While looking at our Uber Eats interface, I researched how secure the platform is and discovered several operators had reported security issues here. This one, however, caught my eye. As bad as some bank fraud scams are, it is too easy to forget that as services get linked into your POS System, the chances of fraud increase with other systems.
A typical bank fraud hit many Uber Eats franchises, but because it was not a bank, the owners let it go until it was too late.
The scammers posed online as Uber Eats administrators, claiming urgent account issues. They then requested login credentials to "fix" some supposed problems. Once access was gained, the Uber Eats franchises' banking details were changed to redirect payments. Unlike bank systems, Uber Eats' notification systems often fail to alert merchants about these changes, which is weird as one would assume these are critical.
Real-World Impact
An Uber Eats merchant lost $3,500 after scammers changed their banking details. Another reported losing over $20,000 through a similar scam.
Security Measures to Implement
To safeguard your business from these scams, implement the following security measures:
Enable Multi-Factor Authentication (MFA)
You can add an extra layer of security by requiring multiple verification forms before account access is granted.
Implement Strict Internal Controls
Limit access to your codes to trusted staff only. Change these frequently and immediately when staff members leave your business.
Verify All Communications
Today, few security people request passwords or banking details via phone, text, or email. I would be cautious if they contacted you first. If you must give them passwords, change these passwords ASAP. Here are some tips.
Monitor Your Account Regularly
If possible, check your banking details and payment receipts daily. Your total report should match the bank's records.
Use Strong, Unique Passwords
Create complex passwords specific to your Uber Eats account. I recommend using a reputable password manager to generate and store secure credentials.
What to Do If You've Been Hacked
If you suspect your account has been compromised, immediately change your passwords. Contact the company through official channels, not by replying to an email. Document everything. Report the incident to your bank. Consider freezing payments until security is restored.
Legal Responsibilities and Compliance Australian law clearly states that you are responsible for your financial and customer information.
I had a client, World Square Newsagency, who went to court over fraud committed not by him but by one of his employees. The judge ruled that he had to pay the NSW lottery $574,000 for the employer theft, the NSW lottery legal fees, the NSW lottery investigation costs, and his legal fees of about $200,000 and some other expenses. It added up to over a million dollars.
Details here.
The Bigger Picture for Australian Retailers
While this article focuses on Uber Eats, the security principles apply to all integrated payment systems. Each new integration will create potential security risks, which require vigilant management.
Written by:
Bernard Zimmermann is the founding director at POS Solutions, a leading point-of-sale system company with 45 years of industry experience. He consults to various organisations, from small businesses to large retailers and government institutions. Bernard is passionate about helping companies optimise their operations through innovative POS technology and enabling seamless customer experiences through effective software solutions.
