One of the oldest IT jokes is the CIO who says, “IT operations would go so much more smoothly if I wasn’t for these end-users mucking everything up.” It’s true: humans have a tendency to not do what they are should or — more likely — what someone in IT wants them to do.
This is a lesson now being learned by the major food delivery services, which have run into some of the same authentication and security issues other industries face daily.
What started out as a perfectly reasonable authentication effort intended to make customers feel safer — because they could see that the person delivering their food is the same person who’s supposed to deliver it — has largely failed in the field.
Sam Amrani, the CEO of PassBy, a retail technology firm, recently took to a LinkedIn forum to complain about the problem, and was quickly joined by others who’d experienced the same issue.
“I have no way of knowing whether (the delivery person) was a legitimate user of the app or whether there was something more malicious going on,” Amrani said. “Systemic technical error or black market for illegal workers? A bit of both, it seems.”
People, he continued, are “hopping onto these apps courtesy of gig-work brokerages who sell or lease accounts. It’s a loophole in these gig-economy apps [that] isn’t being safeguarded. Some 80 percent of the things I’ve ordered through a gig-economy app have been facilitated by a completely unknown person. No background checking. No ID validation. We’re letting people into buildings and getting into cars with zero regulation. Whilst I am sure 99 percent of these people are just trying to make a grey-market living, there are dangerous consequences to the level of exploitation that this can lead to.”
“As long as apps allocate and communicate the details of the driver, my view is that they are responsible for ensuring that the correct person is the person who arrives,” said TrustD Director Siofra Neary.
According to Riccardo Russo, head of growth marketing at China-based Yodo1 Games, the situation has been dealt with there “with a facial recognition check every two hours or so from major ride-hailing and delivery apps. It used to be a big issue.”
(The LinkedIn discussion went offpoint when one commenter suggested this as a streaming TV series, featuring a murder-for-hire team that takes jobs with food delivery services to make their hits. Tagline: “It won’t be the saturated fat that kills you.”)
Computerworld reached out to three of the largest food-delivery services in the US — Grubhub, UberEats and DoorDash — and they either confirmed identity swapping is a known issue or didn’t deny it. None of the three would agree to an on-the-record interview to explore the issue.
Grubhub responded with a generic statement that “we conduct background checks on all our delivery partners, and while reports of this kind are rare, misrepresentation or fraudulent activity of any…
2024-03-04 17:00:05
Original from www.computerworld.com