How Coupon Extensions Allow for Unauthorized Coupon Usage on Ecommerce Sites
by Kathleen Booth, on Dec 30, 2020 9:00:00 AM
Coupon extensions like Honey, Capital One Shopping (formerly Wikibuy) and Piggy are becoming increasingly popular with online shoppers.
From a consumer perspective, they seem like a great way to help shoppers find available deals from the sites they frequently buy from.
However, for ecommerce merchants, they bring a host of problems that eat into revenues, reduce profit margins, and wreak havoc with revenue attribution.
The biggest concern is the fact that they allow users access to coupons they should never be authorized to use in the first place. To demonstrate how this works, we’ll walk through a few examples of what can happen.
Limited Use Coupons
Many of the coupons and discount codes issued by ecommerce merchants are meant for limited use.
Say, for example, you offer a welcome coupon of 10% off to visitors who sign up for your newsletter. In this instance, you are offering a coupon in exchange for something of value (the shopper's email address for marketing purposes), and limiting the use of the coupon to only those website visitors that take the defined action.
The problem is that if a user with a coupon extension installed in their browser visits your website and legitimately earns—and then uses—that coupon, the browser extension will scrape that code and make it available to every shopper who uses the extension, whether they've earned it or not.
This means that users who never signed up for your newsletter can access the coupon, and there's little you can do to control or prevent it.
In this example, the purpose of offering the discount was to reward a specific behavior (subscribing to a newsletter). Coupon extensions will completely circumvent the entire purpose of this coupon by providing it to individuals who never exhibited the desired behavior, meaning you just gave a discount for no reason.
This is deemed “unauthorized coupon usage” because the user never completed the action to earn authorization to use the coupon, but was able to use the code anyway.
In addition to eating at your profit margins, unauthorized coupons really wreak havoc on your reporting and marketing attribution.
Once a coupon extension gets ahold of a coupon code and allows unauthorized usage of that code, you now have no method for tracking the success of your campaign because you no longer have any idea how many sales were actually driven by it.
Partner Promotion Coupons
Another way coupon extensions cause problems for merchants is with affiliate, partner, or influencer marketing.
Say, for example, you have a marketing partner to whom you give a specific coupon code for sharing your website and products with their audience.
When this works as intended, only those followers who received the communication from the affiliate or partner promoting the code would know it existed, and therefore would be the only ones to use it. In this case, the code works in two ways: it provides a discount incentive to a large audience you may not have had access to without the partner, and it allows you to accurately measure the exact number of sales influenced by that partner.
When coupon extensions get into the mix, you have a few very large issues that arise with these types of partner codes. First, like in the example above, you will see the unauthorized usage of a discount when users who never came in through the marketing efforts of your partner can use the discount provided to them by a coupon extension.
Second, you’ll no longer have a reliable method of understanding how effective that partner was at driving sales. Because the attribution of that affiliate code will be tied to sales that had nothing to do with the affiliate, you have no way of knowing how many sales they actually generated.
Third, and potentially most concerning, is that depending upon your contract or agreement with that partner, you may owe them a lot of money that they never earned. For instance, if your agreement with your partner states that they get a percentage of revenue attributed to their code, you’ll be paying them for sales they didn’t actually create.
In the worst cases, influencers can nefariously use this to their advantage by actively submitting their unique coupon code to various coupon extensions to ensure they know about it and take advantage of sales they didn’t help to create.
Customer Reward Coupons
Yet another way we’ve seen ecommerce merchant profits suffer at the hands of unauthorized coupon usage is in the area of customer rewards.
Many merchants will create specialized coupons for returning customers, birthday promotions, or to encourage past customers to come back. Once these codes are created, and the coupon extensions learn of their existence, anyone can use them.
This causes all of the same problems with profit margins and attribution as in the examples above.
Examples of Unauthorized Coupon Usage
While this may sound like a somewhat innocuous problem, when you take the time to think about how coupon codes can be abused, it becomes clear that it is not only dishonest, but downright wrong.
You wouldn't walk into a restaurant and pretend to be a military veteran to get a discount on your food, would you? In fact, if you saw someone else do something like that, you'd likely get upset over it.
But for some reason, when there is a computer screen between us and the person or business on the other end, we don't feel that way. In fact, Honey users take advantage of promo codes like these all the time:
Fighting this Problem
There are very few ways to combat this issue with current ecommerce CMSs or security tools.
There is no way to build the checks and balances that allow you to confirm any potential action you might have asked a user to take was actually completed before allowing a purchase to complete with the unauthorized code.
The best band-aid method that has been used by many merchants until now is to limit the number of times a particular coupon code can be used. This does nothing to actually solve the problem, but merely limits the impact it might have. Users will still be able to use unauthorized coupons, you will still be sacrificing revenue, and you’ll still lose all reporting reliability. This method simply stops the flood before it becomes too great.
With the introduction of cleanCART (now in private beta - apply here for access), ecommerce merchants can now take control of unauthorized coupon usage and in doing so, protect their margins.
If you’re interested in getting the first look, get on the waitlist for our public launch!