Consumers are ordering more through mobile apps, and fraudsters have taken note. In the latest Mobile Order-Ahead Tracker, Matthew Coy, vice president of Information Technology for fast-casual chain Donatos Pizza, explains how quick-service restaurants (QSRs) can tap new technologies to guard against credential stuffing and why mobile-specific digital identification measures are key.
Consumers are still clinging to takeout and delivery even as sit-down dining tentatively picks up again across the U.S., and more diners than ever are turning to their phones when purchasing their meals. Restaurants are thus scrambling to refurbish their physical locations while seamlessly fulfilling the growing numbers of mobile orders.
Determining whether potential mobile customers are legitimate or malicious can also be particularly tricky for quick-service restaurants (QSRs) attempting to navigate the flood of mobile orders, Matthew Coy, vice president of Information Technology for fast-casual pizza chain Donatos Pizza, explained in a PYMNTS interview. Attacks such as credential stuffing, in which bad actors tap usernames, passwords and other stolen details to gain access to other accounts, can hamper restaurants’ abilities to distinguish between legitimate customers and fraudsters, for example.
“We are examining options [against credential stuffing], and we are also leveraging partners that help to protect people’s identity and their data as they use our application,” he said. “This is vital because, really, the next great security frontier is all about user identity and user data. It may be that someone compromises someone else’s platform, and we have to protect against that sort of thing within our own platform.”
Protection against attacks that originate off-platform and leverage stolen credentials is increasingly key for QSRs as mobile becomes a main channel through which consumers and restaurants interact. Successfully countering these attacks means confirming consumers’ digital identities even before they place orders.
The Changing Nature of Digital Identity
Coy said that verifying consumers’ digital identities will gain even more importance for QSRs in the future as many consumers are likely to maintain the mobile ordering habits they have picked up during the pandemic rather than reverting to their old ways. Donatos believes its mobile order volume will soon outpace that of its website as mobile gains ubiquity.
“We think the reason for that is because [mobile is] the format that customers want to use, and that covers all demographics, not just younger demographics,” he explained. “I think it is a common misperception that it is the young demographics that are driving digital activity, and our data shows that that is not necessarily true. People of all ages are gravitating toward the mobile presence.”
Consumers are also beginning to expect their mobile order-ahead apps to feature seamless yet robust security measures akin to those they experience when sharing personal details on digital platforms owned by Netflix and Google. Failing to fend off fraudsters or provide adequate digital identity verification measures can be disastrous for QSRs, as consumers will shift to competitors that provide the familiarity and protection they seek.
“That really is a part of all of our technology discussions every day. How do we balance a seamless, great customer experience with security for them and for us?” Coy said. “It does not have to be a trade-off; in fact, it is a bit of a false narrative [to say] that a secure digital experience is not a good customer experience. We can do both. Some of the ways that we can do that … our customers do not see. We can wrap security around the individual containers that support the application, and that security translates to the user, so that protects our customers while they are navigating the application, and they do not even see it or know it is there.”
Creating that invisible digital identity safety net requires restaurants to carefully consider which personal details they analyze and select the technologies they use to do so. Emerging technologies such as artificial intelligence (AI) could play a more prominent role as digital identity authentication begins to rely more on back-end data, such as geolocation or how users hold their phones, rather than data points like usernames and passwords. These tools could amplify security and help QSRs better and more seamlessly engage with mobile-first customers, Coy explained.
Automation’s Role in Providing Secure Mobile Engagement
Back-end automation is becoming more attractive to restaurants as mobile interactions pick up, and Coy said Donatos uses such technology to help keep out bad actors.
These tools can also offer much-needed financial relief for QSRs as they allow them to focus more on legitimate orders and requests instead of sifting through bot attacks and other schemes that leverage automated technology. The company plans to increase its use of such technologies in the future to protect virtual orders, especially as mobile and digital ordering gain more steam and necessitate smooth and secure digital identity verification procedures.
“In the coming years, we are expecting the share of our orders to go more to the digital platform,” Coy said. “Our delivery mechanisms are going to have to be oriented toward that kind of shift, and we are going to have to be thinking about how [to make our platform] easier and easier to use from a digital standpoint, how we can scale to handle extremely busy periods. … I am anticipating that we are going to be linking our digital experience to technology that we currently do not see that much of in restaurants but soon will. So as pickup becomes very popular in the future, … there could well be lockers that are linked to your digital identity. [Customers could] come into the restaurant, tap with [their] phone, open the locker and take [their] pizza. I think that is very, very likely to be something you will see in the future.”
Such emerging technologies could be key to barring fraudsters from mobile platforms as more consumers use order-ahead apps, but these tools must center digital identity verification within their fraud protection strategies. QSRs that fail to do so are likely to lose customers to competitors who offer the flexible, seamless security measures they seek.