food delivery apps and create hundreds of fake driver and user accounts on the same device. Using auto-clickers, they make and accept numerous orders, marking them as delivered without completing them. Fraudsters can then claim incentives based on these fake orders.

Account takeover fraud hurts customers and delivery drivers

In account takeover fraud (or ATO fraud), a fraudster gains access to a user’s account on a restaurant website or food delivery app. The fraudster then either orders food for themselves and charges the victim’s credit card, or they can sell the compromised account. In the worst-case scenario, an innocent customer can lose hundreds of dollars or more in fraudulent food charges. They may then file a chargeback through their bank, passing those losses onto food delivery apps and restaurant owners. 

Food delivery driver accounts can be victims of ATO fraud, too. In the  “single sauce packet” scam, the fraudster first orders a single sauce packet or similar small item. The driver then gets a call from the “customer,” telling her they’re not at the intended address and need to cancel the order. The driver then gets another call claiming to be from the delivery app’s support team, who then says, “We see you had to cancel an order.” They tell the driver that to get paid, he or she must follow a series of steps, ending in the driver sharing a code sent to their account.

The fraudster can then use that code to access the driver's account. If you’re a driver who has payouts directly attached to your bank account, those scammers — after accessing your account — can lock you out and take your money.

How device intelligence can help prevent account security-related fraud

Fraud prevention techniques like multi-factor authentication (MFA) enhance account security but can also degrade the customer experience. Adding additional authentication measures creates friction, which often leads to abandoned carts. Inadvertently blocking a legitimate customer sabotages their relationship with the brand. According to the Cybersource Survey, restaurants say balancing a seamless experience with enhanced security is one of the top fraud challenges.

Using device intelligence, a site or app can identify and flag unusual or suspicious users, such as someone trying to log in from a different area than usual, driver accounts being logged into from many different devices, or user “accounts” that share a single device ID. Device fingerprinting also enables sites to improve the user experience for returning customer by seamlessly authenticating returning customers and remembering past preferences and actions, such as abandoned carts. Meanwhile, new or suspicious devices endure additional scrutiny and may trigger additional authentication requirements before granting access to an account.

Want to learn more about how device intelligence can help your food delivery business detect and prevent fraud before it happens? Sign up for a free trial or get in touch with us for a personalized demo.