Restaurants have decades of experience learning to identify and prevent fraudulent purchases. At a minimum, most have learned to minimize chargebacks. But changing trends make restaurants increasingly vulnerable to a new type of threat. Card Not Present (CNP) Fraud.
An issue for many years for online commerce vendors and those that sell over the phone, CNP Fraud is likely to become a larger issue for restaurants in the coming years. Why? Because phone and online orders for delivery are becoming of greater importance to restaurateurs as in-store diners decline in numbers, and delivery becomes the fastest growing segment of the industry.
Meanwhile, CNP Fraud is becoming a larger issue as EMV reduces the risk of Card Present (CP) Fraud. As adoption of chip-enabled cards becomes more prevalent in the United States, the USA is seeing the same pattern that emerged in years past in other parts of the world. As CP Fraud became more difficult to conduct, criminals shifted their efforts to CNP Fraud. To date, there remain fewer methods to authenticate purchases made online or over the phone. Shoppers can’t sign to complete a purchase or enter a PIN. Validation becomes more troublesome as the value of purchases declines. This is an issue for restaurants, as order size will usually fall below minimum purchase thresholds (e.g. $25 or $50) where authorizations are collected, and more sophisticated fraud detection methods become uneconomical or inconvenient for orders in this price range.
CNP Fraud is especially costly compared to more traditional forms of payment card fraud. The Wall Street Journal reports (“Credit-Card Scammers Flock to Online Shopping, 10/25/16) that actual fraud and the costs to prevent fraud make up fully 7.5% of online merchant revenue. The Aite Group LLC estimates that CNP Fraud amounted to $4 Billion in 2016 in the United States. Worse, they estimate it will grow to $7.2 Billion by 2020.
As restaurants increasingly rely on deliveries, through orders placed online, via proprietary apps, or through delivery providers such as GrubHub, UberEats or DoorDash, restaurants are likely to face mounting chargebacks. With profit margins often in the low single digits, the most important source of growing revenue (i.e. delivery) could, in the worst-case scenario, be unprofitable, given fraud and fraud prevention costs in the high single digits.
Restaurants will need to take care to mitigate such risk, whether they sell directly to diners or through delivery partners. In the latter case, restaurants will need to take steps to mitigate risk when the delivery partner accepts a fraudulent order. Legal contracts should be executed that prevent the cost of fraud from being shifted from the delivery partner to the restaurateur. After all, after building an order processing platform, the delivery service provider bears minimal or no incremental hard dollar expense for an individual transaction that proves to be fraudulent. In contrast, the restaurant will have incurred material food, labor and other expenses for an order that proves to be fraudulent. Meaning the restaurateur incurs most of the risk.
Whatever the circumstances, restaurants are certain to be increasingly reliant on delivery and take-out sales in the coming years, making CNP Fraud a larger issue to address. Restaurateurs will want to plan now for ways to mitigate this risk, such as shifting the cost of fraudulent transactions to delivery partners, taking orders through proprietary apps with known users, or similar methods in order to address the growing threat posed by CNP Fraud.