Coupon Abuse Detection
7 min read
The Coupon Abuse Detection module watches how customers use discount codes and flags the patterns that turn promotional spend into a leak. The two patterns it catches most reliably are repeat first-order coupon usage (creating new accounts to grab a new-customer discount over and over) and coupon-then-refund cycles (applying a coupon, completing the order, refunding, repeating). It also coordinates with the Linked Accounts module to spot coupon abuse spread across a network of accounts.
Module ID: coupons. Default: enabled. Free tier (complete).
What It Observes #
The module hooks into woocommerce_applied_coupon and refund events. When a coupon is applied at checkout, the module:
- Inspects the coupon to determine whether it’s a first-order / new-customer type (by usage restrictions or naming convention)
- Increments the customer’s
total_coupons_usedcount - If first-order: increments
first_order_coupons - Logs a
coupon_appliedevent with the coupon code
When a refund is processed on an order that used a coupon, the module increments coupon_then_refund. This is the key signal for bad-faith coupon abuse — applying a discount to an order specifically to refund it later.
The module also subscribes to trustlens/linked_accounts_detected. When a fraud-ring detection fires, the module checks whether the linked accounts have been collectively using new-customer coupons — a strong indicator of throwaway-account abuse.
What It Signals #
Coupon-Then-Refund Cycles (Primary) #
The dominant signal. The Coupons module tracks the coupon_then_refund counter — the number of times the customer applied a coupon to an order and then refunded it. Mutually exclusive tiers:
| Coupon-Then-Refund Cycles | Score | Reason Shown on Profile |
|---|---|---|
| 3+ | -25 | “3 coupon orders refunded (abuse pattern)” |
| 2 | -15 | “2 coupon orders refunded” |
| 1 | -5 | (no reason text) |
| 0 | 0 | (no signal) |
This is the strongest single coupon-abuse signal — applying a coupon, completing an order, then refunding is consistent with bad-faith use, and the cycle repeating reinforces the pattern.
First-Order Coupon Abuse #
An additional -10 penalty when both conditions hold:
| Trigger | Score | Reason Shown on Profile |
|---|---|---|
first_order_coupons > 0 AND coupon_then_refund > 0 |
-10 | “First-order coupon abuse pattern” |
The logic: using a first-order coupon and then refunding the order combines two abuse patterns into one — the customer captured the new-customer discount value while returning the underlying purchase. This signal stacks on top of the coupon-then-refund tier above.
High Coupon Usage Rate #
| Trigger | Score | Reason Shown on Profile |
|---|---|---|
| 5+ orders with coupon usage rate ≥ 80% | -10 | “High coupon usage: 85% of orders” |
Catches customers who only ever buy when a discount is on the table.
Legitimate Coupon User (Positive) #
| Trigger | Score | Reason Shown on Profile |
|---|---|---|
| 3+ coupons used with 0 refund cycles | +5 | “Legitimate coupon user” |
Distinguishes deal-aware customers (good) from coupon abusers (bad).
Coupons stack — a customer with 3+ refund cycles, a first-order coupon among the refunded orders, and 80%+ coupon usage rate can see Coupons module penalties up to -45 before any other module contributes.
How First-Order Coupons Are Detected #
WooCommerce coupons can be configured as first-order / new-customer coupons in several ways:
- Usage limit per user set to 1
- Coupon code naming convention (WELCOME10, NEWCUSTOMER, etc.)
- Restrictions to specific email domains or account-creation requirements
The Coupons module inspects each applied coupon to identify the first-order type. It checks WooCommerce’s built-in coupon meta (usage restrictions, applied count) and follows a heuristic for naming patterns. If your store uses a non-standard mechanism for new-customer coupons (e.g. a custom plugin), the detection may need tuning via the trustlens/is_first_order_coupon filter:
add_filter( 'trustlens/is_first_order_coupon', function( $is_first_order, $coupon ) {
// Treat any coupon with "welcome" in the description as first-order
if ( stripos( $coupon->get_description(), 'welcome' ) !== false ) {
return true;
}
return $is_first_order;
}, 10, 2 );
Settings #
| Setting | Default | Description |
|---|---|---|
| Max first-order coupons before flag | 2 | If a customer’s first_order_coupons exceeds this value alongside any refund cycle, the first-order-abuse pattern signal fires |
| Block linked-account coupon abuse | Off | If on, attempts to use a first-order coupon on a checkout linked to other accounts that have already used new-customer coupons will be blocked at checkout |
| Module enabled | On | Master toggle |
To adjust, go to TrustLens → Settings → Modules → Coupons.
Common Patterns #
The Throwaway-Account Coupon Hunter #
Signature: One person creates multiple accounts using slight email variations (john+1@, john+2@, john.smith@gmail vs johnsmith@gmail) to grab the new-customer discount repeatedly.
Detection: Linked Accounts module catches the link via shared shipping address or device fingerprint. Coupons module fires the linked-account aggregate signal.
Score impact: Coupons -10 to -25 per account, Linked Accounts -25 to -30 per account. Each account lands in Risk or Critical.
The Refund-Cycle Abuser #
Signature: Customer applies a coupon, completes the order, refunds. Repeats. The coupon may be a percentage off (extracting a free or near-free item that they refund).
Detection: coupon_then_refund counter increments; signal fires at 2+ cycles.
Score impact: Coupons -10 to -20, plus Returns signals for the underlying refund rate.
The Deal-Site Coupon Leak #
Signature: A single coupon code is shared on a coupon-aggregator site. Suddenly hundreds of customers (mostly first-time) use it.
Detection: Not a per-customer signal — show up in the Coupon Abuse Stats dashboard card. The Dashboard’s “Top coupons by abuse signal volume” highlights the leak.
Action: Tighten the coupon’s per-user usage limit, restrict to specific products, or expire it.
The Legitimate Returning Customer #
Signature: Customer has used one welcome coupon, then placed orders without coupons since.
Detection: No Coupons signals fire. The one welcome coupon doesn’t penalize.
Score impact: None from Coupons. May earn +5 “No coupon abuse history” after 5 orders.
False-Positive Watch List #
- Family-shared addresses. A spouse and partner using separate accounts at the same shipping address will trigger the linked-account coupon signal even though they’re legitimately separate customers. Allowlist or use the linked-accounts manual review.
- Roommates. Same as above — shared address but separate finances.
- Office addresses. Multiple coworkers ordering to the same office, each using a new-customer discount, look identical to abuse. Consider whether your shipping data deduplicates by suite/unit number.
- Email-typo customers. Some customers create a new account after forgetting their first credentials. Looks like a duplicate-account-with-new-customer-coupon pattern. The Linked Accounts module’s fingerprint detection helps disambiguate.
Blocking Linked-Account Coupon Abuse at Checkout #
The “Block linked-account coupon abuse” setting is an aggressive option that enforces at the checkout-time level. When on:
- At checkout, when a coupon is applied, the module checks whether the customer’s email/fingerprint links them to other accounts
- If linked accounts have already used new-customer coupons, the coupon is rejected with an error message
- The customer can still complete checkout without the coupon
This is off by default in Free because it can produce false positives on shared-address households. Turn it on only after you’ve observed the linked-accounts data for a few weeks and confirmed the pattern is real abuse, not legitimate shared addresses.
Coupon Abuse Stats on the Dashboard #
The Dashboard surfaces coupon abuse at the store level (not just per-customer):
- Top coupons by abuse signal volume — codes triggering the most signals
- Customers with multiple first-order coupons — count of repeat abusers
- Coupon-then-refund cycles in last 30 days — recent activity
- Total first-order coupon usages across linked accounts — the “ring” view
If a single coupon shows wildly outsized abuse signal volume, that’s the leak indicator — investigate where the code is being shared.
Disabling the Module #
Reasonable to disable if your store doesn’t run coupons or new-customer discounts. When off, no coupon signals fire and no coupon events are recorded. Other modules that reference coupon data (Dashboard cards, automation rule conditions) will show empty states.
Reading the Coupons Section of a Profile #
- Signal breakdown shows 0–3 coupon signals
- Stats panel shows
total_coupons_used,first_order_coupons,coupon_then_refund - Event timeline lists each
coupon_appliedevent with the coupon code, order ID, and date
The timeline is the best evidence for justifying actions — you can see exactly which coupons the customer used and when, in case the customer disputes the block.
