Report: AI Helps Chipotle Stop Account Takeover Fraud Without Tipping Off The Fraudsters

Report: AI Helps Chipotle Stop Account Takeover Fraud Without Tipping Off The Fraudsters

June 22, 2021 at 09:00AM

Fraud is endemic across a vast range of industries, but few suffer as acutely as the restaurant industry and the associated field of mobile order-ahead.

One data breach that struck third-party delivery service DoorDash in 2019 resulted in almost 5 million consumers’ personal data being compromised, and these attacks have only increased in frequency as customers shifted to mobile ordering in record numbers over the past year.

Protecting against these attacks is a full-time job that threatens to overwhelm most teams of human analysts, forcing quick-service restaurants (QSRs) and ordering service providers to seek out digital tools like artificial intelligence (AI) and machine learning (ML). Their adoption is only the latest development in an ongoing arms race between fraud prevention experts and bad actors, however, with the latter deploying smart tools of their own to stage account takeovers (ATOs), credential stuffing attacks and a host of other scams.

The June Mobile Order-Ahead Tracker® explores the latest digital ordering developments, including the latest tools and technologies used for fighting fraud; fraudsters’ latest tactics for stealing cash, rewards points and valuable personal data; and how restaurants are adapting to the new digital-first environment even as dining rooms gradually reopen.

Developments From The Mobile Order-Ahead World

Worldwide chains with massive fraud detection systems are still far from invulnerable to fraud, as a recent incident at McDonald’s illustrates. The QSR announced this month that networks in South Korea, Taiwan and the United States were breached, resulting in fraudsters gaining access to employee- and store-related information. McDonald’s said that no customer information was compromised in the attacks but vowed to provide additional information about them as it begins assessing the damage.

Bad actors are not only targeting QSRs themselves, but also the aid programs intended to help them through the ongoing economic crisis. Cybercriminals have begun targeting the Small Business Administration’s (SBA’s) Restaurant Revitalization Fund, an initiative intended to offer up to $10 million to businesses to help them offset pandemic-related losses. Some cybercriminals are even posting how-to guides on the dark web aimed at coaching other fraudsters, detailing how they can defraud the program and selling them access to the documentation required to do so.

Advanced fraud prevention solutions like AI are also being leveraged in other areas of the mobile ordering sphere. Coffee giant Starbucks  announced in April that mobile orders accounted for 26 percent of its U.S. sales in the first quarter of 2021, up 18 percent from the same quarter last year. Starbucks CEO Kevin Johnson attributed much of this growth to the chain’s use of its Deep Brew AI engine, which provides analytics-driven insights to optimize inventory ordering and offer personalized loyalty perks for customers on the Starbucks app.

For more on these and other mobile order-ahead news items, download this month’s Tracker.

How Chipotle Fights ATOs And Synthetic Fraud

Mobile ordering is still going strong even as restaurants open back up for in-store dining, and fraudsters are eager to take advantage of this continued digital activity. Some of the most common tactics are ATOs and synthetic identity fraud, and QSRs are scrambling to keep themselves and their customers safe.

In this month’s Feature Story, PYMNTS talks with Dave Estlick, chief information security officer at fast casual Mexican grill Chipotle, about how the chain protects against these threats with the help of AI and ML.

 Deep Dive: Countering Account Takeover Fraud With IP Risk Detection Solutions

Mobile order-ahead exploded in popularity over the past year, but with this rise in mobile ordering has come increasing rates of cybercriminals attempting steal and sell customers’ sensitive personal information through ATOs. Restaurant operators are working to keep their customers’ information secure by leveraging fraud prevention and detection technology like IP anomaly detection features, however.

This month’s Deep Dive explores the varied tactics that fraudsters are deploying to steal customers’ private data, and how IP risk detection solutions can alert mobile ordering operators of suspicious activity.

About The Tracker

The monthly Mobile Order-Ahead Tracker®, a PYMNTS and Kount collaboration, offers coverage of the most recent news and trends and a provider directory highlighting key players across the mobile order-ahead ecosystem.