Anti Fraud Measures

Yotpo Loyalty & Referrals has built-in protection measures to prevent site visitors from exploiting different campaigns:

Gift card fraud protection

Creating gift cards

Yotpo considers gift card fraud to occur when the following two conditions are met:

1. More than one gift card is applied to a single order
2. The email address of the customer who made the order is different than the email address of the customer who redeemed the gift card.

To protect against potential gift card fraud, use this setting located in your Loyalty & Referrals Admin.

It can be found under Settings > Fraud Prevention

This setting is set to Yes (enabled) by default and automatically detects and tags potential gift card fraud when active.

Disabling gift cards

There are several functionalities when it comes to disabling gift cards for fraud prevention reasons:

1. If a gift card is not applied to a purchase within 24 hours, it gets disabled
2. If two cards were generated by a single user at the same time, the first gift card will get disabled right away - the user will not be able to use both cards
3. If a gift card is used on a purchase and then later the purchase is refunded, the points for the purchase will be re-added to the customer’s account and the gift card used will be disabled.

This way we ensure that the customer doesn’t have a way to both use the points refunded as well as the gift card. 

Customer email signature

Shopify Plus merchants enjoy the added protection of customer email signatures on gift cards.

Yotpo automatically adds a note to gift cards that states the following upon gift card redemption:  

• Generated by Yotpo for {customer.email}

Referrals program

Yotpo’s Referral Program has several mechanisms in place to make sure that shoppers don't attempt to trick the system and receive rewards by referring themselves.

On-site errors

There are two possible errors that may get triggered when our system detects possible referral fraud.

1. Self-referral error
   When a referred friend clicks on a unique referral link, Yotpo checks for a match in email details - If the system finds a match between the email address of the logged-in referring customer and that of the referred friend, the Referral Welcome popup will show an error message.
2. Used-coupon error
   When the referred friend clicks the referral link, our system checks if this is the first time a user with these identification parameters clicks on this specific referral link.

Identification parameters

There are two identification parameters that the system checks:

1. IP Address - helps us identify the location of the person taking part in the program
2. User-Agent - contains detailed information about the user's web browser: their browser type (e.g. Chrome), version, etc.

• If it is indeed the first time we see this IP address and user-agent associated with that link - a coupon code is generated and exposed to the referred friend via the Referral Welcome popup. 
• If this specific link was already clickedon from that IP address using the same user agent, the system checks if a coupon has been used by someone matching this referral link and identification parameter details:
  • If a coupon code has not been used yet, the existing code for this user will be exposed to the referred friend via the Referral Welcome popup.
  • If a coupon code has been used, the popup will display the “coupon has already been used” error. 

Managing referral links

Customers can sometimes abuse their given referral links. If you come across a referral pattern that seems excessive or unnatural, you can quickly disable or regenerate the relevant customer's assigned referral link.

To learn more about the Manage Referral Link feature and how to use it, please click here.

Fraud prevention settings

The following settings can be found in your Yotpo Loyalty & Referrals admin under Settings > Fraud Prevention .

Referral blocked domains

You can choose to mark specific domains as "fraudulent" - Yotpo will look for referral links coming from these marked "blocked domains", disable the referral link automatically, and notify you about the action.To block a domain:

1. In your Yotpo Loyalty & Referrals main menu, go to Settings >   Fraud Prevention.
2. Look for the Referral Blocked Domains field.
3. Add a comma-separated list of all the websites you wish to block. 
4. Click Save.

Now, if our system detects a click on a referral link coming from one of these websites, the referral link associated with the domain will be disabled and an email notification will be sent to you via the Referral Link Disabled triggered email notification under Triggered Emails.

This notification is enabled by default so that you don't miss a beat. If you'd like to stop this notification from coming to you, just click on disable the notification.

Traffic from marked domains will still continue to come to your site, but the Referral Welcome popup will not appear for users arriving from those domains. This also means that the relevant referring customer will not earn any rewards for purchases made via their link.

Referral Shipping address match

Another way to combat referral fraud is to enable the Referral Shipping Address Match feature

This feature will block the referring customer from receiving a reward if our system detects that the shipping address of the referred friend matches that of the referring customer.

We will check all shipping addresses associated with the referring customer. This feature does not impact the referred customer reward in any way.

To adjust this setting: 

1. In your Yotpo Loyalty & Referrals main menu, go to Settings >   Fraud Prevention.
2. Switch the feature setting to Enabled

If the Shipping Address Match fraud prevention measure is enabled, then the Referral Blocked- Shipping Address Match (Merchant) triggered will also be enabled.

This will trigger an email notification from Yotpo whenever a referring customer reward is blocked due to a shipping address match.

Referral Billing address match

This feature will block the referring customer from receiving a reward if our system detects that the billing address of the referred friend matches that of the referring customer. 

We will check all the billing addresses associated with the referring customer. This feature does not impact the referred customer reward in any way. 

To adjust this setting:

1. In your Yotpo Loyalty & Referrals main menu, go to Settings >   Fraud Prevention.
2. Switch the feature setting to Enabled

If the fraud prevention measure is enabled, then the Referral Blocked- Billing Address Match (Merchant) triggered email will also be enabled.

This will trigger an email notification from Yotpo whenever a referring customer reward is blocked due to a shipping address match.

Maximum referrals by IP address

This feature limits the number of times the Referral Welcome Popup will open for users with an identical IP address within a designated time frame. This also applies to users who arrived at your store by clicking different referral links. If the same IP address is detected too many times, no popup will appear.

By default, there is no limit on the number of referrals allowed on a single IP address. If you'd like to activate this feature, do the following:

1. In your Yotpo Loyalty & Referrals main menu, go to Settings >   Fraud Prevention.
2. Fill out the two fields:
   • The upper field allows you to choose the timeframe for the IP address limitation
   • The lower field allows you to insert a number reflecting the maximum number of allowed referrals from the same IP address. 

In the example below, the settings allow for up to 10 users with the same IP address to arrive at your site via a referral link within a time frame of 12 hours:

Referral IP address and user agent match

Enabling this setting will allow you to compare the referring customer’s and referred friend’s IP address and user agent details. If our system detects a match, it will block the Referral Welcome Popup from displaying a discount code.

This means that the referred friend will not be presented with a discount code and this will not count as a successful referral.

Referral first purchase validation using IP address and user agent

This setting allows you to verify that the referred friend is making their first purchase with your store by comparing their IP address and user agent details to those of existing orders. A match to an existing order will block the Referral Welcome Popup from displaying a discount code.

This means that the referred friend will not be presented with a discount code and this will not count as a successful referral.

Referral email identification/similarities

This setting allows you to compare the email address of the referring customer with that of the referred friend. An exact match or strong similarity will block the Referral Welcome Popup from displaying a discount code.

This means that the referred friend will not be presented with a discount code and this will not count as a successful referral.

Limit referred customer coupon usage to new customers on Shopify

Yotpo Loyalty & Referrals identifies the referred customer based on IP address and User-Agent. As those parameters may change, the referred friend popup might show a coupon code to a user who has made a purchase in the past.

To ensure that the customer is only able to use the coupon if they are indeed a first-time purchaser, we can leverage Shopify's Saved Groups feature to limit the coupon to only apply to new customers' carts.

To do so, you can use Shopify's predefined "New" customer group: You can also create a new group. More information on that can be found here.

Once you have the group you would like to restrict the referred customer coupon to, you can follow this article to adjust the referred customer coupon accordingly.