Skip to main content

Using custom identifiers to prevent fraud

The Update customer session endpoint of the Integration API allows you to add custom identifiers in addition to the session identifier. To add custom identifiers, use the identifiers property in the body.

Let's see how we can prevent multiple account abuse with this property.

Preventing multiple accounts

Let's imagine we have created a standard campaign that gives registered customers a $20 discount for their first order. We suspect some customers will create multiple accounts to benefit from this campaign multiple times.

We can limit this if we have a way to identify the customer in a more accurate manner than with a customer ID.

Identifying a device

One way we can identify a customer is by checking the IP address of the devices they use.

Let's assume that our ecommerce app is aware of the IP address used by all the customers who are signed in. We can share a hashed version of this information with Talon.One using the identifiers property while sending a request to the Update customer session endpoint.

tip

We highly recommend you anonymize the identifier you send to Talon.One. Consider applying salted hashing, for example, using hashlib (Python) or crypto (Node.js).

Compare the following payload examples:

When a customer creates their first cart, for example, containing a pair of shoes, the Update customer session payload looks like this:

{
  "customerSession": {
    "profileId": "someid",
    "cartItems": [
      {
        "name": "summer shoes",
        "sku": "SKU1234",
        "quantity": 1,
        "price": 90,
        "category": "shoes",
        "attributes": {
          "ItemBrand": "Nike",
          "Color": "orange",
          "image": "11.jpeg",
          "size": 46
        }
      }
    ],

    "attributes": {
      "ShippingCity": "Berlin"
    }
  },
  "responseContent": ["triggeredCampaigns"]
}

At this stage, we are sharing the device's hashed IP address with Talon.One so we can now leverage that data inside our campaign's rules.

Limiting discount per identifier

The Campaign Manager offers budget limits per identifier. In our case the identifier is an IP address. Let's create such a limit for our discount total:

  1. Create a campaign.
  2. In the campaign's budgets section, add a unique identifier budget.
  3. In the budget, set the Discount Total limit as 20.

Creating the rule

Let's create a rule that offers the $20 discount only to fresh checkouts:

  1. In the Rule Builder of your campaign, in the Conditions section, add Check attribute value.
    • Select Total Sales (Customer Profile) > is equal to, and type 0.
  2. In the Effects section, add the Discount session total effect.
    1. In Discount Name, type: $20 off.
    2. In Discount value, type: 20.

After you save your rule, the campaign is ready.

important

  • The discount effect reflects the budget we set earlier for the campaign and limits the amount of total discounts given per IP address. The Rule Engine checks the budget when evaluating the effect and looks for an identifier in the session.

  • Ensure the session includes the identifiers property when you close it. Otherwise, the budget cannot be evaluated, and the rule will fail even if the conditions are met.

Other ideas to use identifiers

Other examples include passing a hashed version of a credit card number as an identifier. This way, you can prevent cases where two different customers try to get a discount when paying with the same credit card.

Other ways to prevent fraud

Identifiers are also helpful in preventing coupon fraud and limiting how many referrals, giveaways and loyalty points can be issued for a single user.

To prevent fraud, we can combine unique identifier budgets with other types of budgets, and we can directly narrow down the scope of our campaign when setting our conditions. For example, we can use geolocation to grant discounts only to customers who are in a specific location.