top of page

Stop Identity Fraud and Promo Abuse in the Face of a Potential Recession

November 9, 2022 | By: Justin McDonald, Sr. Risk Management Consultant, The Fraud Practice

During the “Great Recession” of 2008 and 2009 there was an increase in fraud, including third-party fraud, like identity fraud and promo abuse. Organizations should consider how to prepare for a similar uptick in this behavior as consumers struggle to adjust to higher prices and brace for a potential recession in 2023. Another consideration is how this economic uncertainty may exacerbate fraud and abuse struggles in the later stages of the holiday shopping season. During this time of high order volumes, professional fraudsters and fraud rings ramp up their activity hoping to sneak through more bad orders.

The Impact of Economic Uncertainty

On October 3rd, the United Nations warned the world is “on the edge of recession.” Many predict the US will be in a recession at some point during 2023, and the consumer sentiment index is lower now than at its lowest point of 2020, amidst COVID-19 and an economic shutdown. In other words, regardless of whether or not a US or global recession occurs in 2023, consumers are bracing for one.

This economic uncertainty has the potential to curtail holiday shopping, but it also influences buying patterns that make it easier for fraudsters to blend in. In 2021, the more financially healthy consumer began their holiday shopping earlier as they considered supply chain concerns and product shortages. In 2022, the consumer is stretched in the face of inflation and future recession concerns, which may mean buying holiday gifts later in the season.

According to a recent survey of US consumers, 33 percent will begin holiday shopping no earlier than two weeks ahead of the holiday, and 26.6 percent will not start shopping until within one week of the holiday (Source: Digital Information World). Later holiday purchasing means more gifts shipped directly to the gift recipient (meaning more shipping addresses that differ from billing addresses), which can benefit fraudsters who fit that same profile.

Promo abuse, free trial abuse, loyalty fraud and other forms of “soft” fraud or policy abuse are also a concern. As consumers are forced to cut things from their budget, some may become more likely to justify these forms of abuse with the mindset that “it’s technically not stealing.” During economic downturns, the scope of risk management needs to broaden beyond stopping professional fraudsters to also keeping honest consumers honest. This can include things like cracking down on the abuse of discount codes, loyalty programs and other morally gray areas. .

Lastly, the possibility of higher unemployment rates mean there is the potential for more consumers to be caught up in gift wrapping mule schemes. This refers to when consumers are hired during the holiday season to receive goods and gift wrap them before sending them on. The trick is that, often unknowingly, these consumers are receiving and forwarding the goods to a fraudster. With this type of fraud, the fraudster or fraud ring is essentially paying these “gift wrappers” for the use of their shipping address as part of the synthetic identity the fraudster creates to defraud merchants. Although employment has remained strong, we are seeing signs of cracks. Many notable companies have recently announced hiring freezes and many retailers, couriers and others who typically hire a large number of seasonal employees could cut back this year. This leaves more consumers looking for seasonal work and available for fraudsters to exploit with gift wrapping mule schemes, using unsuspecting consumers as freight forwarders.

Where Retailers Should Focus Their Efforts: Promo Abuse & Identity Fraud

Following the 2007 to 2009 recession, the Association of Certified Fraud Examiners found that financial pressure during this time caused an increase in fraudulent activity. We may see the early signs of this occurring again in late 2022, but how do organizations prepare for this?

Promo Abuse

Organizations tend to focus on blacklists and whitelists when it comes to recognizing the best and worst return customers, but “warm” lists are a great addition when preventing friendly fraud and abuse. A shipping address associated with promo abuse may not be a customer you want to outright ban, but the fact that a data point has been associated with any form of abuse is a risk signal you still want to maintain.

Warm and blacklists detect repeat activity, but link analysis will help catch morphing activity, which refers to changing some identity points but reusing others with each fraud attempt. Consumers who repeat promotional and free trial abuse schemes will continually try to create new personas and accounts. Link analysis catches which of these data points have been used before and can determine, for example, that although it is the first time you’ve seen this email address, the phone number presented has been associated with two other free trials in the last few months.

Organizations should also consider data quality and identity authentication checks to detect promo abuse. Consumers can easily create free emails and make up junk data, and the more easily these data points can be provided, the easier it is to evade warm lists and link analysis checks. Checking that identity data points have the potential to exist or actually do exist greatly increases the efficiency of link analysis, as it makes it more challenging for consumers to continually provide new identity data points.

"Ekata offers a variety of APIs for early use in the customer journey to identify and flag riskier customers. The most applicable is our Account Opening Solution for ecommerce companies and marketplaces. This solution ingests phone, email and IP address to provide companies with signals that showcase the online behavior of each identity element as well as comprehensive machine learning scores. This data can then be used to categorize customers into different buckets of risk, so that step-up friction or heavier weight checks are implemented where relevant while ensuring good customers aren't held up on their way to transacting."
Elisa Ahern Lead Field Data Scientist - eCommerce and Marketplaces Ekata, a Mastercard company

Strategies for detecting and preventing promo abuse, with a focus on doing so early in the customer journey, is discussed in a recent white paper from The Fraud Practice titled Is This Really a New User? Detecting Fraud and Abuse at Account Opening.

Identity Fraud

Identity fraud is very common during the holiday season as fraudsters attempt to monetize stolen identity and payment card information. Typically, this involves combining identity points that belong to a real consumer, such as the billing address or phone number associated with a compromised payment card, with fraudster-controlled data points, such as a shipping address or a prepaid mobile phone number that belongs to a phone in the fraudster’s possession.

While link analysis and blacklists also help detect identity fraud, these fraud schemes require more stringent checks that go beyond validation to involve stronger data quality and identity authentication focused on credibility, not just the data point’s existence.

It is one thing to know that an email exists, which can be determined with an email bounce test. It is significantly more meaningful to know how long an email has been in existence or whether or not it is actively used. Similarly, for phone numbers, while prohibiting numbers that cannot possibly exist has some value, there is much more value in knowing a phone number's line type and whether it is actively in use.

Higher-level data quality checks prove existence and some credibility or history, but do not show a relationship between data points. That is where authentication comes in. Authentication shows the association between data points a user provides online. Accordingly, most online orders should undergo some level of data authentication to validate this relationship or association between various data points provided. This is critical because fraudsters are often able to pass AVS checks by providing the billing address associated with the compromised payment card even if the phone number or the email address provided does not also belong to the victim consumer.

To accurately identify and stop fraud, identity authentication should look for multiple match points between name, address, phone, email and other data points an organization may collect. It’s also important to note which data points definitively do not match or have no association with a consumer’s other identity data points. This can tip you off to the data points the fraudster controls and will likely try to reuse.

This is where link analysis and velocity of change techniques come into play. The fraudster might have 50 compromised payment cards to monetize but only a few shipping addresses for receiving the orders. The fraudster has the correct billing address for each stolen card, goes through a VPN to appear to order from a plausible IP address, and even provides a mobile phone number with an area code that matches the billing address. This attention to detail makes an order appear legitimate on the surface, even though it is shipping to a different address, which is very common this time of year.

An organization using stronger data quality and identity authentication alongside velocity of change or link analysis could still detect this activity. Data quality checks around the phone could tell us it is a prepaid mobile number, maybe a “burner” phone. Identity authentication may prove there is no connection between the billing address and the shipping address, or between the billing address and this phone number. Link analysis or velocity of change checks could detect that this shipping address has been used or attempted multiple times previously, each time with a different payment card and billing information that also had no association to the phone number or shipping address. As these signals add up, organizations can feel confident in the decision to not process the order.


Whether or not there is a global recession in 2023 is yet to be determined, but consumers and businesses are showing signs that they are preparing for one to occur. This comes as the holiday shopping season quickly approaches, meaning fraudsters will be out in full force. The confluence of economic pressure and increased fraud activity is likely to present challenges for eCommerce and digital channel merchants. By focusing on data quality and authentication, organizations will be in a better position to defend against both promo abuse and identity fraud, both of which are likely to rise through the holiday season and potential macroeconomic pressure.


Ekata Inc., a Mastercard company, empowers businesses to enable frictionless experiences and combat fraud worldwide. Our identity verification solutions are powered by the Ekata Identity Engine, which combines sophisticated data science and machine learning to help businesses make quick and accurate risk decisions about their customers. Using Ekata’s solutions, businesses can validate customers’ identities and assess risk seamlessly and securely while preserving privacy. Our solutions empower more than 2,000 businesses and partners to combat cyberfraud and enable an inclusive, frictionless experience for customers in over 230 countries and territories.


bottom of page