Account and promotion abuse: How to detect and prevent it

Radar
Radar

Fight fraud with the strength of the Stripe network.

Learn more 
  1. Introduction
  2. Key takeaways
  3. What is Account and promotion abuse?
  4. What are the common types of Account and promotion abuse?
  5. Why is Account and promotion abuse so difficult to detect?
  6. How do you detect abuse at sign-up and Onboarding?
  7. What prevention strategies work best for platforms and marketplaces?
    1. Identity verification at Account creation
    2. Promo eligibility logic
    3. Rate limiting at Account creation
    4. Ongoing behavioural monitoring
  8. How Stripe Radar can help

Account and promotion abuse exploits a platform’s incentive structures, such as sign-up credits, referral bonuses, or free trials. The abuse often happens before any Payment occurs, which means detecting it requires a different set of signals than Transaction Fraud.

With the average enterprise losing $11.4 million a year to Fraud, effective detection starts early. Below, we’ll cover the common Account and promotion abuse patterns, why they evade standard Fraud detection, and what controls actually work.

Key takeaways

  • Account and promotion abuse targets platform incentives rather than Payment credentials. This puts it outside the scope of many Fraud-detection tools.

  • Detection requires behavioural and identity signals at Account creation rather than Payment data alone.

  • Tools that Connect Payment-layer data to Account-level signals can close the detection gap that platform abuse deliberately exploits.

What is Account and promotion abuse?

Account and promotion abuse, also called promo abuse, happens when someone manipulates your platform’s rules to extract value they weren’t meant to have.

The abuse takes two broad forms:

  • Account abuse involves manipulating platform access. For example, creating multiple Accounts to bypass restrictions, evade bans, or skip past eligibility requirements.

  • Promo abuse involves exploiting financial incentives (e.g. welcome credits, referral bonuses, free trials, discount codes) by claiming them well beyond what your Terms allow.

The two frequently overlap since promotion abuse often requires creating multiple Accounts.

What are the common types of Account and promotion abuse?

Account and promotion abuse shows up in a few distinct patterns. Each one exploits a different weakness in how platforms handle identity, eligibility, and incentives.

Here are the main types:

  • Multi-accounting Fraud: One person or operation controls many Accounts to exploit per-Account limits. Abusers register with disposable email addresses, route traffic through virtual private networks (VPNs) or residential proxies to mask IP clustering, and reset device identifiers to avoid hardware Fingerprint matching. Each Individual Account looks entirely normal in isolation.

  • Bonus and incentive abuse: Welcome credits, free trial extensions, and first-Order discounts are designed to reduce acquisition friction for genuine new Users. Abuse operations treat them as a Revenue stream, sometimes operating at scale with participants sharing exploitation instructions across private forums or Telegram channels. In Fintech and software-as-a-service (SaaS) contexts, this often targets high-value Onboarding offers such as Deposit matches or Subscription credits.

  • Referral program exploitation: Self-referrals—when a User creates a second Account to refer themselves and Collect both the referral credit and the sign-up bonus—are the simplest version of this. More sophisticated versions involve coordinated networks where participants cross-refer each other using real Accounts. The financial damage can compound quickly.

Why is Account and promotion abuse so difficult to detect?

Account and promotion abuse can be difficult to detect because identity signals are easy to fake. Residential proxy networks are cheap, disposable phone numbers are widely available, and synthetic identities Built from real data fragments are hard to distinguish from genuine new Users. A new User who passes email verification, provides a real phone number, and enters a valid Payment method looks identical to a fraudulent actor who did exactly the same things. The difference is behavioural and relational; it shows up in what Users do after Onboarding and how their Account connects to others.

Standard Fraud detection also typically doesn’t help with this kind of abuse because it’s Built around the Transaction. Those signals don’t often apply when the abuse happens upstream, at Account creation or through the exploitation of programmatic incentives.

How do you detect abuse at sign-up and Onboarding?

Certain signals point to potential abuse at sign-up and Onboarding, but none are definitive in isolation. It’s when you see several signals appearing in tandem that suspicions are more likely to be confirmed.

These methods can help you spot risk factors for abuse:

  • Email pattern analysis: Disposable email domains, address patterns with random character strings, and addresses created within minutes of Registration all correlate with abuse. Detecting multi-Account Fraud during sign-up often comes down to the email address.

  • IP clustering and proxy detection: Multiple Registrations from the same IP, or from IPs associated with known proxy or VPN services, indicate synthetic volume. Residential proxies are harder to catch, but velocity patterns across IPs in the same autonomous system number (ASN) can still surface clustering.

  • device fingerprinting: Browser Fingerprints and canvas Fingerprints create a composite device signature. Reuse of the same Fingerprint across multiple Accounts (especially Accounts with different identity data) is a strong abuse signal.

  • Behavioural biometrics: How a User moves through a sign-up form (typing speed, mouse movement patterns, form fill time) can distinguish automated activity from human behaviour. Bots tend to complete forms faster and with less variation than real Users.

  • Phone number analysis: Voice over Internet Protocol (VoIP) numbers and conventional phone numbers flagged for repeated Account creation are meaningful signals. Use phone intelligence Application programming interfaces (APIs) to identify Carrier type, porting history, and risk scores in real time during Registration.

What prevention strategies work best for platforms and marketplaces?

Detection tells you when Fraud or abuse is happening. Prevention changes the conditions that allow it to happen.

Here are some prevention strategies that can help protect platforms and marketplaces:

Identity verification at Account creation

Requiring a verified government ID or confirmed bank Account (via micro-Deposit or open banking) makes mass Account farming expensive enough to deter lower-sophistication operations. However, heavier verification can also discourage legitimate Users, so calibrate the threshold to your risk exposure and User base.

Promo eligibility logic

Offers should be scoped to Accounts that meet behavioural criteria, such as a minimum number of sessions, verified Payment methods on file, or a time delay between sign-up and Redemption. Tying referral payouts to a referred User’s second or third purchase, rather than their first, complicates the incentive for self-referral schemes.

Rate limiting at Account creation

Restricting Registrations per IP, device Fingerprint, or phone number within a rolling time window catches velocity-Based farming without requiring Individual Account Review. It’s a lightweight control with meaningful impact on coordinated operations.

Ongoing behavioural monitoring

Accounts that claim a bonus immediately and then show no subsequent engagement, or that exhibit identical Usage patterns to other Accounts created the same day, warrant Review even if they passed initial checks. Anomaly detection on post-Onboarding behaviour catches the abuse that looked clean at sign-up.

Stripe Radar brings something distinct to Account and promotion abuse detection: a cross-Business network Built on billions of Transactions. Because Radar sees Payment behaviour across a large portion of the payments ecosystem, it can identify when a Card, email address, or device has been associated with abuse patterns on other platforms. A Payment method that looks new to your system might have a history Radar has already seen.

How Stripe Radar can help

Stripe Radar uses AI models to detect and prevent fraud, trained on data from Stripe's global network. It continuously updates these models based on the latest fraud trends, protecting your business as fraud evolves.

Stripe also offers Radar for Fraud Teams, which allows users to add custom rules addressing fraud scenarios specific to their businesses and access advanced fraud insights.

Radar can help your business:

  • Prevent fraud losses: Stripe processes over $1 trillion in payments annually. This scale uniquely enables Radar to accurately detect and prevent fraud, saving you money.

  • Increase revenue: Radar's AI models are trained on actual dispute data, customer information, browsing data and more. This enables Radar to identify risky transactions and reduce false positives, boosting your revenue.

  • Save time: Radar is built into Stripe and requires zero lines of code to set up. You can also monitor your fraud performance, write rules and more in a single platform, increasing efficiency.

Learn more about Stripe Radar or get started today.

The content in this article is for general information and education purposes only and should not be construed as legal or tax advice. Stripe does not warrant or guarantee the accuracy, completeness, adequacy, or currency of the information in the article. You should seek the advice of a competent lawyer or accountant licensed to practise in your jurisdiction for advice on your particular situation.

More articles

  • Something went wrong. Please try again or contact support.

Ready to get started?

Create an account and start accepting payments – no contracts or banking details required. Or, contact us to design a custom package for your business.
Radar

Radar

Fight fraud with the strength of the Stripe network.

Radar docs

Use Stripe Radar to protect your business against fraud.