Discounted coupon or promotion is a common marketing practice used by merchants to boost their sales and increase their brand outreach. It could be a time-sensitive discount, a perpetual offering for new sign up, discounted for bulk purchase, and so on. Due to its popularity and overwhelming usage by the merchants, it has become a potential breach for fraud perpetration, which we refer to as the coupon fraud.
Coupon fraud or promo abuse is an unscrupulous manipulation used by bad actors, either your customers, vendors, partners or real fraudsters, trying to take advantage of a promotion by abusing your intended marketing goal or your defined policy. This fraudulent scheme is different from credit card fraud in that the fraudsters have to harvest the stolen cards from dark sites, and try to defraud the merchants. The coupon fraud perpetrator could be fraudsters or your customers, trying to milk your discount offering to get the most out of it.
What are the common coupon fraud manipulations? A few examples here. First would be they use coupon codes that they are not eligible for. For example, instead of using their existing account for the purchase, they sign up for multiple new accounts with bad intentions to utilize the “New Customer” coupon codes for their purchases. Also, they might use the same coupon code multiple times under the same account if your eCommerce platform doesn’t have a well designed coupon tracking system. They might also do it for monetary gain. For example, they could sign up for the affiliate program and use the referral code for their own subscription. Not only do they get discounted services/products, they could also reap the benefit of the referral fees. All these unscrupulous acts will inflict significant losses to the merchants. How could a merchant prevent or minimize this from happening? Below I will share several methods for your consideration.
There are good bots and bad bots. Ideally, you should grant the access of legitimate bots from search engines, like Google, Bing and so on, to crawl and index your pages for SEO purposes. But, definitely not for the bad and unrecognized bots or web scrapers. These unrecognized bots were usually built with insidious intentions, trying to scrape or look for any vulnerabilities for exploitation. There are also automated bots out there that are built to simulate sign up actions trying to create as many free accounts as possible in a short period to abuse your services. To overcome this, you should check your robots.txt file to grant the crawling for those search engine bots. In addition, you may set up a monitoring system that could alert you if there is any unauthorized page access or spike in traffic. Another one would be to set up a reCAPTCHA for those pages requiring inputs and submission.
You should never use an easy to guess phrase for your coupon code. The over simplicity of coupon code phrases like PROMO10PCT, DISCOUNT10, BFCMPROMO, and so on, is a bad practice and should be avoided. Try something more random and adopt a dynamic length of coupon code. For example, a 5-character code, CFV87, for today and 6-character code, DDSVZC for the next coupon code. The trick here is to break the pattern and make it harder for the bad actors to guess or brute force the coupon code. No need to worry about the complexity of the coupon code phrase, afterall, the customers usually will copy and paste the coupon code during the purchase process, and there is no need to have a meaningful coupon code for memorizing.
You should always place a limit, the number, of how many coupon codes can be redeemed. This is important because it could help to minimize the fraud risk if abuse happened for some reasons. Furthermore, you would also need the number to align with your marketing strategy and to calculate the ROI for this coupon campaign. Besides, this approach could create a FOMO (the fear of missing out) feeling and to drive the hesitant users to make the impulse decision. One of the common and successful marketing techniques used by many merchants. To make it happen, you can consider putting a tracker showing the velocity rate of the coupon redemption in your webpage.
If you are working with different partners to distribute your coupon, you have to limit the number of the partners to a manageable size. Although you could leverage their networks to increase the outreach of your prospects, the downside is that it will also increase the fraud risk if your partners didn’t handle the coupon code distribution with care. It would be better if the merchants could distribute the coupon offering via the merchant’s own official sites or social networks. In a way, it also helps to promote your social networks to your prospective customers, and to start the engagements to turn them into loyal customers. If you wish to leverage a 3rd party network for distribution, you can start with small numbers with a different coupon code number, so that you can monitor the effectiveness before going for something big.
In addition to limiting the number of coupon redemptions as mentioned above, you can consider further restricting the coupon usage to a specific item or avenue. For example, you can set a minimum purchase amount before a customer can utilize the coupon code. You will usually find this technique in the free shipping voucher, whereby merchants will cover your shipping costs, either partial or full, if you purchase a substantial amount of items. Another popular technique is to have a limited time period to enjoy the coupon code. Perhaps, a 2-hour redemption period at noon, midnight and so on. Or, you can introduce coupons that target a certain country, event, population, your loyal customers, big spenders and so on. All these niche marketing techniques will not only help you to scope down and target the right audiences, but to minimize the fraud risks due to the complexity of the coupon code additional requirements.
Getting the right solution from a 3rd party fraud detection provider is one of the ways to prevent fraud and reduce fraud losses, like FraudLabs Pro. The above mentioned are some guidelines to protect you from coupon fraud, but it may not cover all attack vectors. For example, by looking at the visitor IP address, you couldn’t identify if the prospect is using an anonymous proxy trying to disguise themselves during the purchases. Another example would be the bad actor may sign up for your service using a disposable email address, which could go under your radar without a tool. How about to detect the coupon usage velocity, if any surge in the coupon redemption over a period of time? These are insurmountable tasks if you are going to manually handle them without a tool.
Suppose you don’t have a coupon fraud detection tool that can assist you in place. In this case,
you are encouraged to take a more stringent approach to preventing, detecting and responding to fraud.
Coupon fraud is on the rise in tandem with the growth of online purchases. Coupon code is an important marketing strategy and also could be a potential breach for fraud if it’s not handled properly. Good practices with the use of fraud detection tools are crucial to protect you from falling prey to this coupon fraud.