Episode 3: Fighting Back Against Promo Abuse

Promo abuse is silently siphoning millions from gig economy platforms—hurting margins, growth metrics, and customer acquisition efforts.

This episode is a discussion between Sudhir Lanka (Grubhub), Danielle Miguez (Zé Delivery), and Jeniffer Rosa (Incognia) about how promo fraud happens, what to watch for, and how to stop it without killing your growth engine.

Key discussion topics include:

• How promo abuse really works—from fake restaurants to fake accounts and device farms
• How to recognize the early warning signs of abuse and uncover vulnerabilities
• How to distinguish between clever users and real fraud
• Proven strategies for cracking down on abuse without killing growth
• How fraud teams can partner with marketing to stop abuse and support sustainable growth

Show notes:

• Promo Abuse: The Silent Fraud Hiding Behind Your Best Campaigns
• The Frontline Report Gig Economy Edition
• Connect with Danielle: https://www.linkedin.com/in/danielle-miguez-517631129/
• Connect with Sudhir: https://www.linkedin.com/in/sudhirlanka/
• Connect with Jeniffer: https://www.linkedin.com/in/jeniffer-rosa-de-paula/

About Fraud On The Go Podcast

Fraud On The Go is the podcast for fraud fighters on the frontlines of the gig economy. Through candid conversations with experts, we explore how delivery, ride sharing, and marketplace platforms are fighting fraud and risk at scale, and what it takes to stay ahead.

Episode Transcript

Jeniffer: Hi everyone. I'm Jeniffer Rosa, your host for today's session. I'm excited to have this conversation with my guests, Danielle Magis from Zé Delivery and Sudhir Lanka from Grubhub.

Let's do some introductions so you can get to know the three of us a little bit. I'm going to start with myself. I'm Jeniffer. I'm a Customer Success Coordinator at Incognia, specialized in helping tackle fraud in the food delivery and ride-sharing industries.

Sudhir: Hi everyone. My name is Sudhir Lanka. I'm currently working as a Senior Manager at Grubhub, leading our fraud prevention efforts across our marketplace—diner, driver, and restaurant—as well. You know, promo abuse has been a tricky situation, a tricky form of fraud that we've been dealing with for the last two to three years, and I'm really excited to share insights and learn from everyone. Thank you.

Danielle: Hi everyone. I'm Danielle—you can call me Dani. I'm Head of Fraud Prevention at Zé Delivery in Brazil and Tata Delivery in Latin America, both D2C channels in AB InBev. Thank you, Jenny, Kona, and Sudhir, for the invitation. I'm always excited to talk about promo abuse, which is becoming one of the top emerging kinds of fraud in the world. So thank you so much. It's very important for our business. Let's go.

Jeniffer: So here's what we'll be covering today. We’re going to start by digging into how fraudsters exploit promotions—their tactics, their tools—with some real-life examples. Next, we'll talk about why detecting promo abuse is really challenging and the warning signs to look for that indicate abuse is happening. And lastly, we'll get more tactical and discuss how to prevent promotion abuse without sabotaging growth, and how to get on the same page as the marketing or growth teams.

With that context, let's jump into our first topic, which is the Promo Abuse Playbook. What does promo abuse actually look like, and how are fraudsters pulling it off at scale? Let’s walk through the most common tactics and tools we are seeing across platforms.

I’m going to start with a question for Danielle. I know your team at Zé Delivery has uncovered some complex tactics tied to promotion abuse. Can you walk us through some examples and what made them tricky to catch?

Danielle: Of course. Well, let's start with something that I always say about this type of fraud: promo abuse is a very silent kind of fraud. It doesn’t represent an obvious loss that causes a direct or even immediate financial impact like we see with chargebacks or account takeovers, for example. So it becomes really difficult to detect and clarify that.

At the beginning of our operation in Zé Delivery, our coupon campaigns—especially the most aggressive ones, the ones with the biggest discounts—seemed to deliver amazing results at first sight. Coupons ran out in a few hours or even a few minutes, generating high volumes of transactions and new customers.

Our promotion campaigns brought thousands of new consumers in record time. Initially, these results gave the impression that the campaigns were bringing great value to the company. However, if you look at this scenario through a refined lens—or a fraud prevention lens—you see things such as 80% of the coupons being used by four or five devices.

You can see 50–70% of the new customers share at least one data point in common. So the question that remains for the team is: are these campaigns really bringing the expected results? Talking about the silent type of fraud and what makes it tricky to catch—first of all, if you don’t have the tools to identify these patterns I just mentioned, it becomes very challenging. I think that’s the scenario we can begin to talk about.

Jeniffer: So Sudhir, I’m curious—do you see similar patterns at Grubhub? What forms of abuse tend to show up the most often on your side?

Sudhir: Yeah, absolutely. Before I get into it, I totally agree with what Dani mentioned—promo abuse is very silent and very subtle. It’s unlike traditional fraud such as account takeovers or payment fraud. It’s quiet, it’s persistent. While I agree with Dani, my view is slightly broader.

From my perspective, promo abuse comes from two different directions: one from the diner or customer side, and the other from the restaurant side. On the diner side, we have loyal customers—like you and me—just saying, “Hey, let me create a few more accounts, maybe take advantage of the new user promo.” They don’t think it’s fraud; it’s like borderline abuse.

But on the other side, we also have professional fraudsters running these things like companies. It’s almost like a business. They recycle devices, perform SIM swapping, and use advanced techniques. They communicate on Telegram and Discord—there’s a lot happening. That’s what we see on the diner side.

Now, if we talk about the restaurant side, this is where it gets a little tricky. When we onboard a new restaurant on our platform, a lot of restaurants offer their own promotions to attract new customers, to make sure their restaurant comes up at the top in our search algorithm. So they offer more promos to ensure their food is tasted by everyone and word of mouth spreads. Fraudsters—when they come in as diners—target these kinds of restaurants. They place very high volumes of orders on these restaurants again and again, trying to exploit the promos.

The other type we see from the restaurant side is more of a collusion—or complicity—in the fraud itself. A fraudster can create a restaurant and also create a diner account. They place orders to their own restaurant, which is a fake restaurant, and there’s no food to be delivered. Essentially, they’re just pocketing the money that we at Grubhub pay out for the service they “provided,” plus the promo amount we also pay. It’s almost like a double hit for us. This aspect is more complicated, and detecting it goes into the trickier part of problem-solving. So yeah, that’s been our experience so far.

Jeniffer: You mentioned some differences between users who abuse the system by creating multiple accounts and professional fraudsters, as well as how restaurants can be complicit. What tactics or tools are you seeing these fraudsters—especially the more professional ones—use to scale promotion abuse?

Sudhir: Absolutely. With the advent of AI and the advancement of so many technologies, fraudsters have been adapting. We’ve seen large device farms where they’re creating multiple new accounts at once. They use emulators or even human farms to create multiple accounts simultaneously.

We’ve also seen synthetic identities being created—like a real social security number attached to a fake name or phone number—and they just keep generating multiple accounts and personas. This is the extent of what we’ve seen so far. There’s probably much more going on, but I think it’s the next step forward. I’m hoping the discussion and the industry continue to evolve in that direction, but there’s definitely more happening behind the scenes.

Jeniffer: Right. And Danielle, does that match what you are seeing on your side as well?

Danielle: Yes, sure. To boost a promotion, fraudsters need to create or have access to multiple fake accounts. In the past, this required a pool of third-party information, which they used to create several accounts. As we advanced with device detection, fraudsters had to reinvent themselves. Now they use multiple devices, and it’s no longer enough to rely on device detection alone. They’re using SDKs or device simulator apps, temporary numbers, and other methods.

If you don’t combine device detection with geolocation, device integrity checks, and other data, fraudsters will stay ahead of you. We also can’t forget about AI. It’s getting more difficult because fraudsters are using generative AI to bypass our existing blocks and checks for multiple account creation. It’s getting even more difficult because some regular consumers are starting to use AI too.

I don’t know if you’re facing this kind of thing on your platforms, but sometimes we see legitimate customers using an AI agent to place an order in the app. We have to distinguish between legitimate users using AI and fraudsters using GenAI to create bots that bypass our blocking rules. We’re going to see a lot more about this topic in the coming months.

Jeniffer: Yeah, it's interesting to see how the methods evolve so quickly and why it's so important to keep up with all these methods and detect how they're scaling up the fraud. Right, and one interesting thing that we saw around this challenge of promotion abuse is that the challenges you have at Zé Delivery in Brazil and Latin America in general, and those at Grubhub, are very similar across different platforms and geographies.

Earlier this year, we released the 2025 Incognia Frontline Report: Gig Economy Edition. It's available on our website if you want to check it out. In last year's data, we saw that 48% of all consumer-side fraud detected on delivery and ride-sharing platforms was related to promotion abuse—48% of all detected fraud! So this is one of the most widespread forms of fraud that we are seeing on these platforms right now.

There are some common mistakes, such as when the marketing and fraud prevention teams are not aligned on the strategy to release marketing campaigns—things can get nasty, right? One example we saw was a food delivery platform whose marketing team ran a particular promotion despite the fraud team warning that the campaign design was susceptible to abuse. And then, they ran it again. Afterward, the fraud team estimated that 90% of the promo budget went to fraudsters. So it was a huge loss.

The goal of these campaigns is always to get new customers and encourage more orders from existing ones, but if the fraud prevention and marketing teams aren’t aligned, that budget goes into a leaky bucket.

Another mistake we usually see some platforms making is trusting the device that they are seeing. Fraudsters—the professional ones who scale up their operations—generally use either emulators or app cloners. With emulators, they can simulate multiple devices and easily automate the creation and access of multiple accounts, which is what you face, right, Dani? Multiple accounts being used.

On the app cloner side, this allows fraudsters to run multiple instances of the same application and often change the original source code, modifying the whole app. So, in a sense, if you look at these devices or the ones coming from an app cloner, it looks like a different session, a different person, a different device. If it’s not detected, abuse is guaranteed to happen.

All right, let’s go to our next section, which is the Detection Dilemma. Detecting fraud and abuse isn’t always black and white—especially when it comes to promotion abuse. It’s very silent, very hidden, and there’s a thin line dividing what’s a good user, what’s an abuser, and what’s a professional fraudster.

I know that different platforms can classify fraud and abuse differently, and we’re not going to touch that today. But in this section, we’re going to get into the vulnerabilities, blind spots, and subtle signals that teams need to watch for.

So, I’m going to start with you, Sudhir. How do you draw this line between promo abuse and a savvy user? What makes something cross into abuse territory? And in your opinion—I know this is a tricky one to define—but how do you see this difference between promo abuse and a savvy user?

Sudhir: Yeah, absolutely. This question is harder than actually finding promo frauds, I would say. Getting back to your question, as you mentioned, it’s really tricky to define what promo abuse actually is. This is something we, as a company, have to sit with our teams and figure out—what do we consider borderline abuse versus actual abuse that’s happening?

It’s very much in the gray area right now. But if we start breaking it down, I’d look at it on two different levels. The first one is what I call intent. If a user is bending the rules—creating a few accounts to take advantage of a few promos, like a new user or reactivation promo—I think it’s fine, unless the long-term value of that customer is actually creating a loss for the company.

The next point is what I call scale and deception. This is where things move more into abuse territory. If there’s deliberate misrepresentation—like fake accounts, false identities being created, or a coordinated effort to extract or abuse promos on our platform—then that’s clearly abuse, plain and simple.

But looking simply at the top-line metrics isn’t going to help, as Danielle mentioned earlier. What we call that here is “manufactured growth” versus “real growth.” You should be able to identify who your real users are and who’s just abusing your platform.

There are a few ways to do this, but let me go through the top three. The first is what I call identity recycling. It’s important to know the identity of every person coming onto your platform. For example, if you see multiple emails, payment methods, devices, or IP addresses repeating across multiple new accounts, that’s a clear case of people creating multiple personas just to exploit your promos.

The second indicator could be manipulation of the order process—tech manipulation. For example, using emulators or recycling multiple devices. If you can identify these kinds of patterns, that’s a good sign that these are sophisticated fraudsters manipulating how your platform sees them.

The third is behavioral patterns. What behavior are you seeing on your platform? Do you see a sudden spike in the velocity of orders, new account sign-ups, or promo redemptions? What Dani mentioned earlier—if your promos are redeemed within minutes—maybe it’s good, maybe it’s bad. You need to figure out what’s legitimate and what’s abuse.

Looking for that anomalous behavior is key. That’s how you distinguish between a fraudster and a savvy or loyal user. Figuring out where to draw that line is really important, and once they cross it into abuse territory, it becomes a fraud problem. That’s something we have to deal with directly. That’s how we approach promo abuse here.

Danielle: Just to add something to what Sudhir said, I 100% agree. Actually catching abuse is really a dilemma because you will always have a gray zone. It’s hard to say, “Is it abuse or is it fraud?”

Just to give an example: if you have a device with a single account and clean personal data, that’s great—it’s our dream in fraud prevention for all users to look like that. But they don’t. On the other side, we have users with a single device and 400 accounts linked to it—and I wish that were a fictional example, but it’s not.

So there’s a gray zone in the middle. For example, a single device with three accounts—what do you do with that? Do you allow them to use your app? Do you block them?

And connecting to what we’re going to talk about—the connection with the growth team—there’s no single correct answer to this. It’s a real dilemma, just as Sudhir said.

Sudhir: Absolutely.

Jeniffer: Yeah, for sure. We had a question here in the chat: if you guys could share how data can be used to prevent fraud. Let’s think about the scope of promotion abuse—how are you using data to detect and prevent those kinds of abuses from happening?

Sudhir: Yeah, I think starting out, if you’re just looking at the very basic things, one thing you can look at is simple velocity checks. Do you see a sudden spike in orders? If yes, are they using a lot of promos? Are they maybe stacking promos on a single order? Are all of their orders using a promo? That’s a potential indicator that there could be abuse.

If you go a little deeper, fraud linkage is something else you can look at. If someone’s trying to abuse your promotions, they’ll want to come in with a new account every single time—what we call a new persona. They can create a new account again and again, using slightly different email addresses. For example: “sudhir@gmail.com,” then “sudhir+1@gmail.com,” and so on. They just keep modifying their email address to come up with a new account every single time.

They can also change their IP address or manipulate their device. There are so many ways they can do this, and you should be able to detect if they’re somehow manipulating your platform.

Danielle: And just to add something—for fraud prevention, the more data you have, the better. I think a good strategy is to use all of the data you have and combine it with data from third-party providers that specialize in certain areas like device ID or device integrity. Combining all this data helps detect these kinds of abuses and fraud.

Jeniffer: And on this topic, Dani, could you share an example of an early sign that a campaign has become a target for abuse?

Danielle: Of course. No matter how many existing fraud prevention tools or blocks you have, we always miss something, and some campaigns can show us where those gaps are. So it’s very important to have strong monitoring in place in addition to your existing blocking tools.

Monitoring data and behavioral patterns over time is essential to identify existing loopholes. To give some examples, you can track the velocity at which coupons are being used in a specific campaign. You can monitor usage per device for certain coupons, or look at concentrations in delivery addresses, geolocation, and KPIs that could signal your campaign is being abused.

When you see these signs, it requires quick action so you can adjust your rules and block these new patterns.

Jeniffer: And we also have a question that I believe is for you. Could you elaborate on legitimate customers using AI? What kind of cases are you referring to?

Danielle: Well, I have an example. We had a legitimate user who used ChatGPT to place a reorder in our web app. If I’m remembering correctly, the customer used ChatGPT to place another order, but they weren’t able to add alcoholic beverages—only Guaraná and other soft drinks we have here.

It was a real customer using an AI agent through ChatGPT to place an order on our platform—and we actually delivered it. So we can’t block this kind of usage. At the same time, we have to identify when generative AI is being used by fraudsters. This is the most recent example we’ve had.

Jeniffer: I’m going to go to a question for you now, Sudhir. Are there certain types of promo campaigns or internal processes that you’ve found are especially vulnerable to abuse?

Sudhir: Absolutely. Grubhub—and I’m assuming other platforms as well—offers a lot of different types of promos, and there’s always some promotion running. But from what I’ve seen, a few types have been targeted heavily by fraudsters.

For example, the new user promo. If all it takes to get the promo is to create a new account—just by changing an email or phone number—anyone can do that. You can get a phone number easily these days, or, as I mentioned earlier, just change one letter in your email. It’s very easy now to create new accounts if that’s all it takes to get a promo, which is why it’s the biggest target we see.

We also see referral promos being abused, especially in cases where both the referrer and referee get rewards—say, $5 each. I’ve seen fraudsters use device farms or emulators to create thousands of accounts and refer themselves, taking both promo amounts.

As I mentioned earlier, we also see a big hit on merchant-funded promos—when restaurants offer promotions to get more traction on our platform. Fraudsters target them, and in some cases, we take the hit as a company; in others, the restaurants do, and we end up compensating them.

It’s a tricky situation. It’s really about understanding why fraudsters are targeting certain types of promos and how they’re getting through. Letting the promo run and saying, “I’ll analyze later and see why we lost money,” isn’t an option anymore, because we’re losing millions of dollars.

It has to be a real-time approach, with real-time detection—and that’s critically important.

Jeniffer: What do you think is one common blind spot or assumption that causes teams to miss abuse for longer than they should?

Got it — here’s the full cleaned-up transcript you provided, with nothing cut off or summarized:

Danielle: I think we need to separate into levels of maturity. Talking about companies that don't have any specialized fraud prevention team, the most common blind spot is when you are evaluating campaigns just by looking at growth metrics—the ones I mentioned before, like new customers or the development of new orders in your app—and you don’t look at your key financial metrics, your long-term financial metrics. So this is the most common blind spot.

And for companies that do have a fraud prevention team, I think, as we were saying, it’s when you are being more superficial than the fraudsters. If you’re only detecting device IDs and the fraudsters are using emulators or app cloning, you’re going to have your blind spot for a long time.

So, talking about fraud prevention teams, to summarize—it’s when fraudsters are ahead of you, using more advanced techniques than you are. You’re going to see the fraud happening later. So I think we need to separate these two levels of maturity. Yeah.

Jeniffer: Yeah, I believe it’s especially difficult when we’re talking about a new user, because you don’t have much information about who this person is or their consumption behavior. Most of the time, it could be a new device, for example, so platforms usually have very little data about them.

The dilemma is how can you make sure that what you are seeing is a real user—a user that you want to retain—versus a fraudster who should be blocked or at least limited in what they can do on the platform.

One of the ways Incognia can help platforms with this is by using device intelligence and precise location to identify users that are coming back to the platform, creating new accounts, or accessing existing accounts to leverage these promotions and coupons.

And when we talk about location, when there’s a concentration of this behavior in the same location, then you can start to be suspicious. For example, if you’re seeing 15 new accounts that have used promotions—only promotions—in the last two weeks, or if they have a very high concentration of promotions among their purchases, that’s obviously suspicious.

We had a question about geofencing. Let me try to find it. Someone asked, “Can geofencing—using latitude and longitude pings—effectively identify repeated new or unique users or processes exploiting promotions?”

Yeah, the short answer is yes. With our solution, we can identify location very precisely, and if there’s a concentration, we can identify abuse in that environment.

What we are mostly seeing is the use of tools to bypass the device ID most of the time. When we talk to prospects or new customers, one of the mistakes we see them making is relying on a device ID solution that was not made for preventing fraud.

We worked with a platform that previously used an advertising ID for fraud prevention. This advertising ID worked for some time, but then the fraudsters figured out how to bypass it—sometimes by reinstalling applications, and other times by emulating the device or masking the device attributes by using app cloners.

So, to your question—so far, what we are seeing as more helpful to find promotion abuse is pre-identifying devices that are using multiple accounts and detecting devices that are using more advanced techniques. And, at another level that we’re going to cover, they also try to reset the device.

So, geofencing can be used, but it’s not what we’re seeing as the best approach right now.

Alright, so I think we can go to the next section now—The Crackdown.

This is where it gets tricky. You know abuse is happening, but cracking down can come with trade-offs. So how do we enforce stronger protections without creating friction for good users and hampering growth?

Danielle, why don’t you start us off? What methods have you found to be the most successful for preventing promotion abuse without causing friction for good users?

Danielle: Of course, Jenny. So, well, first of all, we need to tackle the root cause—the creation and use of multiple fake accounts in cases of promo abuse. It’s essential to have a solid strategy to prevent a single bad actor from creating, as I said, for example, 400 accounts.

In this stage, I’m talking about the creation of accounts and the login process on your platform. It’s crucial that you have advanced techniques such as device detection, device integrity checks, and geolocation—all combined—to act quietly. As I said before, promo abuse is a silent fraud.

If you ask the consumer for too much data, too many documents, and personal information, you’re going to create friction—and that’s never the goal. So use what I call “quiet” detection: silent monitoring of device and behavioral data. This allows you to reinforce your checks during onboarding and login.

It’s also very important to clearly define what behaviors you absolutely won’t tolerate or allow onto your platform, and what you’re willing to let through. When in doubt—say, one device with three accounts, but nothing else suspicious—I might let that one go and monitor further.

So, the first step is to deeply understand your customers during account creation and login. Then, you move on to strong, ongoing monitoring.

Build a robust monitoring tool that can track how consumers behave when they’re in your platform—how they’re using coupons—and combine this with smart, automated blocks that can stop abuse as it happens.

For example, if you detect a device with three accounts using your campaigns, and that device starts redeeming a lot of coupons in a short period of time, you can automatically block that activity.

So, in simple terms: reinforce and go deeper than just blocking at onboarding. At the moment of account creation, know everyone who’s entering your platform, then monitor them closely to decide what to block or allow.

We had great results doing this. I can share some numbers: we saw a decrease of more than 90% in abuse and fraud in loyalty programs by using this strategy—mapping the entire customer journey, embedding anti-fraud intelligence in every step, and aligning it with the company’s broader strategy.

So my piece of advice is to follow this path.

Jeniffer: That’s a great result—congratulations on that.

Sudhir, do you have anything to add to Danielle’s answer on methods you’re using to prevent promotion abuse without causing friction—or how much friction is acceptable?

Sudhir: Yes, absolutely. I often end up agreeing with Dani on this. What she mentioned—using advanced detection and understanding the root cause of why abuse happens—is really important.

A couple of additional points I’d like to add: one thing we’re working on now is figuring out how we can share signals across different entities. For example, if we see fraud happening—like account takeovers, refund abuse, fake restaurants, or impersonation cases—we consolidate those signals, such as IPs, emails, and devices, and integrate that data into our promo abuse decision-making.

That’s a great starting point because, generally speaking, these frauds are highly concentrated—it’s often the same group running multiple types of scams. So sharing signals across systems really helps.

The second thing is something we’re exploring now: instead of taking a reactive approach—like rejecting an order at checkout when a promo is being used—we can shift the decision-making earlier.

Specifically, when deciding which customers to send promos to, we can apply fraud intelligence at that stage. If you filter out risky users before sending promo emails or in-app offers, you won’t have to block them later during checkout.

This proactive approach eliminates potential friction between the fraud and growth teams, and it prevents unnecessary user friction overall.

That’s an approach I’m working on now, and, of course, everything Dani mentioned—we’re doing that as well.

Jeniffer: Those are some great insights, Sudhir. I have a question for both you and Danielle. Do you have any best practices for getting buy-in from marketing or growth teams when cracking down on promotional abuse?

How can you make a case that fraud prevention is a growth enabler and not a growth blocker? How do you bring that information to the table to convince them that your strategy enables growth instead of blocking good users?

Danielle: Well, this is the topic I enjoy the most talking about. I really believe fraud prevention is a growth enabler.

First of all, what we need to do as anti-fraud managers is provide visibility—visibility on the data and the risks involved—through shared data and analysis that can highlight potential issues and show the growth team and senior leadership how certain abuses can harm long-term profitability and affect future growth metrics.

I think our first goal and challenge is to give them visibility into what’s happening. Often, growth teams don’t see how inefficient a campaign is being. Here at Zé Delivery, we’ve seen several examples of campaigns and loyalty programs that, after implementing a strong fraud prevention strategy, grew significantly—some by up to ten times.

The difficult part is that fraud prevention teams also need to understand that our strategies must align with the company’s overall strategy. Especially when we’re talking about the gray zone I mentioned earlier—sometimes the company’s focus is brand awareness, and we need people to know the company and use our coupons. In those cases, we’ll be softer with fraud prevention, because we understand that growth is the immediate goal.

But sometimes profitability is the goal, and we can’t afford to lose extra money. Then, we look at ROI and focus strongly on fraud prevention.

So I think these are the two steps: first, highlight issues and give full visibility to the growth and marketing teams; and second, deeply align fraud prevention strategy with the company’s priorities. Whether that means being more flexible or being stricter, it has to follow the company’s moment and goals.

That, I think, is the key—if not the “secret”—to success: making fraud prevention part of the company’s strategy, not separate from it.

Jeniffer: And we’ve talked a lot about the marketing team being at the table when discussing the strategy to prevent promo abuse and promotion fraud. A question for you—who else needs to be at the table when building your promotion abuse strategy, and how do you keep everyone aligned?

Sudhir: Yeah, absolutely. In addition to the cross-functional partners Dani mentioned, I’d also include the engineering and customer care support teams.

Engineering, because once you have long-term solutions you want to implement—like detection systems or automated checks—you’ll need their support to prioritize and build them into their roadmaps. It’s important to have them engaged early.

And customer support as well, because they’re the frontline defense. They’re usually the first ones to hear about abuse, complaints, or unusual activity. It’s essential to create a feedback loop with them so that their observations get back to the fraud team quickly.

To keep everyone aligned, constant communication is key. But I’d also recommend adjusting how we frame our KPIs when talking to different teams. For example, customer support or growth teams may not care about “fraud rate” directly, so instead, we can present it as: “Because we stopped this much fraud, this is the amount of growth or savings we delivered.”

Tweaking the KPIs like this helps make fraud prevention feel like a shared success—part of achieving company-wide goals, not just a defensive function.

Jeniffer: Thank you for those insights. There’s a question here from Zafar: “Given that IMEIs can be masked and cloned applications can generate multiple device IDs, what strategies can be employed to address this challenge and prevent fraud?”

I can take this one. There are several stages where we see fraud happening in promotion abuse. Fraudsters won’t stop at one tactic—they’ll try something new every time their methods are detected.

Usually, what we see at Incognia is that the first stage starts with multi-accounting. They take advantage of platforms that aren’t using a strong, persistent device ID capable of detecting fraud. They’ll create multiple accounts until those accounts start being blocked.

Once a strong device ID solution—like Incognia’s—is applied, they move to the next stage: reinstalling the app. But with a persistent device ID, reinstalling doesn’t help, since it doesn’t change the identifier.

So then, they escalate to more sophisticated methods such as app or device tampering. They might use emulators, app cloners, or other advanced techniques like rooting the device. If a platform can’t detect integrity issues, those fraudsters can continue operating undetected for a long time.

The third stage is when they try to factory reset devices. When they realize their device is being tracked, they reset it to generate a new device ID. To detect this, we use several methods. One very reliable one at Incognia is detecting clusters of new devices appearing in the same physical location. When multiple devices “die” in the same place and new ones appear immediately after, that’s a strong indicator of factory resets.

Then comes the fourth stage—changing the device entirely. If their current device is flagged and can no longer create accounts or use coupons, they switch to a new one.

In that case, detection can be improved by using location intelligence. At Incognia, we have a feature called “Environment Linked to Fraud.” This flags physical environments that have been previously linked to fraudulent activity. When a new device appears in that same environment, it’s automatically flagged as high risk.

That allows the platform to take preventive action—whether that’s blocking coupon use, limiting actions, or even blocking the account.

Each of these layered defenses shuts down abuse without hurting real users, and the false positive rate is very low.

Let’s see—we have another question about generative AI, which is a hot topic. For either of you, can you elaborate on the use of anomaly detection and whether you see any applications of generative AI tools in fraud detection?

Sudhir: Yeah, absolutely. What we’re seeing is a lot of cases where multiple synthetic identities are being created using generative AI—and it’s happening at scale. Hundreds or even thousands of fake accounts can be created very quickly using AI-driven automation.

On the other side, we’re also seeing deepfake documents and videos being used to onboard fake restaurants or impersonate real ones, tying back to the collusion aspect I mentioned earlier.

So yes, we’re definitely seeing fraudsters using AI significantly—and at a rapidly increasing rate.

Jeniffer: Thank you, Sudhir. It’s time to wrap up. Thank you, Danielle and Sudhir—we really loved having you here today.