Catching Coupon Abuse
3 min read
Coupon abuse comes in several flavors — repeat first-order coupon use across throwaway accounts, coupon-then-refund cycles to extract free value, deal-site coupon code leaks producing acquisition cohorts of unprofitable customers. This walkthrough shows how to identify all three patterns with TrustLens and stop them at scale.
The Three Patterns #
| Pattern | Signature | Detection |
|---|---|---|
| Throwaway-account coupon hunting | Many accounts with slight email variations, all using new-customer coupons, often shared shipping | Coupons + Linked Accounts modules |
| Coupon-then-refund | Apply coupon, complete order, refund — repeat | Coupons module tracks the cycle |
| Deal-site code leak | One coupon code suddenly used by hundreds of unrelated customers | Dashboard Coupon Abuse Stats |
Pattern 1: Throwaway-Account Hunters #
Identify Existing Hunters #
- Open TrustLens → Customers
- Filter to “Has linked accounts” = true
- For each linked customer, open the profile and check the Coupons stats
- Customers with first_order_coupons >= 2 across linked accounts are the hunters
The Dashboard’s “Customers with multiple first-order coupons” card surfaces these directly.
Block the Pattern at Checkout #
Enable the linked-account checkout block:
- Settings → Modules → Coupons
- Toggle on Block linked-account coupon abuse
- Save
Now, at checkout, if a customer attempts a first-order coupon and TrustLens detects they’re linked to other accounts that have already used new-customer coupons, the coupon is rejected. The customer can still complete checkout — just not with the discount.
Caveat #
This setting can produce false positives on shared-household addresses. Run it for a week and monitor the Blocked Checkout Alert emails for innocent collateral. If complaints come in, allowlist the affected customers.
Pattern 2: Coupon-Then-Refund #
Identify #
The Coupons module tracks the coupon_then_refund counter per customer. To find offenders:
- Open Customers list
- Sort by Coupon-Then-Refund column descending
- Investigate the top entries
Customers with 2+ coupon-then-refund cycles see the Coupons module fire -10. Combined with Returns signals from the underlying refunds, these customers typically land in Risk.
Take Action #
For confirmed offenders:
- Block at checkout
- Add admin note documenting the pattern
- Consider tightening the affected coupon’s per-user usage limits
Automate (Pro) #
Build an automation rule:
- Trigger: Order Refunded
- Conditions:
order.has_coupon = trueANDcustomer.coupon_then_refund >= 2 - Actions: Block customer; alert fraud team via email
This catches the third cycle automatically — and stops the pattern before it becomes a fourth or fifth.
Pattern 3: Deal-Site Coupon Leak #
Identify #
A leaked coupon shows up as anomalous usage volume on a single code. The Dashboard’s “Top coupons by abuse signal volume” card surfaces this — if WELCOME15 is suddenly the dominant entry, your code is on a deal site.
Confirm #
Google the coupon code. If it appears on RetailMeNot, Honey, Slickdeals, or similar, it’s been leaked.
Take Action #
- Disable the leaked coupon in WooCommerce Coupons settings
- Create a new coupon code with stricter restrictions (per-user usage limit 1, customer-email-domain restrictions, expiration)
- Review customers who used the leaked code over the past 30 days — many will have abuse signals; consider mass action
- For customers who used the leaked code and are now in Risk: bulk block
Prevent #
- Use unique per-customer coupon codes for promotions (random codes that can’t be shared)
- Set per-user usage limit to 1 on all new-customer coupons
- Add expiration dates to all promotional codes
- Audit your active coupons quarterly — disable old codes
Setting Up the Coupon-Abuse Workflow #
Step 1: Tune Coupons Module Settings #
- Settings → Modules → Coupons
- Set Max first-order coupons before flag to 2 (default) — fires the multi-first-order signal earlier
- Enable Block linked-account coupon abuse after a week of observation
Step 2: Enable the Coupon Abuse Notification #
If you’re on Pro, enable the Velocity Alert with coupon-specific conditions, or build a custom automation rule on the coupon_abuse trigger.
Step 3: Weekly Review Routine #
Add a recurring 15-minute calendar block:
- Open Dashboard
- Check “Top coupons by abuse signal volume”
- Check “Customers with multiple first-order coupons”
- Investigate anomalies
What to Expect #
- First month: surge of detection as historical patterns surface
- Subsequent months: steady-state catches of new patterns as they emerge
- Customer acquisition cost may rise slightly as throwaway-account growth drops — that’s the goal
- Genuine new customers using welcome codes are unaffected (first use is fine)
Metrics to Track #
- First-order coupon usages per month (declining = throwaway accounts dropping off)
- Coupon-then-refund cycles per month (target: near zero after rollout)
- Coupon revenue / refund ratio per code (catches abused codes specifically)
- Customer acquisition cost from coupon-driven channels
Common Pitfalls #
- Over-blocking households: Address-linked household accounts using welcome codes can look identical to throwaway accounts. Allowlist confirmed legitimate households.
- Penalizing returning customers: A customer who used your welcome code once and returns months later shouldn’t be penalized. The Coupons module is built to ignore single first-order coupons.
- Ignoring leaked codes: If a code is on a deal site, every additional use is bad-faith. Disable promptly.
