Playbook for web coupon and voucher code misuse
Fraud investigation is a big job for the retail and e-commerce companies. Mass enumeration of coupon numbers, voucher codes, discount tokens, etc. is one of them.
Description
Identification of valid token codes providing some form of user benefit within the application. The benefit may be a cash alternative, a non-cash credit, a discount, or an opportunity such as access to a limited offer.
OTHER NAMES: Coupon guessing; Voucher, gift card and discount enumeration
SOURCE: https://www.owasp.org/images/3/33/Automated-threat-handbook.pdf
Playbook
Mitigation
All the steps at https://www.owasp.org/images/3/33/Automated-threat-handbook.pdf