Unlike other types of fraud, such as credit card fraud, where you might receive warning signs and potential recovery options, promo and policy abuse is a silent and costly problem. By the time the abuse is detected, the damage has already impacted your financial records.
Promo and policy abuse can take many forms, including creating multiple accounts, abusing return policies, or exploiting referral systems. In collaboration with Sorare, we organized an educational webinar to explore these various types of fraud and abuse and to provide strategies to detect and prevent them.
This webinar summary covers:
Policy abuse is growing across various industries, leading to significant financial losses, increased operational workloads, and a decrease in customer trust. In the digital environment, promo abuse often begins with multi-accounting. This behavior can escalate into various forms of abuse, such as:
Platforms often find it challenging to detect and prevent these abuses. Sometimes, they lack the right tools. Other times, they fear falsely accusing honest customers, which could damage trust and customer relationships.
We consider two types of users on online platforms: guests, who purchase without an account, and registered members, who enjoy various benefits like access to exclusive products and services, discounts, etc. Loyalty programs make these memberships even more attractive by helping platforms expand the customer base and increase customer lifetime value.
While this strategy promotes sustainable growth, it also presents several challenges. Platforms must verify that new users are legitimate to prevent misuse and fraud. After registration, platforms face the ongoing challenge of consistently verifying the identity of users logging in. Trust issues may arise, potentially leading to account takeovers. A single wrong trust decision can allow unauthorized access, resulting in the theft of loyalty points, credits, and other assets while reducing the value of the loyalty programs.
To avoid affecting customer retention, platforms are introducing friendly policies for their members. For example, refund policies are often designed to prioritize customers’ needs, sometimes to the extent of processing refunds before the returned item has been received or before the claim facts are fully verified. This practice of issuing refunds before returns highlights a company's commitment to trust and customer satisfaction. However, it also poses risks, including potential abuse by customers and logistical challenges.
Policy abuse affects profits because the benefits go to the wrong people, often unnoticed, as it occurs within an automated flow. This is why policy abuse is a silent enemy. Users submit requests, and machines and servers handle everything automatically behind the scenes. It’s very difficult to realize in real time that the benefits are actually costing more than they are generating in terms of financial impact.
Fraudsters misuse benefits by hiding behind multiple identities. With no physical interaction, the server only sees requests and must decide whether to approve or deny them, which can be manipulated through collusion. This fraudulent behavior leads to single abusers receiving multiple rewards or benefits, which can be easily monetized. Points, coupons, and credits hold tangible value and can be sold on specialized marketplaces, turning into immediate money for fraudsters.
Before executing a buyer's request, we make an API call to a decision engine. This engine ingests the context of the request and identifies who is actually making it. It then applies the appropriate policy to handle the situation.
This policy runs through a sequence of controls designed to reveal the buyer's true identity or intent. These policies can trigger behavioral velocity rules. For example, if we track returns for each account and observe that out of every 10 purchases, there are 8 returns, this serves as a risk signal.
Behavioral and velocity rules that are coupled with custom models and controls are highly effective controls for detecting fraud and abuse in domains related to both digital and physical goods. However, while in some cases, it might be easier to identify fraud involving physical goods, digital goods require dedicated models to infer the true user behind transactions, as tangible items are not being exchanged.
This process heavily relies on data enrichment. If you only have a single touchpoint of the user, making a decision is challenging. However, if you collect all data related to the user's previous activity and link it to one identity, a pattern emerges. Once these previous interactions are ingested, the policy engine processes all the signals and renders a recommendation. Based on this recommendation, the request is either accepted or refused.
In approximately 25% of cases, we avoid fully automated processing. Fraudsters often change their tactics, so when an activity seems suspiciously unusual, we escalate the case and send all data points to a team of manual reviewers, who connect the dots and make a manual decision on whether to accept, refuse, or decline the user request. This is how we handle user requests in real time to determine if they come from a legitimate user or a fraudster attempting to manipulate the system.
Sorare is a platform for digital collectibles where fantasy football meets the blockchain. It’s also a community of passionate fans who can play and earn rewards in an engaging digital landscape. Backed by famous athletes such as Kylian Mbappé, Zinedine Zidane, Gerard Piqué, and Serena Williams, the company generates hundreds of millions annually from NFT sales, with some cards selling for over USD 100,000.
Fraudsters are attracted by Sorare's generous referral and onboarding programs, which offer rewards, so they attempt to exploit these programs through sign-up abuse. Fraudsters share these exploits widely on platforms like the dark web, Telegram, and Discord. They create multiple accounts, refer themselves, receive discounts, and then buy NFTs, which are resold on the secondary market for profit. This problem isn’t just about financial losses but also affects the player experience and community perception, particularly regarding the value of trading cards.
As platform activity increases, so does fraudulent activity, leading to a requirement for more reviews and account monitoring. This complexity is compounded by the fact that Sorare platform is blockchain-based. Blockchain transparency means that all transactions are visible, not just to their fraud and financial teams but also to users. If fraud is detected, users open multiple customer care tickets, affecting the platform’s image in real time.
Handling fraud in the blockchain and cryptocurrency space is especially challenging due to the pseudonymous nature of these technologies, making it difficult to identify real individuals. Additionally, cryptocurrency transactions are irreversible, eliminating chargebacks and making it arduous to recover funds lost to fraud. Users defrauded in this space have no recourse but to negotiate with fraudsters.
At some point this year, the company noticed an unusual drop in the selling price of a top player card. Normally, a limited card like that one sells for about 200 euros, but recently, sales were happening at ~130 euros. On investigation, they found that users were buying these cards at a discounted price through their referral program. They would then resell the cards for 130 euros, thus making a profit. This activity not only allowed them to exploit the discount but also lowered the perceived value of the cards, which is harmful to the platform’s brand and community.
Sorare’s further investigation showed that these accounts were linked via IP addresses, device fingerprints, and geographical KYC inconsistencies - accounts created from one country but verified from another. Fraudsters adapted by using VPNs and proxies, but analysis of email patterns and account creation velocities also revealed connections.
To mitigate these issues, Sorare has improved their fraud detection by introducing friction points like email and phone confirmations and delaying rewards until users actively participate. This approach increased the cost of fraud, making it less appealing to fraudsters. Further supported by technologies like machine learning, they improve continously their fraud management strategies.
Handling promo abuse is about finding the right balance between control, protection, flexibility, and operations. When businesses set up complex verification processes, customers might feel too much friction. Policy flexibility also plays a crucial role in shaping customer loyalty. Policies that are too tight may frustrate genuine customers, possibly driving them to competitors. If policies are too flexible, they may be exploited, leading to increased instances of abuse.
Start by implementing broad policies in a controlled, simulation-based environment. As you gather data, refine, and adjust your strategies to suit real-world applications better, always keep an eye on how changes affect customer satisfaction. This iterative process helps build a system that not only prevents abuse but also improves the overall user experience.
Early detection mechanisms powered by machine learning models can predict fraud patterns so you can block such interactions at an early stage. You should also strengthen identity checks to make sure users are verified before they can benefit from policy rewards. This adds a layer of friction for users trying to complete fraudulent actions.
Finally, access to research and intelligence data, including insights from the dark web, helps us all learn and adapt to new fraud patterns. By leveraging these insights, we can develop preventative measures to combat fraud and abuse in real time.
Do you have a promo or policy abuse issue you're looking to resolve? We're here to help! Contact us, and we'll find the right solution for you.