Fraud Prevention in Payments: Through the User Journey - Ofer Golan, Wix
Promo Abuse - or Fraud?
Coupons, referral programs, promotions when entering new markets... If you offer it, customers will try to game it. Promo abuse is one of the constants of online business, and it’s often considered a “price of doing business” - so when is that the right approach? How can fraud prevention teams keep that cost as low as possible? And when does abuse become fraud?
The Customer is Always Right
Preventing promo abuse comes directly into conflict with one of the priorities of almost any online company: Customer experience. Moreover, it often appears at a time when customer experience is most important - the experience of a new user, brought in by the promotion, who's just getting to know the site.
Often, the consumers who are cheating with your promotions are actually some of your most loyal and enthusiastic customers; they spent a lot of money and time on your site legitimately, but when the opportunity comes along to get some of their favorite goodies for less, they take it.
In those cases, it can make sense to put customer experience first; you want these customers to feel special and valued. After all, their overall value to you is far greater than the amount they’re avoiding through promo abuse.
For those customers, the fraud team will often be told to turn a blind eye and ensure that the naughty behavior doesn’t impact their reputational standing as a customer. That doesn’t mean that the fraud team is irrelevant in those cases, though.
One note: Analyze customers’ activities to ensure that their value really does justify the cost of the promo abuse!
Detecting Promo Abuse: Friction or No Friction?
The real problem begins, when promotion abuse transitions from an occasional “extra discount” to systematic abuse by the same group of people, who take advantage to generate huge monetary gains, syphoning funds from your company and wasting your marketing budget.
Detecting promo abuse is very similar to detecting fairly straightforward types of fraud. It all comes down to identity: Is this one person using this promotion once, or is it really someone who’s returning over and over again in different disguises? Is this person who they say they are, or are they using a fake identity (e.g. email, name, phone) to look new?
There are a huge number of identity verification tools and techniques you can use to answer these questions, from 2FA (including biometric options) to subtle device or behavioral information and analysis to invisible providerless collaboration with other companies, and more.
Some options add more friction to the flow than others, which is an important factor. Friction can have its use in the case of promo abuse, giving consumers a chance to stop and think whether they want to go through with it. These are not professional fraudsters, so if it becomes difficult for them to hide their identity, or jump through lots of hoops, they’ll often give up.
On the other hand, friction does impact customer experience for good customers, and may be off-putting to just the consumers you want to attract. Every company must decide on its own priorities in this regard.
Some of the tools may be completely irrelevant in some cases, like a new customer signup promotion, when you have no history of the customer to leverage for 2FA, biometrics and other similar techniques. It's important to consider a range of tools and find the right ones for the right use cases you have in mind.
There’s also the question of when to identify the consumer; you can start right at the beginning of their interaction, target logins or account creations, wait until a transaction is attempted and so on. More and more fraud teams are looking to move their identification processes earlier rather than later, making it easier to employ frictionless options because the decision doesn’t have to be made instantaneously.
Responsibility and Footing the Bill
Who has responsibility for preventing, analyzing or making decisions regarding promo abuse? This varies enormously from company to company, because it’s an area where a number of departments are typically involved.
Marketing and/or Sales departments are often responsible for the promotional effort in the first place, and for publicizing it and ensuring its success. Product may well be directly involved, depending on the product connected to the promotion. Customer Support will likely be in the loop, to handle technical issues or questions. And, of course, the Fraud Prevention team needs to be a part of the process to ensure that things don’t get out of hand.
Who has responsibility for which part of the promo abuse puzzle? Decisions relating to friction and where to draw the line between acceptable and unacceptable cheating likely rest with Marketing or Sales. Decisions relating to the product, whether UX or physical, will probably belong to Product. Fraud fighting teams have to accommodate their tactics and practices to the overall goals laid out through those decisions.
Because of this, fraud prevention teams rarely foot the bill for promo abuse (though, as with everything else in fraud prevention, there are exceptions). There aren’t any chargebacks, and keeping false positives low is generally a priority in this case - even more so than stopping cheaters.
For this reason, fraud fighters sometimes overlook the great opportunity that taking part in this kind of inter-departmental effort gives them.
- Building relationships of trust and mutual respect. Stopping promo abuse, and defining its parameters and the attendant company policies, is a very collaborative effort between departments and leaders, at many levels of management. It’s a chance to support other departments and prove that you want to work with them to achieve their goals - the opposite of the “naysayer” image people sometimes have of fraud fighters.
- Provide your fraud team’s value. Your fraud department isn’t just about preventing chargebacks. Promo abuse is a showcase for your value in supporting company growth and new customer acquisition in a way which doesn’t cost the business too dearly. You can provide insight into the results of the promotion and the customers who jumped on it which is simply unavailable to other departments who don’t have your insight into identity validation.
- Educate upper management. Cross-departmental exercises like this, especially if it’s a large and important promotion, are opportunities to educate upper management about how digital identities work, and can be spoofed, and the work your team does to ensure everything is squeaky clean. Executives rarely understand fraud prevention from their own experience; as a fraud prevention leader, it’s part of your job to educate them about the many ways your team contributes to the safety and success of the company as a whole.
Join Our Promo Abuse Roundtable
On January 28th we’ll be hosting a merchant-only roundtable for fraud fighters who face and fight promo abuse in any and all of its many forms. Participants will be sharing their insights into the topics in this blog post, discussing ideas about how best to approach them, and top tips for what works - and what doesn’t.
If you’d like to share your expertise and thoughts with your peers on the 28th, just email us at firstname.lastname@example.org. We’d love to see you there!
What’s a Rich Text element?
The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.
Static and dynamic content editing
A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!
How to customize formatting for each rich text
Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.
Identiq is SOC2 Type II Certified - and Constantly Committed to More Than Compliance
Fraudology Podcast: Karisse Hendrick Discusses the Holy Grail of Fraud Prevention