Woman looking at phone in kitchen

How to Identify and Prevent Promo Abuse Fraud in eCommerce



Offering new compelling promotions can be an incredibly effective way to acquire new customers, especially for companies whose customers offer a high lifetime value. This could take the form of free services (a free ride when you sign up for a rideshare company), steep discounts (take 50% off your first order), or referral rewards for getting a friend to sign up. While promotions can be key to growing your customer base, they can be a risk challenge for marketplace companies. If promotions aren’t properly managed, it will result in people abusing the offer by signing up for multiple accounts. Not only does this mean lost revenue, it can also result in missed opportunities as company resources get tied up with dealing with promo abuse fraud rather than serving legitimate customers.

How can high-growth companies balance incentives for customer acquisition with users exploiting those incentives? And, crucially, how can they do it without adding too much friction to the sign-up process?

The key is identifying who is a net new customer to your service, and who is an existing customer trying to look like a new customer.

Haven’t we seen you before?

Unlike in synthetic identity fraud where fraudsters are fabricating identities based off of bits of stolen data, promo abuse is done by real people who are already real customers of the company whose offers they are trying to capitalize on. This requires a different approach than other fraud prevention strategies, which focus on verifying the authenticity of customer identity.

People will get creative when it comes to taking advantage of promotional deals, whether that’s getting another $25 in free rides or another couple of free cups of coffee. Most companies use standard identifiers to prevent duplicate accounts, such as email or phone number. But it’s not difficult to set up a second email, or even a phone number using a service like Google Voice.

Fortunately, identity verification tools can help you pull back the curtains to see if an email or phone number is associated with an existing user and whether or not there are any red flags.


First, verify that the email is well-established by looking for a first seen date. Was it recently created to sign up for this account or has it been in use for a while? Does it seem to be a burner email account or one that is commonly used?

One growing practice is email tumbling, which is when users modify their email address in order to tag and filter incoming mail. For example, mary@account.com could use mary+shopping@account.com to sign up for online shopping accounts. Both addresses go to the same account, but Mary can use filters to manage how the mail to each address is handled. Be sure to check for tumbled email addresses.

Of course, standard practice is to also verify that the user has access to the inbox by having them complete setup from their email.


Again, determining the persistence of the contact information provided is critical. How long has the phone number been active? Is this a burner phone or their main phone number? Is it a non-fixed VOIP with SMS enabled to help them with two-factor authentication or is it a traditional phone carrier?
Requiring a one-time passcode can help make sure they have access to the phone number, but you need more detailed identity information to ensure it’s not a disposable number.

Adding friction where it counts

If users sign up with a well-established phone number and email address that seem to be their primary accounts, you can let them into your product or network with confidence that they are a net-new user.

But if your identity data causes you to suspect they’re using a phone or email that was created for subverting these verification steps, you can put them through additional steps that require them to more thoroughly substantiate that they are indeed a legitimate net new customer before giving them a promotional discount.

This way, you can use progressive sign-up flows to segment out your best customers and let them through with as little friction as possible, while offering additional challenges only to the accounts that need additional verification.

For more: Watch our On-Demand Webinar Stopping Friendly and Chargeback Fraud and Promo Abuse at Account Opening.

Mastercard Identity Avatar

About the Author

Related content