Avoid coupon codes fraud by using OTP flows

Avoid coupon codes fraud by using OTP flows

Coupon codes and eCommerce promos are an effective way to attract new customers, but sometimes someone finds a loophole to abuse them, for example, trying to use a coupon multiple times by creating fake accounts, one of the most common methods.

In this post, we will see how to use OTP flows to prevent this, and how to build them, in a few minutes, with a set of flexible native actions. Discover how our editor can help you and your online business with user authentication and development overload issues.

One coupon per user, with MFA

This type of fraud directly damages one of the main objectives of these campaigns, which is to get new customers. Even though it may seem quite harmless, it can increase the cost of the campaign and reduce the profits, especially if it is a big discount.

You can easily avoid it using 2-factor authentication when asking for the coupon code, getting two different contact details from the same user, which we will save in our database in order to check if it has already been used with any of the contact details.

For example, you can ask for a phone number to send a temporary code (OTP), in addition to the email with which the user account has been created.

In this way, we will have 2 contact details associated with a person. So, to benefit from the same coupon again, this person will have to create a fake email account but also to get another phone number to receive the temporary code.

Start from template, to save even more time

You can create this form and its server-side logic from one of the fully editable templates available in the editor, although you can also build them from scratch. In this case, we are going to use the SMS verification template, to save even more setup time.

If you have used the SMS verification template, add a field in step 1 to ask for an email in addition to country code and telephone number. If you have created the form from scratch, include the country code and phone number too. All fields must be required.

We also need a form step 2 to ask for the code that has been sent by SMS to the user. If you have used the sms verification template, it will already be included as required. If not, include a text field, edit the label and set it up as required.

Flow 1: Verify the email & Send an OTP by SMS

Click on the 'Flows' tab on the form edition page menu, the light grey one, and then open the flow linked to step 1 in a new tab, as you can see in the picture. If you are building everything from scratch, click on the + button to create a new flow in that stage.

1. Verify the email address

We need a flow with these actions and structure to check if contact details are valid, and then generate and send a temporary code by SMS:

Make the process even more secure by adding a 'Verify email address' action to the flow created automatically by the template. You can simply set it up with checkboxes and black and white lists, and get the email variable from drop down after a form execution.

Include an 'If / then condition' action to manage verification responses, to show a custom error in the form if the email is invalid, or to generate the OTP if it's valid.

2. Generate and send the OTP

If you have used the template, these actions will be automatically created in the flow. In this case, all you have to do is set up the Twilio action, although you can change the number of characters of the OTP inside the 'Generate one-time password' action.

To send the OTP by SMS with Twilio, we just need to have an account created in that service and copy and paste here the Account ID and the Auth token, in addition to the phone number provided by Twilio from which it will be sent.

Don't forget to check if the OTP variable is included in the message too. If you have created it from scratch, include the country and the phone code variables as well. You can get all variables from the drop down after an execution, you can learn more about variables here.

3. Go to the next form step

If everything has gone well, we simply need to redirect the user to form step 2 to ask for the OTP or, in case there has been an error in the sending, to show the proper error message. If you have used the template, all this will already be configured.

If you started it from scratch, include an 'If/then condition' action with the success output variable from Twilio, and a 'Show error message' to inform the user when an error occurs.

Flow 2: Check the OTP & Generate a coupon

Next, we are going to set up the second flow that the template has automatically created and include a new action to generate the coupon code with your coupon generation API. For it, we need a flow with this structure connected with form step 2.

1. Verify the temporary code

The first step is to check if the OTP returned by the user is correct and, if it is not, to show the proper error message in the form. If you have used the template, these actions will already be configured. If you have started from scratch, you only have to obtain the country code, phone number and code variables from the drop downs.

2. Get and show the coupon code

Add an 'HTTP request' action to get a coupon code form your coupon generation API, and then, we will show it to the user so that he can redeem it on our website.

For this, all we need to do is to include the coupon code output variable from the 'HTTP request' in the message of the 'Submit the form' action. You can also add another Twilio action to send the code by SMS, or by email with Mailjet or SendGrid native actions.

Embed it anywhere!

The last step is to go to the 'Share' tab, in the form edition page, and get the code to embed it wherever you want: your website, a landing page, etc.

Do you want to try it by yourself? Sign up free or schedule a demo with our team, and take a look at all the use cases to discover everything we can do for you.


Andrea L. Lozano

Social Media & Content Specialist.

View Comments
Next Post

Building a custom multi-factor authentication flow with Auth0

Previous Post

Sending OTP by SMS: a guide on building auth flows with Twilio