Promotion abuse happens when a user takes advantage of a promotion contrary to how the promotion was intended to be used. The most common way this happens is with multi-accounting, when fraudsters create multiple accounts to claim the same promotions over and over again. Promotion abuse is also referred to as promo code abuse, bonus abuse, referral abuse, or coupon fraud.
Here’s Jaanus Uudmae of ride-share platform Bolt sharing how he personally defines promo abuse:
Fraudsters commit promo abuse in a few ways, but the most common way by far is with multi-accounting. Multi-accounting happens when a bad actor creates multiple accounts with the intention of defrauding or abusing the platform. On most food delivery and rideshare platforms, having more than one account is a violation of the terms of service.
Fraudsters often scale their multi-accounting operations by using tools like emulators (a computer program that allows someone to create multiple virtual phones that can all download their own version of the target app) and app cloning tools (tools that allow multiple instances of an app to run simultaneously on a single device). Emulators and app tampering tools are also helpful in obfuscating device ID, meaning that fraudsters can trick an app into seeing their one device as many different devices.
In this clip, Incognia’s Global Head of Industry Eduardo Pires explains how fraudsters can use emulators and app cloners in combination to massively expand their reach, even with limited resources:
Here’s Incognia’s Jeniffer Rosa explaining some of the most common ways fraudsters avoid getting caught while committing promo code abuse:
There are a few big factors that make a promotional campaign vulnerable to abuse:
If a platform can’t detect when the same device comes back attempting to create a brand new account, then fraudsters can fly under the radar and create as many accounts (claiming as many promotions) as they want. Similarly, if a platform catches and bans a fraudster but can’t block that fraudster’s device beyond a factory reset or app re-installation, they’ll just keep coming back and committing more promotion fraud.
Finally, a factor in the design of the promo campaign can have an impact, too. Fraudsters who commit promotion abuse at scale are looking to make a profit, which means they need some margin. Generous, all-at-once promotions (i.e. 40% off your first order, for instance) are attractive to fraudsters because the discount is big enough that fraudsters can resell the service and still have room for a decent profit.
So, why do fraudsters invest this much time and effort into committing discount abuse? What’s in it for them?
When it comes to gig economy apps, there are two major ways fraudsters make a profit from their promo abuse fraud operations.
The first promo abuse monetization method is to resell the service to other consumers at a lower price than the app normally charges. Using ridesharing services as an example, it looks something like this:
This practice is often called “B4U” or “Buy for You” by the people who advertise it, and B4U services exist for anything from food delivery to rideshare to meal kit deliveries.
Another common way fraudsters monetize promo abuse is by using it to order high value items like alcohol for cheap. If you can use a new user discount to order a bottle of alcohol for less than its usual price, you can then turn around and resell that alcohol at a profit.
An important thing to remember is that both of these methods are happening at scale, meaning that the profits for the fraudsters—and the losses for the victimized platforms—can add up quickly.
The impacts of promo abuse on a platform can include:
When the marketing team designs a promotional campaign to entice new users to try the service, they’re watching the metrics to determine how successful the campaign was at converting new users into full-price customers with follow-up orders. Said differently, marketing wants to know: did trying the service with the promo discount encourage customers to stay with the platform and make additional, full-price purchases?
When a campaign has a widespread promo abuse fraud problem, marketing might see high numbers of promo redemption and new signups, but incredibly low retention. What looks like hundreds or even thousands of individual new users to marketing is actually a much smaller number of fraudsters creating multiple accounts. Without knowing that promo abuse is the cause of their low retention, however, marketing might assume that the campaign itself was flawed and give up on a valuable user acquisition channel.
Promo abuse can also reduce the efficacy of a promo campaign, because a portion of the budget is going to repeat users instead of genuine new customers. When a campaign is being abused, not only does the budget not go as far, but the portions of it that go into fraudsters’ pockets don’t actually fuel new conversions.
If promo campaigns are a growth engine for platforms, promo abusers are siphoning the gas.
Promo abuse is hard to detect because it mimics the activities of regular users, at least at first.
A given user signing up for a new account, claiming a promotion, and making a purchase with that discount is what marketing teams are expecting to happen. Some legitimate new users don’t stick around after claiming a promotion—maybe they don’t like the full price of the service, maybe they prefer a competitor, maybe they tried the service itself and didn’t like it. Whatever the reason, it’s perfectly normal user behavior to see a new account that claims a promotion, makes an order, and then doesn’t order anything else.
The difference between regular users and fraudsters is, of course, that the fraudsters repeat this process dozens or hundreds of times to take advantage of the platform. But if the platform doesn’t realize that all of the fraudsters’ accounts belong to the same user, their behavior mimics typical customer churn.
This account-to-user binding problem brings us to the next big challenge of detecting promo abuse: weak device ID solutions. Many platforms rely on legacy or internally-built device fingerprinting solutions that aren’t resilient enough to keep identifying a user’s device after that user takes obfuscation measures. Something as simple as reinstalling the app or factory resetting the device can be enough to fool many legacy device IDs into seeing many different devices where there is only one or two. App tampering tools, app cloners, and emulators are also useful tools in creating the appearance of multiple devices so that fraudsters can make as many fresh user accounts as they want.
Even if a platform’s device ID is strong enough to block multi-accounting attempts, some organized fraudsters have multiple devices at their disposal, forming what we call a “fraud farm” or “device farm.”
In order to stop the same user from making multiple accounts with a platform, a platform must be able to persistently bind a user’s device to their identity, even when the same user has multiple devices.
At the campaign design level, there are a few different ways to secure promotional campaigns and make them less attractive to bad actors.
The first way is to modify the discount or credit the promotion offers to make it less attractive to fraudsters. For instance, instead of one 30% discount at onboarding, a platform might offer three 10% discounts. Legitimate customers still get the same discount value, but the smaller per-order discount percentage leaves less profit margin for a fraudster.
It’s also a good idea for promo campaigns to be developed collaboratively between marketing and fraud prevention teams, as the fraud team can provide feedback on any marketing decisions that might make the campaign vulnerable while the marketing team shares their metrics to help set baselines and KPIs for fraud prevention to monitor. Talking with the legal team is also important to ensure that the platform retains the right to 1) deny the promotion to any user they believe might be abusing it and 2) pull the plug on the campaign as a whole if it has an abuse problem.
Perhaps the most effective way to protect a promotional campaign is to stop multi-accounting. If a fraudster can’t create multiple accounts to keep claiming promotions, their promo abuse scheme ends from the very first multi-accounting attempt. Stopping multi-accounting relies on a platform’s ability to re-identify the same user even if they switch devices or obfuscate their device ID.
Incognia persistently binds device-to-identity and location-to-identity to identify returning users even after obfuscation attempts or device switches.
For example, say a fraudster factory resets their device before returning to the app to make a new account. Incognia’s solution uses next-generation device intelligence enhanced with precise location to return a high risk assessment that the device belongs to an existing account holder.
Using location as a supporting signal also allows us to identify the same user even if they change devices entirely, because both devices will still originate from the same location. Specific locations can also be blocked entirely, stopping fraud farmers from accessing your platform.
Additionally, our device intelligence also includes device integrity checks. We look for things like evidence of emulation, app tampering tools, GPS spoofing apps, app cloners, and more to help assess the risk of a given user having fraudulent intentions.
Persistent device-to-identity binding is the solution to multi-accounting, and stopping multi-accounting is the solution to promo abuse. That’s how Incognia supports platforms looking to protect their marketing campaigns.
Readers interested in learning more about promotion abuse can listen to our podcast episode “Multi-Accounting: The First Step in Promotion Abuse” or watch our full webinar “Tackling Promotion Abuse in the Delivery Industry.”
To learn more about how Incognia has helped platforms fight promo abuse in the past, contact a member of our team today.