Domino’s Pizza App Abused in a Credit Card Scheme

Domino’s pizza chains in Brooklyn recently reported record sales not because the people of Brooklyn were suddenly craving pizza on an unprecedented level, but because gangs, thieves and the average person found an ingenious hack that required no technical knowledge whatsoever. All that was needed was a little word of mouth and some street sense.

To test if a stolen credit card number had been cancelled or not, people worked their way down lists of stolen numbers they had bought off the Internets black markets. Using Domino’s mobile app, they began purchasing pizza -a lot of pizza- at close to 50 dollars per order. The orders started adding up, since the credit cards are purchased in bulk (one account tested over 2000 numbers).

Local chains had no idea of the scheme, as all the purchases were made through the app and worse, the purchases were likely made on smartphones of people who had no knowledge of the scheme and willingly let the real culprits order pizza on their devices or deliver it to their address, of course, with the premise of free pizza.

Police and Domino’s loss-prevention department only caught on after recognizing the pattern of many failed attempts to order before a successful one on the same account. It’s rare that an online ordering app would think to put in restrictions on how many different credit cards an account can attempt to order with, but surely, it’s a layer of security that needs to be implemented.