Why Promo Abuse Fraud Hurts and How to Prevent It

Nicholas Robbins | Tuesday, January 24th, 2023 | 13 minutes

Businesses depend on promotions and lead-generating campaigns to acquire new customers and please loyal customers. Anytime there is a transfer of value online via coupon, discount, or reward, there is also a risk of promo abuse.

Sometimes what’s at risk isn’t a big-ticket item. Sign-up discounts and promotional offers — free trials, free first downloads, or a $5 voucher — have just as much value to a fraudster as cash and stolen credentials. Failure to prevent promo abuse can create significant financial losses.

What is promo abuse fraud?

In promo abuse or discount fraud, a fraudster takes advantage of a business’s promotional campaigns. These ill-intentioned users may attempt to defraud a business by using promo codes and discounts multiple times. Or they may abuse promotional coupons and return policies to obtain goods for free.

Promo abuse is more often a form of intentional friendly fraud — it isn’t always criminal by law. After all, abusers often take advantage of policy loopholes and gaps in digital protections.

E-commerce retailers that use referral programs and sale-saving tactics like cart-abandonment coupons and apology discounts are most at risk for this form of promo abuse, which commonly affects three types of promotional campaigns.

  1. Sign-up bonuses: Promo abusers may attempt to take advantage of first-time-use discounts by creating multiple accounts using different email addresses or aliases.
  2. Referral bonuses: Promo abusers may send referral codes to fraudulent email addresses for referral discounts. They may also crack referral codes for re-use.
  3. Loyalty discounts: Promo abusers may attempt to crack discount codes or use social engineering tactics to commit loyalty fraud to get more use out of one-time discounts.

“When it comes to promo abuse, we’re seeing new and different vectors of attack. These days, it’s less common to see someone creating fraudulent coupons. But that behavior hasn’t gone away. It's just transferred to a digital space.”

-Brady Harrison, Senior Data Analyst for Kount

For example, fraudsters may crack a coupon code by finding every possible coupon code for a single campaign. Previously, discounts and coupons made for a one-time transfer of value with a piece of paper. Today, a single fraudster can abuse a promotion countless times.

Consequences of promo code abuse

Any business that isn’t concerned with the consequences of promo abuse might want to think again. One or two people taking advantage of a 10% sign-up special may not seem a significant problem.

But remember that fraudsters aren’t defrauding businesses at the rate of one or two promotions. They’re committing fraud at scale, taking advantage of campaigns by the thousands or hundreds of thousands.

Promo abuse decreases sales and revenue

In 2014, an Uber user manipulated a referral code, shared it in a mass email, and posted it on Reddit. It wasn’t long before the user amassed $50,000 in Uber credits — essentially, free rides for life. The manipulated code became one of the top search results for “Uber promotion code.”

Uber discovered the abuse eight weeks later, after the user left a one-star review on a ride that Uber’s system flagged for manual review. By then, the company had lost eight week’s worth of rides. And it gave ride credit to the thousands of people who signed up under the user’s fraudulent referral code.

And Uber wasn’t alone in its unintentional allowance of promo abuse. In a Kount survey, 42% of businesses said their organizations allow customers to abuse promotions. For example, they permit customers to buy enough merchandise to get free shipping but return items later, an act of free-shipping promo abuse and refund fraud.

Promo abuse leads to poor marketing spend

Let’s say your business sets up a marketing budget for a promotional campaign. In the first 10 days, that campaign budget maxes out, which looks like a success. But when you analyze the results, user retention on the campaign is zero. In this case, the campaign budget gave promo abusers discounts and free products. That’s money that most businesses can’t afford to lose.

Abuse of promo codes leads to poor user retention

When businesses use marketing expenses on promotional campaigns, they’re enticing customers to stay in their ecosystem. That’s why the above example shows such a bad use of marketing dollars — it failed to retain customers.

Promo codes are meant to create returning business. You give a customer a discount so your business can make more through future purchases; that’s the goal with most marketing efforts. Businesses that don’t account for promo abuse find these discounts eat into the bottom line but deliver little to no customer retention.

“There are people who use a lot of promotions because they’re highly engaged with your loyalty program. But then there are people who are abusing programs by circumventing any basic controls your business might have in place.”

-Brady Harrison, Senior Data Analyst for Kount

How to prevent promo code abuse fraud

When it comes to best practices for fraud prevention — including promo abuse — implement a solution that protects the entire customer journey. This concern is as prevalent at the beginning of the journey as it is at the end. The right fraud prevention solution can help your business combat promo abuse at every stage.

Bring your team on board

You already have one of the greatest assets for fraud detection available at your disposal – your team. Go over the potential consequences and risks to ensure your team has the tools they need to help you combat fraud. These include:

  • Education on what constitutes coupon or promo fraud.
  • Understanding how to identify promo abuse when it occurs.
  • How to report promo abuse and address the concern.

Make sure you carefully control access to your promotion software. Otherwise, well-intentioned workers may leak codes to family or friends who do not qualify for access. This type of sharing can become widespread in short order, granting discounts or internal insight to fraudsters.

Set clear terms and conditions for promotions

The terms and conditions of your campaign offer a significant advantage in the battle against fraud and promo abuse. By carefully determining each element of the promotion, you control exactly how, when, and what type of value your marketing efforts deliver. On top of the required legalese, include elements that:

  • Identify how many times a customer may use the coupon or promo code.
  • Set a minimum purchase requirement or a maximum redemption value.
  • Limit discounts on already marked-down goods or services.

Revisit your completed terms to ensure they don’t provide too much information. For example, if your terms note that discounts for cart abandonment apply to any cart left idle five minutes or more, you’ve just provided a roadmap for abuse. These types of promotions are meant to entice shoppers to return – not reward those looking for loopholes to exploit.

Carefully consider how additional terms or conditions could potentially weaken the allure of the promotion for budget-minded customers in exchange for greater protection against abuse.

Control the coupon distribution and timeframe

Expiration dates are your friend when it comes to combating promo abuse. Carefully selecting promotional time periods and distribution allows you to more easily target your audience and monitor the results of the campaign.

Open-ended promotional codes and coupons without an expiration date leave your company open to abuse far into the future. You no longer have the tools to combat fraudulent activity involving earlier campaigns in place. Even a long expiration, one or two years out, limits this liability.

Carefully choose your promotional partners. Promo codes distributed on your website are free-for-all, unless protected by login or tied to specific accounts. Similarly, those used in search-engine ads or social media marketing efforts should be considered available to all.

To further limit your audience for top discounts, share through newsletters and direct email to existing customers, or choose to advertise through partners who can use digital coupons with tracking codes similar to an affiliate program.

Make codes tough to crack

Simple, intuitive promo codes make it easy for customers to remember and activate discounts. That works well for widespread campaigns and high-profile marketing efforts, but for greater discounts to select customers, you’ll want to use random or custom coupon codes.

Digital coupon codes that contain a mix of letters and numbers without including common phrases, such as 10OFF or BOGO, do a better job of preventing abuse. For deep discounts, unique, single-use codes with randomized characters can help thwart brute force attempts at coupon fraud.

Use a safe staging environment for testing

Don’t wait for customers to start using your codes to test your system. If you have a separate testing environment that doesn’t trigger other systems, use that for checking all prompt codes prior to launch. Otherwise, conduct a series of tests with usernames and addresses that clearly indicate they are test sales and verification attempts.

  1. Complete the journey from adding items to the cart through the checkout process and promo acceptance. Make sure to notify fulfillment teams of test orders if you proceed further to debit or credit card validation.
  2. Attempt to violate each of the terms and conditions you’ve set. Assume fraudsters will test every angle, especially for high-value discounts as well as bulk / large order values.
  3. Address any promo codes that fail this testing prior to launch. Failure indicates exposure and potential liability that could compromise other promos and your point-of-sale system.

When it’s time to launch your campaign, verify that your validation setup can handle the limitations you’ve put in place. Make sure codes or promos such as those for cart abandonment meet the criteria. Consider a two-factor authentication that includes logging in and an email verification for high-value special offers.

Continually monitor the process to catch suspicious behavior

Measure the process throughout each campaign, not just the results. Careful examination of sticking points along the buyer’s journey can provide exceptional insights for the next effort. Live promo code or coupon campaign audits should include reviewing:

  • Failed promo attempts
  • Customer service contacts
  • Cart abandonment with entered codes
  • Further communication, including chargebacks or reviews

Consider creating a system that reaches out upon cart abandonment or failed promo attempts for high-value customers. By ensuring a positive customer experience, your efforts build loyalty – whether or not the buyer chooses to return and complete the purchase.

Employ the latest technology

Armed with insight from your customer relationship management tools and promo results, further refine your marketing strategy to combat fraud while keeping the best elements of each campaign. Taking efforts a step further with technology allows you to:

  • Use behavioral analytics to identify and prevent suspicious activity.
  • Edit your campaign in real time based on ongoing audits.
  • Use geolocation to find and limit potential abuse.
  • Enhance reliability and overall results.

“How you prevent promo abuse depends on the kind of promotion you’re running, but the biggest issue is not having behavioral controls or only having basic controls in your campaigns.”

-Brady Harrison, Senior Data Analyst for Kount

Kount can prevent promo abuse across the customer journey

Kount simplifies the process of preventing promo abuse with a suite of the latest tools and technologies. Our systems can identify the relationship between a device and a user, helping detect fake accounts and prevent promo abuse or account takeover.

Linking data like trusted device status, IP addresses, and mobile network or proxy indicators allows Kount to execute a business’s risk- and trust-based user authentication policies.

All of which is to say we’re good at what we do, and what we do is protect businesses like yours from fraudsters who would abuse your outreach efforts. Schedule a demo to see exactly how we can customize a solution that works for your business needs.

Schedule a demo

Related content

See more related content


Nicholas Robbins

Content Writer

Nicholas Robbins has over 15 years of content creation expertise. A self-acknowledged high-tech redneck, Nic's passions include reading, investment, and guiding others along the path to financial security.