April 28, 2020

Playbook for web coupon and voucher code misuse

By venkat

Fraud investigation is a big job for the retail and e-commerce companies. Mass enumeration of coupon numbers, voucher codes, discount tokens, etc. is one of them.


Identification of valid token codes providing some form of user benefit within the application. The benefit may be a cash alternative, a non-cash credit, a discount, or an opportunity such as access to a limited offer.

OTHER NAMES: Coupon guessing; Voucher, gift card and discount enumeration



Right click and view on new tab for an enlarged view. LIVE PREVIEW & VISUALIZATION EXPERIENCE

Preparation, Identification, Remediation

All the steps at


Real attack instances