Want fries with that? Quick service restaurants (QSRs) are increasingly becoming targets for payment transaction fraud. Sometimes they are simply used by fraudsters to test whether a stolen credit card will be accepted. If it is, then they will go after higher priced merchandise and services. In this mobile app hack, it is surprising that alarm bells did not go off at the card issuer, network, or security vendor. Isn’t 100 QSR meals and a couple of thousand in spending at the same QSR chain in less than a week’s time a red flag? Understandably, stores do not like to discuss details of this type of incident. But hopefully, some new rules have now been added to the machine learning fraud detection algorithms that watch overpayment transactions of any type.
A NY Daily News article discusses more on this topic which is excerpted below.
He’s not lovin’ it. A Toronto man discovered his McDonald’s mobile app account was hacked and the thief, or thieves, went on a fast food frenzy and ordered $2,000 worth of meals from different locations in Montreal.
Tech writer Patrick O’Rourke told the Canadian Broadcasting Corporation that his McDonald’s app was linked to his debit card. “I was just panicked because that’s a lot of money,” to told CBC News. More than 100 meals, totaling $2,034, were ordered by the fraudster for pick-up between April 12 and 18. Artery-clogging items on the receipts included McFlurries, Big Macs and Chicken McNuggets.
All 100 receipts were e-mailed to O’Rourke, but he didn’t notice them for a week because they were funneled to a separate “updates” folder in his inbox. He phoned McDonald’s when he made the discovery, but instead of refunding his money, they told him to reach out to his bank instead.
Overview by Raymond Pucci, Director, Merchant Services at Mercator Advisory Group