Company Blog | Incognia

How Delivery Platforms Can Detect Coupon Scams

Written by Danny Paulk | February 7, 2023 at 5:56 PM

Coupons can be a useful “everybody wins” tool for retailers and consumers: the consumer gets to save a little money without much effort, and the retailer gains behavior insights and encourages customer engagement and loyalty for not much extra cost.

However, when ill-intentioned consumers find ways to exploit coupons, vouchers, and promo codes, this relationship falls out of balance quickly. What started as an effective way for businesses to engage new users can devolve into a fraud issue with significant potential losses. How can businesses take advantage of coupons, vouchers, and promos as a strategy without making themselves vulnerable to fraud and abuse?

Key TakeAways

  • Digital coupon fraud issues: Despite reducing some vulnerabilities of paper coupons, digital coupons face problems such as multiple account abuse, promo code abuse, referral code abuse, and coupon decoding or "glittering."
  • Fraud scheme impact: Fraudsters exploit coupon and promo systems, leading to significant losses and reduced customer engagement for businesses.
  • Preventing coupon scams: Vendors can use location intelligence technology to track users across different contact information, preventing multiple account fraud and other fraudulent activities, thus maintaining coupon and promo system benefits.

Paperless, but not fraudless 

Put simply, a coupon is a statement, either paper or digital, verifying that a consumer is entitled to a reduced price on a product or service. Recently, major retailers have been transitioning away from paper coupons and into digital codes and redeemables.

Paper coupons are vulnerable to a few different types of abuse; for example, when physical coupons are in use, fraudulent coupons and coupon counterfeits become an issue.

While digital coupons aren’t vulnerable to all of the same abuse concerns of their paper predecessors, the creativity of bad actors means that digital coupons are still far from fraud proof.

For example, digital coupons that rely on codes applied at checkout can sometimes be hacked or “brute forced,” meaning a hacker uses a program to try as many alphanumeric combinations as possible until they find a valid coupon code, which they can then exploit and share with other users freely.

In the brick-and-mortar retail environment, some of the biggest concerns surrounding coupon scams are counterfeit coupons. While today’s digitally programmed discounts are more resilient to these vulnerabilities, online retailers still have to keep an eye out for those looking to commit coupon scams, abuse vouchers, and misuse promotional codes.

Coupon fraud schemes, how they work, and their impact

1. Multiple account creation for coupon abuse

Multiple account creation is one of the most common ways that bad actors take advantage of coupons, promo codes, and loyalty programs. These tools are used by companies to  bring in as many new customers as possible in one big campaign.

However, fraudsters take advantage by impersonating as many unique customers as possible to reap the benefits of loyalty programs, points systems, new sign-up promotional codes, seasonal promotions, referral codes, and more.

Fraudsters can either take advantage of these programs and keep whatever products or services for themselves, or they can take goods and services at a discount and resell them for a profit.

As Jaanus Uudmäe of Bolt said in a Merchent Risk Council webinar about promo abuse:

"I think in trying to fight fraud, it is super important to understand and follow the money. Why are they doing it as an individual? You might do it to get a discount. But as a fraudster, you're trying to make money. So we already talked about reselling, you can resell alcohol. You can resell rides. You can set up some Telegram group or something where you offer a bit of a discount, but you get even a bigger discount from Bolt using the coupon, so you can make money this way with a difference."

2. Promo code abuse

Retailers use promotional or promo codes to encourage new customers to spend money on their website and sign up for email or text communications. Bad actors take advantage of these promotions by creating multiple fake email addresses or buying burner phones to gain new phone numbers for entry.

When multiple accounts owned by the same person are used to claim the same discount code multiple times, the company pays out more in discounts than it earns back in new business.

 

3. Referral code abuse 

Additionally, the phony email accounts and phone numbers used to create fake accounts can also be used to take advantage of referral programs. In a referral program, a customer is asked to invite a friend to the platform in exchange for one or both parties receiving an extra discount or credit.

A bad actor with multiple fake email accounts can use these to invite themselves repeatedly under different names, raking in benefits without resulting in any increased engagement or revenue for the affected company.

In one famous example of referral code abuse, an Uber user managed to amass $50,000 in Uber credits and eight weeks’ worth of free rides before the exploitation was discovered. 

4. Coupon decoding, hacking, or “brute forcing” 

Offering coupon codes at checkout is a popular way to combat cart abandonment, but they can also be abused if not implemented correctly. For example, some coupon codes can be decoded or “brute forced,” i.e. guessed en masse by computer programs.

Sometimes referred to as “glitching” or “glittering,” this process can reveal coupon codes that the company kept private for future promotions or testing purposes, creating severe vulnerabilities to coupon misuse.

5. Coupon glittering

In the world of paper coupons, one challenge manufacturers face is combating shoppers who  decode the coupon’s barcode numbers and manipulate them to use multiple times or to increase the discount amount.

In the digital world, merchants have to worry about coupon “glittering,” or the act of discerning how a coupon’s programming works to exploit the loopholes.

For example, if someone discovers that a coupon code intended for one product can also be applied to another, more valuable product, and they exploit that information to win themselves a better deal, then they have “glittered.” In essence, coupon glitterers ignore the written letter of promotional offers and instead take advantage of whatever credits or discounts the code can be manipulated into giving them. 

How vendors can prevent coupon scams & flag bad actors 

Multiple account opening for promo code abuse and voucher abuse is widespread, but that doesn’t mean it’s unsolvable.

What digital vendors need is a way to track individual users across different email addresses, phone numbers, accounts, and devices, stopping the same person from using multiple accounts under different information. While data points like name, email, and phone are easy enough to spoof or fabricate, device fingerprinting enhanced by location data presents a much bigger challenge.

The everyday bad actor likely doesn’t have the energy or the resources to commit each scam from a new location, making location data a valuable way to link multiple accounts, devices, and app installations.

Solo fraudsters or even more organized fraudster groups won’t see changing locations to take advantage of coupons as a good use of their time—if a vendor flags their location as suspicious and blocks them, they’re likely to move on to an easier target.

Tamper-resistant location identity technology like Incognia’s uses a combination of different location signals, including GPS, Bluetooth, WiFi, and sensor data, to craft a location fingerprint that’s virtually impossible to fake or evade.

Using device fingerprinting together with location verification, vendors can identify users who try to commit coupon abuse and block their attempts, keeping the savings for the new customers that they’re meant to draw.

Companies interested in learning more about what location intelligence can do to stop multiple accounts fraud and policy abuse can visit Incognia’s food delivery industry page to learn how we address these problems in the gig app space.