Using custom identifiers to prevent fraud
The Integration API's Update customer session endpoint allows you to add custom identifiers in addition to the session identifier. To add custom identifiers, use the identifiers
property in the body.
Let's see how we can prevent multiple account abuse with this property.
Preventing multiple accounts
Let's imagine we have created a standard campaign that gives registered customers a $20 discount for their first order. We suspect some customers will create multiple accounts to benefit from this campaign multiple times.
We can limit this if we have a way to identify the customer in a more accurate manner than with a customer ID.
Identifying a device
One way we can potentially identify a customer is by identifying their device. We can do this by checking the IP of the device(s) they use.
Let's assume that our ecommerce app is aware of the IP used by all signed-in customers.
We can share this information with Talon.One using the identifiers
property when we
send a request to the Update customer session endpoint.
Click the 2 tabs below to see sample payloads.
- Initial payload
- Updated payload
When a customer creates their first cart, for example, containing a pair of shoes,
the Update customer session
payload looks like this:
{
"customerSession": {
"profileId": "someid",
"cartItems": [
{
"name": "summer shoes",
"sku": "SKU1234",
"quantity": 1,
"price": 90,
"category": "shoes",
"attributes": {
"ItemBrand": "Nike",
"Color": "orange",
"image": "11.jpeg",
"size": 46
}
}
],
"attributes": {
"ShippingCity": "Berlin"
}
},
"responseContent": ["triggeredCampaigns"]
}
To identify the device, we can create/update a session by adding the device's
IP at the same time using the identifiers
property:
{
"customerSession": {
"profileId": "someid",
"identifiers": ["92.11.156.141"],
"cartItems": [
{
"name": "summer shoes",
"sku": "SKU1234",
"quantity": 1,
"price": 90,
"category": "shoes",
"attributes": {
"ItemBrand": "Nike",
"Color": "orange",
"image": "11.jpeg",
"size": 46
}
}
],
"attributes": {
"ShippingCity": "Berlin"
}
},
"responseContent": ["triggeredCampaigns"]
}
At this stage, we are sharing the device's IP with Talon.One so we can now leverage that data inside our campaign's rules.
Limiting discount per IP
The Campaign Managers offers budget limits per identifier. In our case it is an IP. Let's create such limit for our discount total.
- Create a new campaign.
- Click Settings > Budgets > Add limit.
- Select Identifier > Discount Total and set it to
20
.
It's important to create a new campaign because the limit is set for the whole campaign. Here, we limit the total amount of discount to $20. We want that limit to be reached on the first order so no further discounts will be allowed in this campaign.
To have more campaigns offering discounts, create one or more new campaign.
Creating the rule
Let's create a rule to manage the $20 discount and check the IP:
- Click Add condition > Check attribute value.
- Select the Total sales (customer profile) attribute and is equal to 0.
- Click Add effect > Discount sessions total.
- Set Discount name to
$20 off
. - Set Discount value to
20
. - Click Save.
The campaign is ready.
This discount effect impacts the discount total budget that we have created, which limits the amount of discount that can be given per IP. The Rule Engine checks that budget when evaluating the discount effect and expects to find an identifier in the session.
That's why we must ensure that the session includes the identifiers
property
by the time we close it. Otherwise,
the budget cannot be evaluated and the rule will fail even if the conditions are met.
Other ideas to use identifiers
Other examples include passing a hashed version of a credit card number as an identifier. This way, you can prevent cases where 2 different customers try to get a discount when paying with the same credit card.
Other ways to prevent fraud
Identifiers are also helpful in preventing coupon fraud and limiting how many referrals, giveaways and loyalty points can be issued for a single user.
To prevent fraud, we can combine unique identifier budgets with other types of budgets, and we can directly narrow down the scope of our campaign when setting our conditions. For example, we can use geolocation to grant discounts only to customers who are in a specific location.