With the rapidly growing popularity of online payments, the digital red envelope is adored and sought by everyone. Furthermore, it has become a typical weapon in merchant operations since major e-commerce platforms and companies began to employ digital red envelopes to entice customers in rich and diverse ways.
2021 Black Friday is coming. Beyond the topic, there are three essentials for daily operations of e-commerce platforms: Acquisition, Retention, and Activation. It may be stated that each of them may involve doing activities endlessly and gifting red envelopes at every festival and New Year to new users, new registers, new subscribers, etc. Even if there is no festival, they also create a festival to gift red envelopes.
Digital red envelopes can bring considerable traffic to e-commerce platforms and companies. At the same time, such preferential activities can grab the attention of traffic hijackers who steal users' red envelopes through illegal technology to commit online fraud, also known as token cracking. So, the challenge for e-commerce platforms and companies is distinguishing between token crackers and real users, which is becoming more serious.
A Real Case of Digital Red Envelopes Fraud
Digital red envelope fraud is all around us. Here is a real case: John, the operation manager of one e-commerce platform, planned a New Year's promotional event. Participants could receive digital red packets only after completing a questionnaire and a coupon worth RM500.
The promotion sounded appealing. As soon as it got online, it drew the attention of the token crackers. The token crackers submitted 43 questionnaires in one minute, each with a unique IP address.
As a result, the red envelopes and coupons for real users were frauded immediately, resulting in direct losses for the company. Fortunately, John soon found out and reduced losses as much as possible. But obviously, the fraudster must have hijacked the total red envelope pool in minutes if they were to choose to do it late at night.
It is understandable how the activities that the operating partners have worked so hard to plan can attract a group of profit-only token crackers. When a large amount of dollars has been invested but failed to bring real user traffic, it's just an empty joy.
When consumers accuse the e-commerce platform of deceiving participants, they can only apologize. It's not hard to justify why e-commerce platforms are determined to get rid of these token crackers. So, the question is, how can you avoid being frauded for online promotions as much as possible?
8 Tips To Prevent Digital Red Envelopes From Being Token Cracked
According to the perspective of promotions design logic, the main process of user participation includes two key points: users complete tasks, and users receive rewards.
So then, we can set the appropriate threshold in these two key points and do some strategic changes to avoid being token cracked. Here are the eight tips to prevent digital red envelopes from being token cracked:
1 Raise the Threshold for Triggering Tasks.
For example, in promotions that attract new users, set as much register information as possible for new users to make registration difficult, thus reducing the possibility of bot registration.
This way, the probability of bot registrations will be significantly reduced. However, it will also lower the enthusiasm of some users to register.
2 Audit the Results of the User's Completed Tasks.
Set tasks such as email activation during the promotion process, like subscribing to book newsletters and brand channels while registering. This can help filter the results of the given tasks and eliminate users who show obvious abnormal data, which will eventually help reduce losses.
3 Limit the Number of Coupons, Digital Red Envelopes.
Don't put out all the coupons, digital red envelopes, and cash rewards in one platform at once. As we all know, putting resources into multiple places at the same time can reduce the risk. Meanwhile, distributing digital rewards in batches will reduce the loss in case of bot attacks.
4 Increase the Cost of Receiving Digital Red Envelopes.
Appropriately raise the threshold for receiving e-red envelopes, such as binding phone numbers and other ID identification, 2FA (two-factor authentication), etc.
5 Delay Digital Red Envelope Withdrawals
Set a specific period to delay user withdrawals, such as freezing digital red envelopes within 36 hours or 48 hours to screen malicious bot fraudsters during this period.
What are the effective ways to avoid token cracking from a technical angle? Learn from a leading e-commerce brand SHEIN.
6 Restrict User IPs, Cookies.
Although IP proxies are very common and convenient now, restricting IPs can also increase the cost of token cracking. At the same time, if a large number of IPs from the United States, Japan, and some non-active coverage areas appear in the campaign, the cyber fraudster is likely using proxy IPs for access. Knowing this could also plays part in the monitoring of token crackers.
7 Set a Timestamp.
The front-end request comes with a timestamp (cache: false) to compare with the server's current time. If there is a difference in the time of the said comparison, then it is likely that the token cracker is using an automated script to steal the digital red envelopes.
8 Set a GeeTest Slide Puzzle CAPTCHA
CAPTCHA can be set in different scenarios and sections of the e-commerce promotion. For example, if the promotion's aim is user pulling, then CAPTCHA can be added in user registration scenarios to prevent machines from bulk bot registration.
It is also most important to add CAPTCHA in the digital red envelope collection scenarios to avoid automated procedures for bulk collection. Although this is one of the most common CAPTCHA methods currently used, there is still a great risk when using the traditional CAPTCHA along with reCAPTCHA.
According to the experience in the use of CAPTCHA, the confusing point is whether the more complex the verification step, the safer the website. The answer is no.
Fast-fashion giant SHEIN has just become the largest online-only retailer in the world. In July 2021, the mobile app of SHEIN became the most downloaded mobile app, GeeTest as the security vendor of SHEIN has throughput over 17.5 million challenges stopping token cracking, web scraping, and account take over by the smartest way.
Black Friday is coming, and e-commerce leading brand SHEIN has built a successful learning template for us.
SHEIN has been using GeeTest slider puzzle CAPTCHA for several years now. Unlike the traditional CAPTCHA, GeeTest analyzes the actual user's behavior. A comparative analysis of humans and bots would be conducted based on AI-powered machine-learned models to block out bots and secure the users of the shopping website.
eBay and NIKE are setting the GeeTest slide puzzle CAPTCHA in the registration section.
GeeTest has achieved a great user experience while ensuring the safety of websites with over 320,000 brands worldwide. Not just this Black Friday but any time, GeeTest slide puzzle CAPTCHA will become the most robust security vendor for your online business.
* This is a contributed article and this content does not necessarily represent the views of techtimes.com
