The 5 most common types of courier fraud in food delivery, and how to prevent them
Quick summary
Most fraud tools are built to answer one question: is this the right person?
Courier fraud often asks a different set of questions entirely: was this person, device, or order actually where it needed to be at the moment that mattered?
However, those are different problems, and they require a completely different layer of detection.
The cost of getting that wrong isn't limited to refunds. A single fraudulent delivery can trigger customer support costs, dispute handling, manual investigation, regulatory exposure, driver incentive waste, insurance complications, and customer churn.
In fact, chargebacks create both direct merchant costs and indirect operational costs, including the back-office staffing required to manage disputes. The number is only projected to increase, with global chargeback volume expected to grow 24% from 2025 to 2028.
A deeper look at the data shows that food delivery is already a trust-sensitive category, with 85% of online shoppers saying a poor delivery experience would prevent them from ordering again.
Trust matters. And fraud can compromise trust. With that in mind, in this piece we'll break down the five most common types of courier fraud hitting food delivery platforms right now, what each one costs, and what it takes to catch them.
1. Location spoofing
Location spoofing is when a courier manipulates their device's location signal to appear somewhere they're not. On food delivery platforms, it shows up in a few distinct ways.
- Dispatch gaming: A courier spoofs their location to appear inside a high-demand pickup area, jumps the dispatch queue, and collects orders without being anywhere near the restaurant. The platform pays out based on a location signal that was never real.
- Ghost delivery spoofing: The courier accepts a legitimate order, spoofs their location to appear at the delivery address, photographs a neighboring porch, and marks the order complete. The customer files a missing-item dispute. The refund gets issued. From the platform's side, the delivery looked normal until it did not.
The business impact of spoofed location
The highest-stakes version involves regulated goods. For platforms delivering cannabis, alcohothel, tobacco, or pharma, a customer or courier can falsify location signals in a way that makes an order appear compliant when it's not. A customer may appear to be inside a licensed delivery zone while the actual delivery address is outside it. A courier may appear to complete a handoff in an approved jurisdiction when the actual transaction occurred somewhere else. The platform may not know it has violated a license requirement until after the order is complete.
That's where the downside can get blown out of proportion. While the direct order value may be small, the compliance exposure can be much larger. The business impact isn't just one bad delivery. It's the cost of refunds, support time, dispute handling, manual compliance review, possible account remediation, and (for regulated goods) fines, license risk, and legal response.
Standard fraud tools still miss it
Standard fraud tools don't catch this because they aren't looking at location deeply enough. The courier's identity might check out. The device may appear normal. No payment anomaly fires. The spoof goes undetected because the fraud happened in the gap between who the user is and where the user actually was.
How you can catch location spoofers
The prevention requirement may sound simple, but it's hard to execute: platforms need to validate location at the moments that matter, like order placement, dispatch, pickup, arrival, and completion. And they need to detect fake GPS, VPN usage, emulator behavior, and impossible movement before the payout or delivery completion event fires.
2. Ghost deliveries
Ghost deliveries are a close cousin of location spoofing, but the detection problem is different. The courier doesn't need to spoof their location convincingly for the full route. They only need to appear close enough to the delivery address at the right moment.
The pattern is fairly straightforward: a courier accepts a legitimate order, drives to the vicinity of the address, marks the order complete without approaching the correct door, and uploads a photo that looks plausible enough to pass a quick review. The customer files a missing-item dispute. By then, the refund clock has already started.
The real cost is more than the refund
At the individual incident level, the direct loss may look manageable. A refund might be $15, $30, or $50 depending on the basket size. But refund-only accounting understates the actual cost. Each ghost delivery can create customer support time, merchant appeasement, courier investigation, dispute handling, possible chargeback exposure, and a customer trust hit. The list goes on.
The strongest public example of this risk is not a small refund case. In May 2025, the U.S. Department of Justice announced that a former DoorDash delivery driver pleaded guilty in a scheme that caused DoorDash to pay for deliveries that never occurred. The fraudulent payments exceeded $2.5 million.
Why proof-of-delivery photos aren't enough
A photo by itself proves only that an image was uploaded. It doesn't prove that the courier was at the correct door with the correct order.
Catching ghost deliveries requires more than a proof-of-delivery photo. Platforms need to compare the photo, courier proximity, route behavior, dwell time, delivery address, and device integrity at the moment of completion.
How you can catch ghost deliveries
Those doing this effectively are validating dwell time inside a defined delivery zone rather than relying on a single GPS coordinate the moment the courier taps 'complete' for the delivery. A courier who parks a block away and spoofs their location will pass a coordinate check, but they won't pass a dwell check.
3. Courier signup bonus fraud
Most delivery platforms run driver acquisition campaigns. Signup bonuses, first-delivery incentives, completion bonuses, referral credits, and so on. They're standard tools for building courier supply in competitive markets.
They're also a primary target for organized fraud rings.
The typical operation goes like this: a ring creates dozens or hundreds of courier accounts using synthetic or stolen identities, SIM cards, and repeated device infrastructure. Then one or two physical couriers rotate through those accounts to claim signup bonuses, referral incentives, or completion bonuses on each one.
How bonus fraud distorts acquisition economics
The financial exposure adds up quickly. A $500 signup or completion bonus across 100 fake accounts is $50,000 in direct payout leakage in a single campaign cycle. The platform also pays for background checks, onboarding workflows, support, fraud review, and later remediation.
That's the core issue with signup bonus fraud: it's not just fraud loss. It tarnishes the platform's understanding of acquisition. The business thinks it's paying to acquire real couriers. Instead, it's paying a fraud ring to create disposable accounts that may later be reused for ghost deliveries, multi-accounting, payout abuse, or bot-driven shift fraud.
How you can catch bonus abuse
Catching this requires device-level and network-level signal, not just identity verification. The question isn't only whether each account has valid documents. It's whether multiple accounts are operating from the same device, emulator, IP range, payout instrument, SIM pattern, physical location, or behavioral fingerprint.
4. Multi-accounting
Multi-accounting in food delivery is when a verified courier shares their account credentials with an unverified driver. In many cases, the unverified driver couldn't pass the platform's onboarding requirements, background checks, right-to-work checks, insurance requirements, or prior deactivation controls.
The verified courier may take some shifts personally and rent or share the account for others. The unverified driver may take high-surge urban deliveries under the same login. The platform sees one account behaving normally. What it can't see, without better device and location intelligence, is that the person making the delivery isn't the person who was vetted.
DoorDash has publicly acknowledged this risk category through its own controls. In December 2024, the company said every Dasher must verify identity with a government ID and complete a background check before dashing. They added that Dashers must re-verify identity through real-time selfies, and that more than 150,000 Dashers would be required to re-verify each week. This led to monthly deactivations of inauthentic accounts doubling year over year.
Unverified drivers can be a liability exposure
If an unverified driver causes a safety incident, assault, theft, food tampering issue, or serious accident, the platform may need to answer hard questions: Was the courier background-checked? Was the person insured? Was the account sharing detectable? Did the platform have controls in place to prevent unauthorized access during active work?
It happens more than you might think. There have been 250 enforcement visits and more than 380 arrests involving food delivery drivers that year.
What account-sharing detection looks like
The detection signal is often clean: the same account appearing in two locations that don't make sense, a sudden device change before a shift, repeated logins from different cities, impossible travel patterns, or active work sessions that don't match the courier's normal device and location history.
Multi-accounting isn't primarily a payment anomaly. It's a mismatch between the verified account and the real-world person and device performing the work.
How to catch multi-accounting
Platforms catching multi-accounting effectively are looking for signals like the same device associated with multiple accounts, the same account appearing in two locations at once, or login patterns that don't match a courier's established location history.
5. Device farms and phantom shifts
Device farms are the most industrialized fraud vector in food delivery. They occur when one operator runs many courier accounts through emulated devices, automated scripts, or coordinated device infrastructure.
The goal is to clock into shifts, grab high-value opportunities, collect bonuses, manipulate queue position, or generate payout events without real work matching the platform's expectations.
What makes device farms different from the other fraud types on this list is scale. This isn't one courier manually gaming the system. It's a fraud operation running at software speed, designed to be invisible to analytics tools that look at individual accounts instead of device-level patterns.
The marketplace cost of automation
Device farms can be very toxic to marketplace health. Legitimate couriers lose access to fair shifts. Dispatch systems become less reliable. Fraud teams end up auditing payouts after the money has already moved.
The deeper cost is operational: when device farms inflate shift completions and courier activity, the signals fraud teams rely on to identify anomalies get corrupted at the source, making it harder to distinguish real platform activity from manufactured volume.
How to stop device farms before payout
Platforms that catch device farms effectively are flagging emulated environments at the point of onboarding and clock-in, before shift-completion and bonuses are triggered. They're looking for coordination signals across accounts like identical timing patterns, shared device characteristics, and location behavior that doesn't match real courier movement.
The key is to stop the device before it enters the delivery flow, not to audit the payout after the fraud has already scaled.
Using location signals to detect courier fraud
The common thread across all five fraud types is location and device signal.
Location spoofing, ghost deliveries, bonus fraud, multi-accounting, and device farms all exploit the gap between what the platform thinks is happening and what is actually happening in the real world. Identity verification and payment monitoring matter, but they aren't enough on their own.
The moments where fraud prevention matters
A courier can pass onboarding and still spoof their location. A customer can look legitimate and still place an order from a restricted location. A driver account can pass a background check and still be rented to someone else. A device farm can make hundreds of accounts look normal when each account is reviewed in isolation.
The difference is timing. Traditional fraud stacks often find the issue after the refund, dispute, or payout. Courier fraud prevention works best when the platform can verify the device and location before the bad event becomes expensive.
Getting the tools to help
Most platforms dealing with these fraud patterns are relying on tools that weren't built to catch them. IP geolocation that proxies defeat in seconds. Device fingerprinting that's becoming less reliable every year. Homegrown solutions that don't scale. Many don't fully understand the extent of their exposure until a refund audit, a compliance review, or a regulatory action forces the issue.
Radar Protect is built for the layer where courier fraud actually lives. It uses precise GPS verification, location spoofing detection, and environment fingerprinting, including ambient signals like Wi-Fi and Bluetooth, to verify that a device is actually where it claims to be. It complements or replaces legacy tools and sits inside the same platform teams already use for geofencing, address validation, and maps.
The fraud patterns covered in this post are solvable. The question is whether the tools in place were built to solve them.