Skip to main content

Using custom identifiers to prevent fraud

The Integration API's Update customer session endpoint allows you to add custom identifiers in addition to the session identifier. To add custom identifiers, use the identifiers property in the body.

Let's see how we can prevent multiple account abuse with this property.

Preventing multiple accounts

Let's imagine we have created a standard campaign that gives registered customers a $20 discount for their first order. We suspect some customers will create multiple accounts to benefit from this campaign multiple times.

We can limit this if we have a way to identify the customer in a more accurate manner than with a customer ID.

Identifying a device

One way we can potentially identify a customer is by identifying their device. We can do this by checking the IP of the device(s) they use.

Let's assume that our ecommerce app is aware of the IP used by all signed-in customers. We can share this information with Talon.One using the identifiers property when we send a request to the Update customer session endpoint.

Click the 2 tabs below to see sample payloads.

When a customer creates their first cart, for example, containing a pair of shoes, the Update customer session payload looks like this:

{
  "customerSession": {
    "profileId": "someid",
    "cartItems": [
      {
        "name": "summer shoes",
        "sku": "SKU1234",
        "quantity": 1,
        "price": 90,
        "category": "shoes",
        "attributes": {
          "ItemBrand": "Nike",
          "Color": "orange",
          "image": "11.jpeg",
          "size": 46
        }
      }
    ],

    "attributes": {
      "ShippingCity": "Berlin"
    }
  },
  "responseContent": ["triggeredCampaigns"]
}

At this stage, we are sharing the device's IP with Talon.One so we can now leverage that data inside our campaign's rules.

Limiting discount per IP

The Campaign Managers offers budget limits per identifier. In our case it is an IP. Let's create such limit for our discount total.

  1. Create a new campaign.
  2. Click Settings > Budgets > Add limit.
  3. Select Identifier > Discount Total and set it to 20.
Important

It's important to create a new campaign because the limit is set for the whole campaign. Here, we limit the total amount of discount to $20. We want that limit to be reached on the first order so no further discounts will be allowed in this campaign.

To have more campaigns offering discounts, create one or more new campaign.

Creating the rule

Let's create a rule to manage the $20 discount and check the IP:

  1. Click Add condition > Check attribute value.
  2. Select the Total sales (customer profile) attribute and is equal to 0.
  3. Click Add effect > Discount sessions total.
  4. Set Discount name to $20 off.
  5. Set Discount value to 20.
  6. Click Save.

The campaign is ready.

Important

This discount effect impacts the discount total budget that we have created, which limits the amount of discount that can be given per IP. The Rule Engine checks that budget when evaluating the discount effect and expects to find an identifier in the session.

That's why we must ensure that the session includes the identifiers property by the time we close it. Otherwise, the budget cannot be evaluated and the rule will fail even if the conditions are met.

Other ideas to use identifiers

Other examples include passing a hashed version of a credit card number as an identifier. This way, you can prevent cases where 2 different customers try to get a discount when paying with the same credit card.

Other ways to prevent fraud

Identifiers are also helpful in preventing coupon fraud and limiting how many referrals, giveaways and loyalty points can be issued for a single user.

To prevent fraud, we can combine unique identifier budgets with other types of budgets, and we can directly narrow down the scope of our campaign when setting our conditions. For example, we can use geolocation to grant discounts only to customers who are in a specific location.