Churn or Burn? Telling the Difference Between Low Retention and Promo Abuse Featured Image

Churn or Burn? Telling the Difference Between Low Retention and Promo Abuse

Fraudsters will find any lever they can to pull for a personal profit. Promo campaigns are an amazing tool for growth, but they become a double-edged sword when fraudsters get involved. How do you tell the difference between a promo abuse problem and a low retention problem? In this post, we’ll dive into some insights from the fraud prevention side of the gig economy to help tackle the promotion abuse problem.

For those who prefer listening over reading, we've provided an audio transcription player below, allowing you to enjoy this post through your speakers or headphones.

Churn or Burn? Telling the Difference Between Low Retention and Promo Abuse
8:54

Users and marketing teams both love promo campaigns: the user gets a good discount or credit for signing up, and the app gets new users who hopefully enjoy the service enough to stick around and make full-price purchases in the future.

The problem comes when fraudsters come in to abuse the system and claim the same promotions over and over again under different accounts. They then resell the platform’s services at a less steep discount than the one they got, and pocket the difference.

Many fraudsters treat these schemes like a fully-fledged business operation, and they perform it at massive, expensive scale for the platform. In a webinar with MRC called,  “Promo Abuse Exposed: Protecting Gig Economy and Delivery Platforms,” Incognia’s Senior Account Executive Kyle Griffin talked with Jaanus Uudmäe of Bolt and Vlad Branin of Gett about the promo abuse challenge.

The stakes are high to tackle and limit promo abuse. As Kyle said in the webinar:

“The goal of these campaigns is to boost new customer acquisition and then encourage more orders from your existing users. But if the promotions are going to this small group of fraudsters, you're lighting money on fire.”

Multi-accounting promo abuse mimics real user behavior

Tackling promo abuse is a tall order for fraud prevention teams, because it’s not always clear from the surface what’s abusive and what’s normal user behavior. Sometimes, people take advantage of a promotion for a better deal, but don’t have any real use in the app beyond that—they came for the promotion, and didn’t stay for the product.

That kind of churn is a natural part of a promotional marketing campaign. Not every new user acquisition will convert into a repeat, full-price customer. But the problem comes when we turn our eyes to optimizing these campaigns, and ensuring that as much of the budget goes to actual new users as possible.

Between a fraudster and a churned user, both will join the platform, use the promotion for a discounted service, and then never make another, full-price purchase afterward. From the outside looking in, the behaviors are exactly the same.

So, how do you know when you’re looking at systematic abuse with the power to siphon off 90% of your campaign budget, versus normal new user churn?

Differentiating between churn and promotion abuse

Being able to tell the difference between normal user behavior and systematic abuse of your promotional campaigns is crucial for your platform’s growth. Without the ability to tell the difference, you might have to suspend promo campaigns altogether.

1. Tamper-resistant data is table stakes for monitoring promo campaigns

Reliable, tamper-resistant data about who’s claiming your promo codes and how is the absolute ground floor for preventing promotion abuse.

If you can’t trust the data you have to tell the full story, no other rules you set up based on that data will work to protect your campaigns.

Take this example from Incognia’s own experience with customers. With one ride-hailing platform that tested Incognia’s solution, we found that about 60% of their referral bonuses were going to existing users. Existing users would create new email addresses and then “invite” those new addresses to join the platform, claiming a monetary bonus for each new person they invited. The company was losing over a million dollars a month, just from this promo abuse scheme, and what’s worse, they didn’t even know the problem was this big.

As Incognia CEO Andre Feraz explains:

“They didn't even know. On their side, they thought that the problem was that the users were simply not sticking around, like, ‘Oh, my retention rate is this low.’ No, that's actually fraud. That's the promotion abuse. So we were able to help them fix that, and now they're able to invest 100 percent of their budget and not lose 60 percent of it.”

This lack of visibility comes from not having a reliable way to re-identify existing users who create new accounts (multi-accounting) in order to reclaim promotions they’ve already used on other accounts. Without a persistent device ID, multi-accounting and promo abuse are easy money for fraudsters, with little financial investment or technical know-how necessary to get started.

If a platform’s only defense against multi-accounting is traditional device ID based on attributes like operating system, device model, screen resolution, and so on, fraudsters can simply factory reset their device each time they want to make a new account. They can also manipulate their device’s attributes to trick a device fingerprint or use an app tampering tool to manipulate the information the app tries to collect from their device.

Incognia’s Kyle gave a good summary of the type of data reliability platforms need to protect against promo in the MRC webinar:

“What we usually recommend is a couple of things. You can already have a strong device ID. So, usually this results in being able to re-recognize the same device, despite manipulating your account ID, essentially. And then the second is, can you detect tampering? Whether that be emulators, whether it be app cloning, app tampering, or any sort of techniques that fraudsters are using to manipulate how they're showing up on the platform. These are the tools that are evolving. So, whether you're doing this internally, and you have a team that's monitoring this, or you're working with a partner externally, you have to be able to call and challenge this.”

2. Monitor your campaign KPIs closely

Once you know that you can rely on your data and re-identify existing users committing multi-accounting, you can start to think about what metrics you want to put in place to have guard rails on any potential promo abuse.

As Jaanus Uudmäe of Bolt, a food delivery platform, shared in the same MRC webinar:

“There's definitely rules. If you see that there are five accounts connected to the same credit card, maybe we let the first and the second account use the same promotion, but after that, we say, ‘Okay, you might be a family or crew for something. You as a family have now tried our service. You got the promotion, so no need to give it to you again.”

Vlad Branin of Gett, another ride-sharing service, agreed, saying “I have to admit that the cooperation between the marketing team and the fraud team is crucial. For example, in [Gett’s] rules, there is no marketing campaign that's going to be launched without consulting with the fraud team and the product team and setting up the particular KPIs and metrics for the campaign, especially about the level of fraud that we agree to accept.”

If platforms are going to keep their promo campaigns safe, it’s important that no one is asleep at the wheel. As Jaanus said, “The key is that first, you need to have somebody looking at it.”

Don’t silo your marketing and fraud prevention teams

The MRC speakers touched on another important element of tackling the promo abuse problem: collaboration between the marketing team and the fraud prevention team. If your departments are siloed away from each other, it’s that much easier for fraudsters to take advantage of vulnerable campaigns. The right hand doesn’t know what the left is doing: marketing might not realize that they’re seeing promo abuse instead of low retention, and fraud prevention might not have any idea that marketing is launching vulnerable campaigns.

At the same time, it’s important that when marketing and fraud prevention do communicate, that they take each other’s advice. In one example Kyle mentioned, a marketing team went ahead with a campaign despite fraud prevention’s warnings that they had no way to protect it from abuse by fraudsters:

“In one specific example, the fraud team told the marketing team that the campaign they're about to run was going to result in a lot of losses due to promotion abuse that they didn't have the defenses set up for. The marketing team, and I'm not painting the marketing team as bad guys here, but this is what happened: the marketing team ran the promotion anyway, and then it turned out that they lost about 90 percent of the budget for this to promotion abuse. It all went to the fraudsters.”

Promo campaigns are a great tactic for increasing new user acquisitions, and they can be a valuable piece of a company’s growth strategy. You don’t have to write off promo campaigns entirely to keep your platform safer from abuse. Instead, having user reidentification tools and acceptable fraud KPIs in place can help you have your promo code cake and eat it, too.