Referral programs can be a great way to build your user base when you’re trying to grow your online marketplace, but they can also be a prime target for bad actors. Before launching or scaling a referral program, make sure you have policies and systems in place to detect and prevent the referral fraud it could attract.
What is referral fraud?
Referral fraud happens when someone abuses a company’s referral program. It can result from complex fraud operations, such as when a fraud ring creates thousands of new accounts using referral links to collect rewards. But it can also happen on a much smaller scale, such as when an individual refers themself to get a discount on their next order.
Depending on how the referral program works, some types of referral fraud could also be classified as coupon, loyalty program, or promo code abuse. An example of coupon abuse and referral fraud is when a user receives a coupon code for referring a friend and goes on to use that code for multiple orders.
Common marketplace referral fraud schemes
Some common types of referral fraud that online marketplaces might experience are:
- Self-referrals or duplicate accounts: When people send a referral link or code to a different email or phone number that they control. This type of multi-accounting, as it’s also called, might happen as a one-off occurrence. However, fraud rings can use self-referrals to take advantage of referral programs en masse.
- Account cycling: A variation of self-referrals when someone refers themself, uses the referral bonus, deletes their referred account, and then does it again.
- Mass referrals or broadcasting: A marketplace might intend for users to only send a referral link to their friends and family members. Instead, they post it on social media and coupon websites to try to earn more rewards.
- Referral return abuse: Someone earns a bonus for referring a new user who makes a purchase. The first person cashes out their bonus and then the second person returns the purchased item.
Referral fraud could also happen indirectly if a bad actor takes over a legitimate user’s account and uses it as part of a referral scheme.
The importance of detecting referral fraud early
When you’re focused on growth, referral fraud might get dismissed as a cost of doing business, but that’s a dangerous stance to take, and there are many benefits to addressing fraud early.
- Decrease fraud losses: The less money you lose to fraudsters, the more you have to reinvest in real growth.
- Avoid muddying marketing metrics: Data from your referral program won’t be as helpful if its associated campaigns are plagued by fraud.
- Save your marketing budget: Avoid spending money on discounts or bonuses that go to referral abusers.
- Lower chargeback rates: Fraudsters might use stolen credit cards to make purchases if referral programs require the referred person to buy something. Once the cardholder notices the unauthorized purchase, they may file a chargeback with the card issuer.
- Alleviate your team of tedious work: Rather than spending time cleaning up fake accounts that could have been prevented from onboarding with identity verification, your trust and safety team can focus on more complex fraud attacks and strategic initiatives.
Another benefit — keeping bad actors out of your marketplace might be easier than trying to clean things up later. Plus, you may already have some of the tools you need in your identity stack. If you’re running Know Your Customer (KYC) or anti-money laundering (AML) checks, or you have to comply with the INFORM Consumers Act, the same tools you use for verification or compliance can potentially help you stop referral fraud.
How to limit referral abuse and fraud
Beyond aligning with your marketing team and ensuring you are aware of when they’re running referral promotions, it’s also critical to build and integrate your referral program in a way that limits abuse and decreases fraud rates.
Some of the steps you can take to design a referral program that won’t be easily abused are:
- Review your referral program’s terms: Make the guidelines clear for your users. You may want to prohibit sharing referral links on social media or coupon sites, or limit how many people from a household can qualify for a bonus. People might still violate the terms, but now you can point to the terms and conditions as a reason for rescinding referral bonuses, preventing an account from referring new users, or banning an account.
- Don’t offer cash rewards: Fraudsters might be less likely to target referral programs that offer discount codes instead of cash rewards, especially if your marketplace sells services or products that bad actors can’t easily resell.
- Create one-time-use codes: If you offer a coupon code as a referral bonus, create unique codes that can only be used once.
- Limit referral eligibility: Use automated checks to keep someone from earning a referral bonus when they refer existing users. By the same token, you can automate a pop-up message if this is the case. It’s possible the user’s intentions are good and they just didn’t know that their referee already opened an account. Also, consider limiting how many referral bonuses users can earn.
- Track referral velocity: Track how often accounts are referring new users to quickly spot suspicious activity.
- Require minimum activity or purchases: Add requirements to earning referral bonuses, such as delaying the bonus until the referred person makes at least three purchases. If you offer cash rewards, you might require someone to accrue a minimum amount of rewards before withdrawing the cash.
You can use referral software to set up and manage your promotions. It’s essential that the platform you choose integrates directly with your identity stack so you can gain assurance that the users you’re onboarding through referrals are legitimate.
Additionally, your identity verification (IDV) and fraud prevention tools can help you catch one-off incidents of self-referral fraud and more complex schemes that put your organization and your end users at risk. Here are some of the ways that IDV and fraud tools can give you a more holistic picture of risk at onboarding:
- Use multiple signals to detect self-referrals: Comparing a new user’s email address to your existing user base is a helpful first step, but it’s also easy to create throw-away emails. You need to look for other data points that could point toward a self-referral, such as device signals and email risk reports.
- Look for suspicious account information: Monitor risk signals when someone tries to sign up for a new account. For example, you might decide to run additional checks if you see that they’re using a VPN or their device’s geolocation data places them outside of a region where you operate. You can also use link analysis to see if they have a connection to an account that you previously flagged as fraudulent, such as an IP address or even a selfie with a similar background to a known bad actor.
- Dynamically step up verification. You may have IDV tools for combating other types of fraud and complying with regulations. You can also use automated, risk-based IDV to dynamically add friction when you suspect a new referred user is a bad actor. This can help you collect more information for manual review and auto-decline users who consistently fail additional checks.
After onboarding, you can also automate reverification before a user tries to withdraw a large bonus or attempts to refer more than a certain number of people. Building a strong defense against referral fraud across the user lifecycle helps you catch sleeper accounts and increases the ROI of your identity and fraud prevention tooling.
Persona can help online marketplaces prevent referral fraud
Leading global marketplaces work with Persona to verify users’ identities, prevent many types of marketplace fraud, and uncover fraud rings.
Recognizing that every business has unique needs, fraud exposure, and audiences, Persona built its identity platform to be configurable so you can pick and choose the products and solutions you need to grow and keep your marketplace safe.
Use Dynamic Flow to customize onboarding flows and automatically approve, block, or route users to manual review, depending on the risk signals they exhibit. To avoid unnecessary friction, you can passively run an email risk report to learn more about a referred user’s email address, such as when and how often the address was previously seen, if it’s from a temporary email service, and the level of risk associated with the email. Phone risk reports can similarly be run when users share a phone number or as a step-up verification based on what’s in the email risk report. When needed, you can also add friction with document, government ID, and selfie verifications and run database verifications using submitted information for additional assurance.
To augment your fraud-fighting strategy, you can use Graph to find patterns and connections in user data. These can include active signals from information that users submit, such as their name, email address, and physical address, and passive signals like location and IP address.
To block repeat offenders, you can automate checks against Graph with Workflows, which can be triggered across key points during an onboarding or reverification flow.
Book a demo to learn more about how we can help you stop referral fraud.