The Essential Guide to Promotion Abuse on Delivery Platforms

Introduction

The food delivery industry experienced major growth during the COVID-19 pandemic. These marketplaces saw the demand for their services grow, but also experienced intense competition.

Post-pandemic, user growth slowed, and food delivery companies had to implement new customer acquisition and retention strategies. In the face of this new environment, food delivery companies have invested—and continue to invest—substantial sums in promotional activities.

For example, in Latin America (LATAM) today, Incognia estimates that between 20-40% of monthly transactions on food delivery platforms use some form of promotional coupon.

Some of these transactions are performed by legitimate customers just looking for a good deal. But many of them are made by bad actors who are systematically abusing promotional activities and stealing large sums of money from these platforms using sophisticated fraud methods.

Watch the webinar where we break down insights from this guide:

How extensive is this problem of promotion abuse? By our estimates, on average 2% of all monthly transactions on delivery platforms in LATAM are associated with coupon fraud. With the top two US delivery platforms averaging US $1.1B worth of transactions per month, we estimate that the largest US delivery companies each could be losing over US $1.5M per month due to promotion abuse.

To systematically abuse coupons, bad actors typically use a multi-accounting strategy in which they use several devices and utilize a sophisticated device reset strategy to evade recognition. As they’ve implemented limits and rules in an attempt to crack down on this behavior, fraudsters have come up with increasingly complex techniques to get around the restrictions so they can continue to profit. Given the strategic combination of these multi-accounting techniques and their lack of advanced location and device recognition signals, the delivery industry has been fighting blind.

The Incognia team has extensive experience fighting promotion abuse through close collaboration with our customers.

We’ve compiled this report to provide food delivery companies around the world with deep insights into two kinds of promotions that are commonly abused: New User Coupons and Loyalty Coupons.

To illustrate the scope and complexity of these issues, we’ve included real insights from the food delivery market in LATAM. Our goal with this report is to help fraud practitioners gain a deep understanding of the true sophistication and scale of promotion abuse on food delivery platforms, and the tools, techniques, and new signals that can be used to prevent it.

New user coupon abuse

The first and most obvious promotion type to exploit is new user coupons. Generally, this type of coupon offers a more aggressive discount to convince new users to try the service.

In order to exploit new user coupons, the fraudster must create as many accounts as possible. After the discount is used, these accounts are typically discarded.

In LATAM, Incognia’s research shows that on average between 1% and 2.5% of devices on food delivery platforms access 3 or more accounts, with many of these devices actually accessing over 50 accounts.

In one 3 month period, Incognia found that 4% of the accounts that accessed one customer’s food delivery platform belonged to users who were engaged in multi-accounting.

For a better understanding of the volumes we’re discussing, we’ve calculated 4% of the monthly active users at some of the top food delivery platforms in the world:

Uber Eats:

2,640,000 users
Doordash:

1,280,000 users
Grubhub:

220,000 users

In order to abuse new user coupons at scale, bad actors leverage tools to quickly create a large number of accounts. Often, they also use advanced techniques to block device recognition. In the next section, we’ll take a deeper look at both of these approaches.

Tools for creating accounts

In order to create accounts at scale, fraudsters make use of a number of tools:

Email Address Generators: To create fake accounts, email address generators are used to create disposable addresses in bulk. This makes it difficult to track fraudulent accounts.
Disposable Phone Numbers: Many apps allow one account to be created per phone number. To get around this, bad actors buy very inexpensive prepaid cell phone chips in bulk or use apps and services that make it easy to get a temporary phone number. The number is registered to the new account by sending an OTP via SMS and onboarding is completed.
Virtual Private Networks (VPN): Some fraudsters use VPNs to hide their real IP address, making it difficult for delivery apps to identify suspicious activities based on IP or GPS location.

phone-food-delivery-promo-abuse-report-min

Advanced techniques to mask device identification

The systematic account creation methods mentioned above are commonly used to commit various different types of fraud and are relatively easy to do. No real technical knowledge is required to get to this point.

But in order to scale promotion abuse, bad actors must bypass the device controls the app has in place. At this point, the level of complexity increases substantially.

In fact, some of the techniques used in this process are so sophisticated that the same ones are also used to attack digital bank accounts, which are often more securely protected.

Let’s dive into the most common tools and techniques fraudsters are using to mask their devices:

1. Device Emulators:

Emulators were created to help software engineers test their code. They simulate the operation of a smartphone or tablet on a computer and have the ability to project more than one device at a time.
Simulating multiple devices is extremely valuable for fraudsters looking to abuse promotions. Using emulators, they can more easily automate the creation and access of multiple accounts, therefore scaling their operations.
Emulator technology is constantly being improved, which makes detecting its use a moving target for delivery apps.

2. App Cloning

Cloning apps allow multiple instances of one app to run simultaneously on a single device.
They make it possible to alter the original source code, modifying the app. Using this method, malicious users can systematically manipulate the software attributes that are commonly used for device identification. In other words, they can make each app session look like it’s taking place on a different device.
During the last year, food delivery apps have been hit particularly hard by this type of tool. The number of cloning apps available has increased substantially, and their capabilities have been improved.

3. Man in the Middle (MITM)

As the name suggests, this technique involves the fraudster manipulating the communication between the food delivery app and its servers in real-time. The goal of this method is to generate unexpected and manipulated values in an attempt to cause errors that will neutralize security tools.

Rise of Cloning Apps

At the beginning of 2022, the app cloning ‘market’ was dominated by App Cloner.

App Cloner

Premium & Add-ons

But by 2023, our team had noticed a 6X increase in the number of cloning apps being used. These three apps in particular are commonly seen:

Dual Space

Multiple Accounts
Dual Space Pro

Multi Accounts
Parallel App

Dual App Cloner

Loyalty coupon abuse

Experienced fraudsters not only take advantage of new user coupons, but they also exploit promotions offered to active customers to reward their loyalty to the platform.

To abuse loyalty coupons, fraudsters have to play the long game and consistently maintain an arsenal of active accounts. These fake account portfolios are created by buying active accounts from other users or by creating multiple accounts using the methods we described in the last section.

We’ll be the first to admit it: The way these fraudsters maintain hundreds of active accounts and manage their network of delivery addresses is a masterclass in administration and logistics. Let’s look at exactly how they do it.

Purchase management strategy

By studying the apps that they target, bad actors know that inactive accounts are monitored and often banned, while moderately active accounts are likely to receive promotion offers to incentivize more orders. Commonly, delivery apps will assign different classification levels to customers based on the quantity and value of their purchases. Knowing this, fraudsters set alerts to monitor promotional periods but also manipulate the system by strategically making frequent low-value purchases outside those periods as well.

We’ve created the illustration below to depict this pattern. We tracked the purchases of 20 different accounts linked to a single device over the course of a week.

As shown below, when a promotional coupon is offered, there is much more activity from these accounts. However, outside the promotional days, occasional purchases are still made to maintain the illusion that these are legitimate accounts.

By using this method, fraudsters are able to keep their accounts active and scale their operation by removing the need to continuously acquire new accounts. Using this strategy, they maximize gains while minimizing expended resources.

fraud-abuse-food-delivery-incongia-report-01

Delivery Address

The delivery address provided at purchase is an extremely important data point when identifying fraud related to physical goods. Even if the account details are entirely fake, a real address is still needed to complete a delivery. map-food-delivery-promo-abuse-report

A high concentration of orders using the same delivery address often triggers fraud alerts, so bad actors find clever ways to bypass these monitoring techniques, including:

Different but concentrated addresses

Delivery addresses can be different houses on the same street or different streets in the same neighborhood.
Fraudsters also use public access commercial establishments, such as convenience stores or small markets.

Pickup in-store

Fraudsters may also choose the option that allows them to pick up their order at the establishment. This way, their address remains ‘clean’.

Strategies to prevent coupon abuse

So what can food delivery companies learn from these detailed insights into promotion abuse and how it’s being perpetrated? Here are 5 strategies you should take away:

1. Encourage cross-functional collaboration

Cracking down on coupon fraud involves effort by more than just the fraud prevention team. Promotional campaigns are generally created by the marketing team, their policies need to be approved by the legal team, and operations will be responsible for troubleshooting the users, some legitimate and some not, who are blocked. Given this, it’s important that these teams all work together to establish a coupon usage policy that can deliver the desired growth results while also discouraging abuse and fraud.

2. Monitor user behavior and transactions

It’s crucial to implement customized fraud rules that can alert you to changes in behavior at different stages of the user journey so that you can step in to investigate. This would include abnormal activity relating to account creation, logins, payments, and other critical moments.

Of course, there will be fluctuations based on seasonality, marketing campaigns, and external events.

However, unusual increases or concentrations of factors like coupon usage, activity by region, or payment methods need to be investigated in order to detect new fraudster methods and reveal weaknesses in your fraud prevention processes.

3. Integrate a persistent device fingerprint

Promotion abuse often involves a cluster of accounts accessed on the same device.

In light of this, it’s essential that you have a strong device recognition solution that can help you recognize the same device, despite manipulation attempts or factory resets.

In order for a device recognition solution to be robust and reliable, it has to be resistant to tampering. Keep in mind that there are a broad range of tampering techniques, from simple to sophisticated. Free APIs will not detect the complex methods used in systematic promotion abuse scams.

Delivery companies need to look for solutions that are cutting-edge, keeping them one step ahead of fraud. Incognia's breakthrough use of exact location to create a resilient device recognition signal is an example. One way to create a stronger solution is to pair a device fingerprint with a second signal, like exact location behavior data.

4. Detect emulators and app tampering

As we’ve seen in this report, these tools are widely used by coupon fraudsters to scale their operations. To prevent significant losses, it’s important that food delivery platforms have a solution for detecting the use of emulators and advanced app tampering tools that bypass detection and enable multi-accounting.

5. Ensure continuous learning and updates (tools and people)

Fraudsters quickly adapt to new fraud prevention and detection measures. That’s why it’s important for the fraud teams at food delivery companies to stay in a constant state of learning and adaptation. This includes using innovative and dynamic solution providers, benchmarking and exchanging knowledge with other companies in the market, and specializing teams.

Conclusion

To sustain user growth and engagement post-pandemic, food delivery companies turned to promotions as a key strategy. But in this report, we’ve shed light on how the abuse of these promotions can send your growth budget spiraling down the drain.

As food delivery companies worldwide grapple with the issue of promotion abuse, it’s our hope that the insights and data presented here will serve as a valuable guide.

By learning about the scope of the problem, the techniques employed by fraudsters, and the preventive strategies that are available, you can defend your platform against abuse and ultimately invest more resources in creating great experiences for genuine customers.

In a market landscape where consumer behaviors, technology, and competition continue to evolve, staying one step ahead of promotion abuse is essential to the continued success of your platform.

How Incognia can help

Persistent device fingerprint for food delivery

Incognia uses exact location behavior and device recognition signals to provide a device ID that is resilient to factory resets and prevents multiple account creation, promotion abuse, and courier scams. Our cutting-edge location technology provides the food delivery industry with real-time insights that enable proactive fraud prevention.

With its sophisticated apartment-level location verification and device intelligence, Incognia is leading the charge against risky behavior.

Reliable performance at scale

80% less promotion abuse
94% less courier fraud