hexagonshexagons
Blog / Fraud detection and prevention

Why Promo Abuse Fraud Hurts and How to Prevent It

Nicholas Robbins | Tuesday, January 24th, 2023 | 13 minutes

Businesses depend on promotions and lead-generating campaigns to acquire new customers and please loyal customers. Anytime there is a transfer of value online via coupon, discount, or reward, there is also a risk of promo abuse.

Sometimes what’s at risk isn’t a big-ticket item. Sign-up discounts and promotional offers — free trials, free first downloads, or a $5 voucher — have just as much value to a fraudster as cash and stolen credentials. Failure to prevent promo abuse can create significant financial losses.

What is promo abuse fraud?

In promo abuse or discount fraud, a fraudster takes advantage of a business’s promotional campaigns. These ill-intentioned users may attempt to defraud a business by using promo codes and discounts multiple times. Or they may abuse promotional coupons and return policies to obtain goods for free.

Promo abuse is more often a form of intentional friendly fraud — it isn’t always criminal by law. After all, abusers often take advantage of policy loopholes and gaps in digital protections.

E-commerce retailers that use referral programs and sale-saving tactics like cart-abandonment coupons and apology discounts are most at risk for this form of promo abuse, which commonly affects three types of promotional campaigns.

  1. Sign-up bonuses: Promo abusers may attempt to take advantage of first-time-use discounts by creating multiple accounts using different email addresses or aliases.
  2. Referral bonuses: Promo abusers may send referral codes to fraudulent email addresses for referral discounts. They may also crack referral codes for re-use.
  3. Loyalty discounts: Promo abusers may attempt to crack discount codes or use social engineering tactics to commit loyalty fraud to get more use out of one-time discounts.

“When it comes to promo abuse, we’re seeing new and different vectors of attack. These days, it’s less common to see someone creating fraudulent coupons. But that behavior hasn’t gone away. It's just transferred to a digital space.”

-Brady Harrison, Senior Data Analyst for Kount

For example, fraudsters may crack a coupon code by finding every possible coupon code for a single campaign. Previously, discounts and coupons made for a one-time transfer of value with a piece of paper. Today, a single fraudster can abuse a promotion countless times.

Consequences of promo code abuse

Any business that isn’t concerned with the consequences of promo abuse might want to think again. One or two people taking advantage of a 10% sign-up special may not seem a significant problem.

But remember that fraudsters aren’t defrauding businesses at the rate of one or two promotions. They’re committing fraud at scale, taking advantage of campaigns by the thousands or hundreds of thousands.

Promo abuse decreases sales and revenue

In 2014, an Uber user manipulated a referral code, shared it in a mass email, and posted it on Reddit. It wasn’t long before the user amassed $50,000 in Uber credits — essentially, free rides for life. The manipulated code became one of the top search results for “Uber promotion code.”

Uber discovered the abuse eight weeks later, after the user left a one-star review on a ride that Uber’s system flagged for manual review. By then, the company had lost eight week’s worth of rides. And it gave ride credit to the thousands of people who signed up under the user’s fraudulent referral code.

And Uber wasn’t alone in its unintentional allowance of promo abuse. In a Kount survey, 42% of businesses said their organizations allow customers to abuse promotions. For example, they permit customers to buy enough merchandise to get free shipping but return items later, an act of free-shipping promo abuse and refund fraud.

Promo abuse leads to poor marketing spend

Let’s say your business sets up a marketing budget for a promotional campaign. In the first 10 days, that campaign budget maxes out, which looks like a success. But when you analyze the results, user retention on the campaign is zero. In this case, the campaign budget gave promo abusers discounts and free products. That’s money that most businesses can’t afford to lose.

Abuse of promo codes leads to poor user retention

When businesses use marketing expenses on promotional campaigns, they’re enticing customers to stay in their ecosystem. That’s why the above example shows such a bad use of marketing dollars — it failed to retain customers.

Promo codes are meant to create returning business. You give a customer a discount so your business can make more through future purchases; that’s the goal with most marketing efforts. Businesses that don’t account for promo abuse find these discounts eat into the bottom line but deliver little to no customer retention.

“There are people who use a lot of promotions because they’re highly engaged with your loyalty program. But then there are people who are abusing programs by circumventing any basic controls your business might have in place.”

-Brady Harrison, Senior Data Analyst for Kount

How to prevent promo code abuse fraud

When it comes to best practices for fraud prevention — including promo abuse — implement a solution that protects the entire customer journey. This concern is as prevalent at the beginning of the journey as it is at the end. The right fraud prevention solution can help your business combat promo abuse at every stage.

Bring your team on board

You already have one of the greatest assets for fraud detection available at your disposal – your team. Go over the potential consequences and risks to ensure your team has the tools they need to help you combat fraud. These include:

  • Education on what constitutes coupon or promo fraud.
  • Understanding how to identify promo abuse when it occurs.
  • How to report promo abuse and address the concern.

Make sure you carefully control access to your promotion software. Otherwise, well-intentioned workers may leak codes to family or friends who do not qualify for access. This type of sharing can become widespread in short order, granting discounts or internal insight to fraudsters.

Set clear terms and conditions for promotions

The terms and conditions of your campaign offer a significant advantage in the battle against fraud and promo abuse. By carefully determining each element of the promotion, you control exactly how, when, and what type of value your marketing efforts deliver. On top of the required legalese, include elements that:

  • Identify how many times a customer may use the coupon or promo code.
  • Set a minimum purchase requirement or a maximum redemption value.
  • Limit discounts on already marked-down goods or services.

Revisit your completed terms to ensure they don’t provide too much information. For example, if your terms note that discounts for cart abandonment apply to any cart left idle five minutes or more, you’ve just provided a roadmap for abuse. These types of promotions are meant to entice shoppers to return – not reward those looking for loopholes to exploit.

Carefully consider how additional terms or conditions could potentially weaken the allure of the promotion for budget-minded customers in exchange for greater protection against abuse.

Control the coupon distribution and timeframe

Expiration dates are your friend when it comes to combating promo abuse. Carefully selecting promotional time periods and distribution allows you to more easily target your audience and monitor the results of the campaign.

Open-ended promotional codes and coupons without an expiration date leave your company open to abuse far into the future. You no longer have the tools to combat fraudulent activity involving earlier campaigns in place. Even a long expiration, one or two years out, limits this liability.

Carefully choose your promotional partners. Promo codes distributed on your website are free-for-all, unless protected by login or tied to specific accounts. Similarly, those used in search-engine ads or social media marketing efforts should be considered available to all.

To further limit your audience for top discounts, share through newsletters and direct email to existing customers, or choose to advertise through partners who can use digital coupons with tracking codes similar to an affiliate program.

Make codes tough to crack

Simple, intuitive promo codes make it easy for customers to remember and activate discounts. That works well for widespread campaigns and high-profile marketing efforts, but for greater discounts to select customers, you’ll want to use random or custom coupon codes.

Digital coupon codes that contain a mix of letters and numbers without including common phrases, such as 10OFF or BOGO, do a better job of preventing abuse. For deep discounts, unique, single-use codes with randomized characters can help thwart brute force attempts at coupon fraud.

Use a safe staging environment for testing

Don’t wait for customers to start using your codes to test your system. If you have a separate testing environment that doesn’t trigger other systems, use that for checking all prompt codes prior to launch. Otherwise, conduct a series of tests with usernames and addresses that clearly indicate they are test sales and verification attempts.

  1. Complete the journey from adding items to the cart through the checkout process and promo acceptance. Make sure to notify fulfillment teams of test orders if you proceed further to debit or credit card validation.
  2. Attempt to violate each of the terms and conditions you’ve set. Assume fraudsters will test every angle, especially for high-value discounts as well as bulk / large order values.
  3. Address any promo codes that fail this testing prior to launch. Failure indicates exposure and potential liability that could compromise other promos and your point-of-sale system.

When it’s time to launch your campaign, verify that your validation setup can handle the limitations you’ve put in place. Make sure codes or promos such as those for cart abandonment meet the criteria. Consider a two-factor authentication that includes logging in and an email verification for high-value special offers.

Continually monitor the process to catch suspicious behavior

Measure the process throughout each campaign, not just the results. Careful examination of sticking points along the buyer’s journey can provide exceptional insights for the next effort. Live promo code or coupon campaign audits should include reviewing:

  • Failed promo attempts
  • Customer service contacts
  • Cart abandonment with entered codes
  • Further communication, including chargebacks or reviews

Consider creating a system that reaches out upon cart abandonment or failed promo attempts for high-value customers. By ensuring a positive customer experience, your efforts build loyalty – whether or not the buyer chooses to return and complete the purchase.

Employ the latest technology

Armed with insight from your customer relationship management tools and promo results, further refine your marketing strategy to combat fraud while keeping the best elements of each campaign. Taking efforts a step further with technology allows you to:

  • Use behavioral analytics to identify and prevent suspicious activity.
  • Edit your campaign in real time based on ongoing audits.
  • Use geolocation to find and limit potential abuse.
  • Enhance reliability and overall results.

“How you prevent promo abuse depends on the kind of promotion you’re running, but the biggest issue is not having behavioral controls or only having basic controls in your campaigns.”

-Brady Harrison, Senior Data Analyst for Kount

Kount can prevent promo abuse across the customer journey

Kount simplifies the process of preventing promo abuse with a suite of the latest tools and technologies. Our systems can identify the relationship between a device and a user, helping detect fake accounts and prevent promo abuse or account takeover.

Linking data like trusted device status, IP addresses, and mobile network or proxy indicators allows Kount to execute a business’s risk- and trust-based user authentication policies.

All of which is to say we’re good at what we do, and what we do is protect businesses like yours from fraudsters who would abuse your outreach efforts. Schedule a demo to see exactly how we can customize a solution that works for your business needs.

Schedule a demo

Related content

See more related content
Related News
Understanding Customers is More Important Than Ever
Dilip Singh discusses the value of using data science to better understand your consumers. Learn how the data you're collecting can lead to consumer insights.
Related Blog Post
Big opportunities, bigger risks in booming health and beauty market
It’s an exciting time for health and beauty merchants, but they need to know these top fraud issues affecting the market, as the space grows.
Related Blog Post
What Is Chargeback Insurance?
Chargeback insurance sounds great at first. See what a chargeback guarantee actually covers and find a better way to stop loss from fraudulent transactions.
Related Blog Post
Buy Now, Pay Later: BNPL Risk Management Is Essential
Are you a buy now, pay later service provider? If so, you need to be aware of these BNPL risks -- and know how to manage them. Click here to learn more.
Related Blog Post
Precision & Recall: When Conventional Fraud Metrics Fall Short
A lot of businesses turn to conventional fraud metrics to set that all-important approval-decline threshold. But a one-size-fits-all approach is not always the most profitable. Let’s look at how a…
Related Guide
7 Fraud Schemes Targeting Restaurants and QSRs
Online ordering and delivery services are great ways to boost revenue for QSRs, but some of those sales are likely from restaurant fraudsters.
Related Guide
7 Features to Look For When Buying Fraud Technology for Restaurants
It’s important to find fraud protection technology from a provider that truly understands the challenges facing restaurants today.
Related News
Equifax and VTEX Join Forces with Strategic Partnership
Equifax has joined forces with VTEX to enable customers on the VTEX platform to seamlessly integrate with the Kount Payment Fraud solution.
Related Analyst report
Liminal Names Kount an Industry Leader in Ecommerce Fraud Prevention
Liminal Strategy recently conducted a report analyzing the top 50 ecommerce vendors. Find out here why Kount was named a leading provider in the space.
Related News
Fireside Chat on Post-Transaction Fraud
In this PYMNTS.com interview, Robert Painter talks Visa's CE 3.0 key takeaways and the best strategies for merchants to protect against post-transaction fraud.
Related News
Adam Gunther feature on The Future of Identity Podcast
In this Future of Identity podcast episode, Adam talks about his journey in the identity space and tactical factors needed for reusable identity adoption.
Related Blog Post
SAFE & TC40 Data: 6 Things You Need to Know
What is TC40 data? How is SAFE data used? Learn more about fraud reporting and how this data can impact chargeback management.
Related Page
Fraud Detection Software
Kount offers the most accurate risk assessments possible. Our fraud detection software uses machine learning to identify more fraud with fewer false positives.
Related Blog Post
What Is Account Takeover Fraud? Expert Prevention Tips and More
Struggling with account takeover attacks? Check this free guide. We reveal everything you need to know about account takeover (ATO) fraud and how to prevent it.
Related Blog Post
Online Streaming Fraud Risks Every Streaming Business Should Know
From password sharing to account takeover, streaming fraud is on the rise. A digital fraud solution can stop fraud risks and improve growth opportunities.
Related Blog Post
Fraud-to-Sales Ratio: Everything You Need to Know
Every merchant is at risk for fraud. Regardless, all fraud claims can negatively affect your fraud-to-sales ratio — which comes with a host of problems.
Related Blog Post
Elder Financial Exploitation: What Businesses Need to Know
Your business can become a conduit for elder financial abuse. And that could damage your reputation. Learn how to identify and prevent it.
Related Blog Post
21% of online gamers have been hacked in the last year (infographic)
Lack of account security could prompt gamers to dispute purchases or quit playing games indefinitely, causing revenue loss for game companies.
Related Page
Ethoca Alerts
Stop more chargebacks with less effort today! Easy to use and proven results to protect your revenue.
Related Blog Post
How to Detect and Prevent Social Engineering Attacks
Ever heard of social engineering? It’s the newest threat to your business. Find out what it is, how to detect it, and ways to protect your company.
Related Blog Post
Best Practices for Manual Fraud Reviews
Are manual reviews weighing down your fraud team? Wondering if there’s a better way to fight fraud but don’t know where to start? Check out this guide.
Related Blog Post
Card Testing Fraud: Prevent Big Loss From Small Purchases
Card testing fraud can steal revenue and expose your business to other harmful threats. Stop carding before it impacts you. Click here to learn how.
Related Blog Post
Mastercard Fraud Monitoring Program: What to Do When You Get Enrolled
Are you enrolled in Mastercard’s fraud monitoring program? We’ll walk you through everything you need to know about the program and how to exit in this guide.
Related Blog Post
Shopify Fraud Prevention: The Complete Guide to Managing Risk
Is fraud an issue for your business? Check our Shopify fraud guide. We have tips, tricks, and technology suggestions that will offer maximum protection.
Related Blog Post
Why Restaurants are Experiencing an Increase in Fraud
Restaurants and QSRs have experienced a massive shift in customer buying behaviors – which has brought a lot of new fraud threats. Learn more here.
Related Blog Post
Building vs. Buying a Fraud Solution: The Costs and Benefits
Wondering if it’s better to buy a pre-built fraud solution or build your own? Check out this blog to figure out which path is right for you.
Related Blog Post
Digital Wallet Fraud: Protect Your Business From Evolving Risks
Digital wallet payments are on the rise, and so are the risks to merchants. Find out how to protect your business from threats that come with new payment types.
Related Blog Post
Refund Fraud: What It Is and How to Stop It
Refunding fraud is unfairly stealing your revenue. Find out how to stop online return fraud scams and protect your business.
Related Blog Post
Digital identity trust solutions can save billions (infographic)
Digital identity trust is the level of risk or trust associated with interactions on digital platforms. The right solution can save billions.
Related Blog Post
Online Gaming Fraud Detection: How to Secure Your Online Games
Understand the fraud threats facing your business so you can stay ahead of fraudsters. Check out this blog for prevention tips.

AUTHOR

Nicholas Robbins

Content writer

Nicholas Robbins has over 15 years of content creation expertise. A self-acknowledged high-tech redneck, Nic's passions include reading, investment, and guiding others along the path to financial security.