A Coupon Extension Gave Me 100% Off My Order (discount code abuse)

by Matt Gillis, on Jan 25, 2021 3:12:13 PM

I’m going to start this article with a scary story to set the stage.

Imagine walking into a store to purchase something. You find an item you like, and you stroll to the cash register. As you work your way through the line, there is a gentleman standing right before the cash register. 

He stops you.

He whispers in your ear: “Hey, want me to see if I can save you a lot of money off of that item you have in your hands?”.

“Umm, I guess so… Sure”, you respond with some anxious hesitation in your voice.

The man searches through some papers and subsequently lets you know he can save you 100% off your purchase. 

It will be free. Gratis. No charge.

“Come on, I’m ready to buy this, pay for this… But you’re saying it’s now free?!?! How can that be?” you wonder aloud.

“Yup, thanks to me, your purchase is free. Don’t worry, I will settle up with the store to make sure I get paid a commission for convincing you to ‘buy’ this item,” the gentleman says.

And, cue the collective screams from retail merchants at the abject horror of paying someone else to give a customer their product for free.


Sounds crazy, doesn’t it? It’s not crazy. In fact, it just happened to me on Friday night.

How It Happened

It’s been a while since I have bought new threads, so on Friday night, I was surfing around the internet looking for some clothes. It’s the new year, time to get some new looks, right?

Lots of brands market to me in my Facebook feed, so I went and checked a few of them out. I landed on one that had some awesome clothes that my wife would approve of (ie. no hoodies).

I threw a shirt into my cart and headed to checkout. I couldn’t believe what happened next.
Coupon Extension Free Item

CapitalOne Shopping applied enough discounts to get me 100% off my order. 

Yup, you read that right. I was getting everything in my cart for free.

How Coupon Extensions Work

Coupon extensions are browser extensions that buyers can install in their web browsers (ex. Google Chrome) and that allow them to discover and automatically apply coupons in shopping carts on ecommerce websites.

Some popular examples of coupon extensions are Honey, CapitalOne Shopping (formerly Wikibuy) and Rakuten.

Learn more about what they are and how they work with the following articles:

Buyers love coupon extensions because they make it easy to save money on purchases. And many online retailers like them because they’ve been told (mostly by the makers of the extensions themselves) that coupon extensions will deliver more buyers and increase conversions.

But at a time when ecommerce is providing a lifeline to struggling retailers, coupon extensions also hold the potential to do irreparable harm to ecommerce businesses.

Why We've Chosen to Do Something About it

Why are we as buyers okay with the digital version of basically “robbing a store” when we’d never be comfortable with the in-person version described in our scary story at the beginning of this article?

As consumers, we shouldn’t be okay with this, yet it’s happening all around us. From 100% discounts like the one I discovered on Friday night, to limited use coupons like “MILITARY50” meant for veterans of our armed services, coupon extensions are scraping and then giving away access to coupons to anyone, regardless of whether they’re meant to have them or not. And in the process, they’re taking money from retailers and giving them little if any options to do anything about it.

We believe this is wrong, and we’re working hard to give online retailers the ability to control how their own coupons are used on their own websites.

At clean.io, we are on a mission to protect digital engagements. Many of the biggest websites in the world already count on us to protect their user experiences, their revenue, and their online reputation from the dangers of malvertising. (In case you aren’t familiar, malvertising is essentially those shady malicious pop-ups that tell you that you’ve won something or are the 5 millionth visitor).

Our three-year-old business has flourished, and we have become a market leader in solving the malvertising problem, with our code now running on more than 7 million websites each month. 

It’s a challenging problem to solve because the bad actors are constantly innovating both their approach and the technology they use to circumvent publisher protections. We’re always working to stay one step ahead of this invisible villain.

In winning the battle with malvertising, we noticed another battle heating up in a completely different ecosystem: online retail. In the last year, many folks will say that our ecommerce market has advanced 10x because of the changes brought about by the COVID-19 pandemic.  

Similar to the ecosystem where malvertising occurs, online retailers are falling victim to third-party code that is executing on their website and which they have no control over. 

This is how coupon extensions are doing their work, and it is doing massive harm to retailer margins and revenue. Frustratingly, online retailers have no way of controlling coupon extensions and preventing them from injecting coupons on their website all while they fundamentally change the user experience.

The sad part is that coupon extensions claim to have online retailers’ best interests at heart. Unfortunately, this little story proves they absolutely do not.

Fortunately, cleanCART is doing something about it by putting the power back into the hands of online retailers.

The Research Process

Since we've gone deep to build a solution for online retailers, I've downloaded all of the various discount extensions on my laptop so I can truly understand the damage that they are capable of inflicting on revenue, margins, and user experience. Right now, I’m running Honey, Capital One Shopping, Rakuten, WeThrift, and Coupert.

So, when I went to check out on Friday night, I was shocked to see exactly what happened. Many of the extensions popped up to attempt to find me deals, but Capital One Shopping took control before the others could even launch.

Capital One Shopping made my purchase free. Yes, FREE. 

It automatically applied a promo code that took $75 off my purchase. My $39 shirt was now $0. Standard shipping was $10.

coupon extension code impact

We’ve seen firsthand how these discount extensions are telling merchants: “We are really good for your business because we are increasing your conversion rates.” 

On its face, the argument makes sense. I converted. 

But, why wouldn’t I buy a shirt for $10 in shipping costs, when I was already going to buy it for $39 plus the $10 shipping fee?

Capital One Shopping did nothing to drive my purchase. I would have purchased either way.

Even worse, I’m now getting merchandise for free, while the merchant will be required to pay Capital One Shopping a fee for supposedly delivering me as a customer.

The harsh truth is that online retailers need tools to solve these problems. In the midst of the pandemic-driven surge of online shopping, it's possible that merchants might not be noticing this pain as deeply as they otherwise would. The blended averages could bury this in the sea of data they look at each month.

It’s time to pull back the curtain, and cleanCART is here to do that.

More than Just an Isolated Example

This brand is not alone. 

  • Honey claims that there are 40,000 merchants on which they can deliver consumers big discounts. 
  • Capital One Shopping claims its software works on 30,000 merchant websites. 

That’s a lot of online retailers that need protection.

We’ve been investing in protecting sites from malicious and untrusted JavaScript for some time now, and we like to think we’ve gotten pretty good at it. 

We believe that you own your website, and you should be able to control the code that executes on your site. Even, and especially, the code that you don’t own.

It’s your user experience. Shouldn’t that be something that you are able to ensure is flawless?  

It’s your revenue. Shouldn’t you get to decide how much of it you sacrifice and how much you keep? Shouldn’t you get to ensure that you aren’t paying affiliate fees to partners who have done nothing to drive a sale or conversion?

To be clear, we aren’t anti-coupon. 

What we ARE is anti-coupon scraping and auto-injection.

If you’re one of the tens of thousands of online retailers being impacted by the likes of Honey, Capital One Shopping, Rakuten, and more stealing your promo codes and negatively impacting your margins, we can help. Talk to us to find out how.

We are in closed beta right now with quite a few merchants. Every single one of them has told us that they are feeling immediate relief from this nagging problem. And, more importantly, they are getting insight into their users that they have never had before.

If software like Honey’s and Capital One’s continues to be unchecked, online retailers like you are going to find that "what’s in your wallet" is diminishing significantly. 



Our blog

Where businesses come to learn more about protecting the points of digital engagement with their customers, audiences and users.

Subscribe to Updates