Most businesses see running promotions to attract new customers – and get existing ones to spend more – as necessary operating expenses. However, they can end up paying far more than expected if fraudsters exploit loopholes to redeem these offers far more frequently than intended.
Promotion abuse, as this is called, is something marketplace Trust and Safety teams need to be on guard against. It doesn’t just hurt the business’s bottom line; it can also frustrate legitimate customers by causing them to miss out.
In this piece, you’ll learn what promotion abuse is and why it’s such a headache for both marketplaces and their customers. You’ll also learn about how different kinds of promotions can be abused, and how Trust and Safety teams can combat promotion abuse.
Promotion abuse – often referred to as promo abuse or bonus abuse – is a person or group deliberately taking greater advantage than they’re allowed of promotions from a marketplace or business. It may be done opportunistically, or to defraud a marketplace or business over an extended period of time.
Promo fraud may not seem like a big deal to a company at the time it happens. However, if it’s allowed to occur repeatedly, incidents can add up to have far-reaching consequences for a business. They include:
Another complication with promo abuse is how to discourage people from repeatedly and intentionally committing fraud without alienating high-value customers. Cracking down too severely on promo abuse – either real or perceived – can scare loyal customers (some of whom might engage in promo fraud very rarely) into abandoning a marketplace. So many platforms would rather let some form of promo abuse happen than risk losing their best customers.
Most online sales promotion abuse involves duplicate accounts. This is where a fraudster (or a fraud ring) creates multiple accounts that use stolen identity information to pretend to be different people. In reality, though, these accounts are all controlled by the same person (or group) looking to take advantage of a promotion more times than a marketplace would normally allow them to.
A basic promo abuse scheme looks like this:
There are other ways fraudsters can abuse promotions, though. We’ll talk about some of them next.
There are many kinds of promotions that marketplace marketing teams use to entice new customers to onboard and existing customers to shop more.
Unfortunately, fraudsters have figured out ways to exploit nearly all of them. Here are some different types of promo abuse schemes that Trust and Safety teams should watch out for.
There are many methods of coupon or promo code abuse that let fraudsters benefit from promotions in unintended (and, in many cases, illegal) ways. They can steal coupons, create counterfeit coupons, or make fake copies of legitimate coupons. They can even exploit mistakes in how a coupon was printed or programmed to modify its properties or use it towards a product or service not specified in the promotion.
Many online marketplaces allow first-time users to access their services for free – or at least at reduced rates – for a limited time. Fraudsters can take advantage of this by signing up for an account at the promotional price, then creating duplicate accounts.
When the trial period is about to expire on their active account, the fraudster cancels their subscription and signs up again with one of the duplicate accounts. In this way, they can continue to use the marketplace for free or at the discounted rate for as long as the promotion is offered – which can sometimes be indefinitely.
Like with free trials or introductory pricing, many marketplaces will give first-time customers rewards when they sign up. Fraudsters can make duplicate accounts to redeem these sign-up bonuses multiple times. This can damage a brand’s pricing integrity, or prevent legitimate would-be customers from getting a gift that might entice them to become repeat shoppers.
Another common promotion employed by companies is to count previous purchases as credits towards free items or future shopping. But fraudsters can target these types of promotions, too, mainly through account takeovers.
By breaking into legitimate customers’ accounts, fraudsters can transfer accumulated credits to their own accounts. Or they can modify the shipping addresses on the legitimate accounts to redirect any redeemed rewards to themselves instead of the customers who should rightfully be getting them.
This is a marketing tactic that involves giving a marketplace’s existing customers incentives to get people they know to become new customers. A common way fraudulent customers exploit it is by creating duplicate accounts that their main account then refers to the marketplace. The duplicate accounts are then programmed to sign up and make purchases using stolen payment information.
The end result is that the fraudster collects illegitimate referral bonuses, and the marketplace is left to resolve chargebacks from the rightful credit card owners.
Promo abuse can happen to any marketplace. Even some of the most recognizable companies in the world have been hit by promo abuse fraud because they didn’t design their campaigns properly, or they lacked the tools to weed out bad actors.
Here are three case studies from well-known businesses.
In 2020, online payment management platform PayPal began offering cash incentives as high as $20 to entice new customers to sign up. Unfortunately, this eventually attracted fraudsters who used “bots” – programs designed to act and be recognized as unique users – to repeatedly and automatically sign up for new accounts. By early 2022, PayPal had shut down over 4.5 million fake accounts to stop this fraud, but not before the company had lost almost ¼ of its value.
PayPal’s case illustrates why it’s important not to offer overly-generous promotions to customers, especially involving real money. This tends to attract fraudsters who see the rewards of exploiting these programs as well worth the effort. It also shows why it’s important to have tools to detect bots and other unwanted automated activity in a marketplace.
In early 2014, an Uber user named Blake Jareds modified his promotion code for Uber’s referral program from a random string of letters to one much more likely to be picked up by search engines. He then sent it to all of his e-mail contacts and posted it on the social network Reddit. In doing so, he was able to amass over $50,000 in free ride credits from loose connections and even random strangers signing up for the ride-sharing service.
This case demonstrates why many online marketplaces now have terms and conditions prohibiting sharing referral codes in public places. It also illustrates why it’s a good idea to place limits on referral programs, such as how many times a single account can earn rewards.
Electric vehicle company Tesla introduced referral programs in 2015, initially offering credit for buying new cars or using/installing EV charging stations. Eventually, it started offering entries into raffles for more lavish prizes, such as tours of Tesla/SpaceX factories or office buildings, and invitations to new vehicle model reveal parties.
This led to social media personalities sharing their promo codes with their followers, as well as fraudsters buying online advertisements to promote their referral codes to as many people as possible.
Similar to PayPal’s case, Tesla offered overly-generous promotion rewards that customers were willing to engage in fraudulent activities to get. It also learned to be on guard against users publicly sharing (or, in this case, even commercializing) promotion codes.
Stopping promo abuse is a delicate balance between blocking out serial fraudsters and not being too heavy-handed with legitimate customers who try to get a sweeter deal once in a while.
Here are some strategies for keeping promotions profitable and fair without frustrating loyal shoppers.
A lot of promo abuse is made possible by fraudsters creating duplicate accounts. So an effective way to nip it in the bud is to add additional ID verification controls for creating an account. For example, use multi-factor authentication to require an account creator to click a link or enter a code sent via email or text message. Or use fraud detection tools to identify and block groups of accounts made with suspicious credentials, such as the same IP address or device signature.
Link analysis is another way for marketplaces to weed out duplicate account fraudsters who may already be in their systems. Using tools to visualize connections between accounts and their associated pieces of information, marketplaces can pick up on some suspicious patterns that may indicate fraud.
For example, some accounts may have been created from an IP address associated with a VPN, or from a signature linked to a hardware or software emulator. This could indicate a fraudster trying to vary their location or tech setup signals, so they appear like a legitimate customer while simultaneously throwing off attempts to track them.
Companies want to give legitimate consumers offers good enough to entice them to become repeat customers. But if promotions are too generous, they can attract fraudsters who are willing to try abusive methods to get more than their fair share.
Be especially careful if offering cash rewards; since cash can be used for just about anything, these types of promotions are particularly vulnerable to fraud. Cart abandonment promotions are also popular with fraudsters, so don’t offer discounts too eagerly; sometimes, a simple reminder email is all that’s warranted.
Another big reason promo fraud happens is simply because marketplaces don’t consider how promotions could be exploited when writing their rules. Some common examples include not putting expiration dates on promo codes, allowing the same person to use a promo code more than once, and not placing a cap on how many times the same person can take advantage of a referral program.
A company should ensure these types of stipulations are explicitly spelled out in the promotion’s terms and conditions. They should also have anti-fraud solutions in place to enforce these limitations and punish violators if necessary.
Even if a marketplace has a rule against publicly posting promo codes, that won’t stop fraudsters from trying to guess what those codes are. So try not to make them predictable strings of letters or numbers, such as ‘D1SC0UNT’; randomize them instead. Better yet, make each one unique to the customer meant to receive it. Then have the promotion management system automatically mark and deactivate each code as it’s used.
Referral promotions can also be abused by companies that online marketplaces hire to drive web traffic and conversions. Unscrupulous ones can use bots and other tricks to create accounts falsely, sign up for newsletters, make affiliate purchases, increase ad impressions, etc.
That’s why it’s important for marketplaces to run strict KYB checks on these companies to ensure they’re legitimate. Marketplaces should also monitor these companies’ performance for other suspicious signs, such as early and frequent chargebacks or ‘too good to be true’ conversion rates.
For many marketplaces, there is a fine line between honest shoppers cheating their promotional systems once in a blue moon to save a bit of money, and dedicated fraudsters repeatedly abusing their generosity. Determining who is who requires the right Trust and Safety tools to spot malicious activity patterns, including KYC solutions to cut down on duplicate account fraud.
To see how Unit21’s no-code platform can fill these needs for your marketplace, schedule a demo with us today.