GPS tracking for delivery drivers is only as effective as its tamper-resistance technology Featured Image

GPS tracking for delivery drivers is only as effective as its tamper-resistance technology

Maximize GPS tracking for delivery drivers with tamper-resistant technology to prevent fraud and policy violations by combating GPS spoofing effectively.

GPS tracking for delivery drivers is one of a few location signals that platforms can use to track and identify their couriers. If a platform can’t identify and block an individual, that person can commit fraud and policy violations with little to no consequences. Imagine that a courier is banned from a food delivery app after violating its terms of service. What is stopping them from creating a new account? Let’s dig into the ways that this is achieved by fraudsters and how GPS spoofing enables them.

By using GPS spoofing and manipulating their device’s ID parameters, that same driver could rejoin the platform under a new name and continue on as if they were never banned at all. In combination with GPS spoofing, bad actors might also use new devices, factory reset their old devices, or use fake or stolen identity information to mask the fact that they’re a previously-banned user of the platform.

Ban evasion is only one of the many ways that bad actors use GPS spoofing to their advantage, however. Spoofing location information also allows users to commit multi-accounting, a form of policy violation wherein an individual makes multiple accounts on a platform for the purpose of defrauding or abusing that platform. By creating multiple accounts, bad actors can commit promo abuse, evade bans, and scale any existing policy violation or fraud schemes by using  multiple accounts that appear unrelated.

GPS spoofing also has offline consequences for a food delivery platform and its customers. A driver spoofing their GPS location can use the faked information to claim payment credits for orders they never completed and manipulate distance data in order to earn higher fares or claim orders outside of their true location’s radius. If a bad actor is also using GPS spoofing and other tactics to commit ban evasion, they can commit even riskier abuses, such as stealing customer orders or committing point-of-sale scams, with the assurance that they can switch to a different account if they’re caught and banned on their current one.

Lastly, GPS spoofing also allows bad actors to take advantage of good-faith policies made to ensure drivers are paid for their work. For example, if drivers are compensated even when customers don’t show up for their order, a GPS-spoofing user can manipulate their location data to claim partial payments for orders they never attempted to deliver at all. Even if the account is eventually flagged for customer complaints or too many missed deliveries, organized fraudsters can simply move onto the next burner account and continue the scam.

GPS spoofing represents a significant threat to location-based apps because it is easy to execute and can generate significant rewards. It takes little technical skill to spoof GPS location — bad actors can use GPS spoofing apps, enable their devices’ “developer” mode, use app cloners, or use app tampering tools to manipulate their location and device ID data. The accessibility of this technology means that even people without technical knowledge can use it on one device or deploy it across multiple devices to maximize the profits of any policy abuse or fraud scheme.

By enabling fraudsters to conceal their location and therefore their identity, GPS spoofing is a powerful tool that minimizes risk and maximizes rewards.

The fraud iceberg: the challenge that GPS spoofing poses to fraud fighters

One of the biggest challenges of addressing GPS-spoofing is that the scope of the problem is difficult to determine. GPS-spoofing disguises the location of individual users allowing them to utilize different devices and create multiple accounts while remaining undetected. Bad actors can run multiple instances of an app across many devices and accounts without giving any indication that they are all related.  Without an accurate measurement of the scope of the GPS spoofing problem, fraud teams may not have the support they need to invest in solving it.

In a conversation between Andre Ferraz, CEO of Incognia, and Raiza Oliveira, Head of Data Analytics, Ferraz pointed out this issue, “Most of these companies know that there is location spoofing going on, but they don't really know how many of their drivers are using this [technique] and what the actual consequences of this type of exploit are.”

As Oliveira points out later in the conversation, many companies have pre-existing or in-house solutions for detecting location spoofing and multi-accounting, but these aren’t always maintained to defend against evolving fraud trends. “And it's not their fault because fraud prevention is not their business. These companies do not focus exclusively on [detecting policy violations and multiple accounts]. They are trying to provide their users with the best delivery experience…They need a solution that they can integrate and will start working immediately.”

Tamper-resistant location technology is a natural solution 

GPS spoofing impacts a platform’s ability to identify individual users and they need to restore that capability in order to prevent fraud. Tamper-proof location technology uses a combination of location signals, rather than GPS alone, to identify  a device’s precise location. Given that GPS isn’t the only location signal that is analyzed, this solution is much more resilient against GPS spoofing attacks.

For protection against more sophisticated tampering techniques, Incognia deploys three layers of detection capabilities that combine device and location intelligence to identify individual users even if they change devices, accounts, or locations. Unique location behavior helps to identify devices even when they’re reset, and device intelligence can help uncover signs that a bad actor intends to spoof their GPS location, such as the presence of spoofing apps, app tampering tools, and app cloners.

Tamper-resistant GPS tracking solutions ensure that delivery platforms work as they were designed to. Drivers are alerted of  orders closest to their location and the app regains control over who is allowed to operate on their platform. The integrity of the platform is restored, users experience better service, and legitimate drivers know they’ll get a fair shake.

Anyone interested in learning more about the impacts of location spoofing on food delivery and how tamper-proof location intelligence can help can read Incognia’s food delivery case study here for an inside look.