What is Promotions Abuse?
Whenever businesses or individuals create anything of value, it won't be long before thieves and scammers start trying to find a way to either steal or exploit it for their benefit. Online promotions offer a great opportunity for businesses to cultivate new leads, reward loyal customers and even boost brand recognition. Many of these promotions, however, also present the opportunity for abuse. In addition to the financial costs to the business of promotions abuse, it can also damage their brand, their reputation with banks, and even their ability to provide loyalty benefits to good customers. Promotions abuse is on the rise, and it can take many forms, depending on the promotion offered. Here are five types of promotion abuse and what you can do about it.
Types of Promotions Abuse
Referral Bonus Abuse
Offering referral bonuses is a great way for businesses to not only cultivate new customers but also create better loyalty among existing customers. Considering that 92% of consumers trust referrals from people they know and 77% of consumers are more likely to try a product or service they learned about from friends or family, there is no doubt of the value of referral programs. Unfortunately, there is almost no end to the ways in which referral bonus programs can be abused. When bonuses such as rewards points are offered for email addresses, users will often refer themselves using a variety of fake email accounts. When cash bonuses are offered, users will often create fake accounts to get additional bonuses. When a purchase is required, they may even make a purchase, get the referral bonus and then return the product or cancel the service. One enterprising individual even managed to rack up $50K in free Uber ride credits by exploiting a weakness in Uber's referral promo code system.
Signup Bonus Abuse
Many online businesses offer free or heavily discounted services for new customers. These can include free months of streaming for services like Hulu or Netflix, or free or discounted rides from rideshare services like Uber or Lyft. Scammers can exploit these offers by simply signing up for multiple new accounts. While this generally only results in the loss of a few dollars to businesses, the more expensive the product or service, the more valuable the signup bonus, which can potentially result in several thousands of dollars in loss to the company.
In many cases, businesses will issue a coupon or voucher for a free or BOGO offer. In many cases, these vouchers need to be legitimized online by entering a code. Unfortunately, businesses sometimes get lazy when creating or issuing these codes, which makes them easy to exploit. In some cases, they start off with a series of sequential numbers, only changing the last few, which makes them easy to guess. In other cases, the system used to enter the data becomes the weakness by verifying each digit individually. Since the legitimate customer did not purchase the voucher, the business is only out money if the legitimate customer tries to use the voucher and discovers it has already been redeemed. Then the business may end up offering a free service twice as well as having to potentially offer something more to maintain customer loyalty.
Gift Card Abuse
Many businesses will issue gift cards for other businesses or services as promotional rewards. Gift cards themselves can be subject to all kinds of abuse, which can, in turn, affect the merchant. This particularly true when the gift card being offered is for another product, service or retailer. While it is fairly uncommon, entire databases of gift card numbers can be hacked and sold. If smaller businesses purchase gift cards directly from another retailer, they can also open themselves up to problems. Since gift cards themselves have no value until scanned, most retailers simply leave them on open racks or shelves. This allows gift card scammers to pick up large stacks of cards and either clone the cards or write the numbers down. They then simply wait until the card has been activated and use it however they choose. While this can be frustrating for a consumer, it can be devastating for a business to offer a gift card bonus that ends up having been used fraudulently.
Account takeover attacks are quickly becoming one of the most common forms of promotions abuse. Unlike a bank or business, the consumer engages in financial transactions with, many consumers will not protect loyalty cards, programs or apps as carefully as they protect other cards, apps or programs that contain more sensitive financial data. Unfortunately, more and more loyalty cards are being linked directly to credit cards and can be used as both a loyalty card and gift card. Starbucks cards, for instance, can be loaded into their app and connected to a credit card. Customers receive bonus stars for making purchases and can even have their card topped up automatically when their balance gets low. If they lose control of their account, a thief can not only siphon off the balance on their card to their own card but can also siphon off subsequent top-ups that the account owner may remain completely unaware of.
How to Prevent Promotions Abuse?
Many businesses are hesitant to institute strong security protocols that may end up alienating new customers or clients. For instance, while one consumer may not subscribe to a pay TV service for one month of free service, they might for two months of free service. If they obtain a second month fraudulently, but then become a paying customer as a result, the business is still better off. If the service were to crack down too hard on this type of abuse, they might alienate potential customers.
Web beacons can detect when an individual is attempting to create multiple accounts from the same device or IP address. Other options include software programs that filter for certain behaviors, such as if a user opens a new account and immediately begins referring to others without browsing or purchasing.
iovation is a leading provider of fraud prevention software including advanced multifactor authentication solutions to fight e-commerce fraud, insurance fraud, online gambling fraud, ticketing fraud and many other types of fraud.
Ready for the next step?
Spot user behaviors and device information that’s suspicious, and stop those fraudsters in real time. We track billions of devices and our fraud analysts add evidence to make this intelligence even more effective.