Fraud Prevention and Tracking

Learn how to prevent promotion fraud and protect your data using built-in features and reports. With this article, we will show you how to restrict promotion usage, protect your campaigns and make redemptions a reliable measure of campaign success.


  1. IP Whitelisting
  2. Campaign Security
    1. Anti-fraud limits
    2. Activity tracking
    3. Notifications & reports
  3. Account Security

IP Whitelisting

Enterprise feature available upon request

This functionality, available only upon request for customers on the Enterprise plan, provides an additional layer of security by filtering and allowing API requests exclusively from an authorized list of IP addresses.

Navigate to Project SettingsGeneralApplication Keys and edit a Key. This will allow you to restrict the API keys to a specific list of IP addresses. By default, when the list is empty, access to the API through the API keys is allowed from any IP address.

Campaign Security

To prevent fraud in your campaigns, Voucherify secures your incentives and tracks performance at every stage of a campaign lifecycle:

  • Anti-fraud limits reduce the risk of misuses as the app checks every interaction with your incentives against the defined limits.
  • Activity tracking gives you an instant overview of campaign performance, customer behavior, and distribution details.
  • Notifications, reports, and logs that inform you about important events and changes. The app stores and presents tracked data on graphs and charts. You can also list your data using predefined filters and export results using CSV files for further analysis.

Anti-fraud limits

Anti-fraud limits are meant to prevent any misuses using configurable limits and built-in prevention mechanisms. They limit redemptions of your incentives, secure the campaign budget upfront, and prevent email fraud.

Unique & case-sensitive codes

One-off codes are a guarantee of fraud control and reduction of misuses. While building coupon, gift cards, referral and loyalty campaigns, you can define unique code structure:

  • Code pattern
  • Charset
  • Length
  • Prefix
  • Postfix

Vouchers are case-sensitive by default, but when adding new project, you can disable case-sensitive codes. 

Customers can join the campaign only once 

When you create a promo campaign you can mark that each customer will be allowed to join it only once. If the same customer requests another code, Voucherify will give him/her the same code again and will not generate another code for this end-user. Therefore, one customer can only receive one code assigned from a particular promo campaign.


Voucherify lets you restrict the incentive redemptions on several levels:

Client-side rate limiter per IP (for client-side integration). The app limits the rate of public client requests (validate, redeem, and other) coming from a single IP address.  The current limits are as follows:
  • Client-side requests  from a single IP address – 5 requests per 5 seconds.
  • Requests per hour – Free 100, Startup 1000, Growth 2000, Professional 5000, Enterprise custom
Domain whitelist for public channel
To increase the security of public client operations, Voucherify will accept only requests with  Origin header that matches the domain(s) specified in the Project settings > your website URL. Use the following pattern:
  • – this covers your subdomains and all paths within those subdomains. Note: this also covers
  • – this covers any instances of your site called without www and all paths within that domain.
  • * – this allows requests from any domain.
The total discounted amount It defines the overall discount amount that your customers can get by redeeming codes from a particular campaign. The total value of applied discounts from campaign X cannot exceed $10 000.
The total orders volume It defines the maximum value of all orders made within the campaign. When this limit is reached, customers cannot redeem more codes. The value of all orders made within the campaign Z cannot exceed $20 000. 
The total number of redemptions per campaign It defines the total number of redemptions allowed per entire campaign.  Codes from campaign Y can be redeemed 5 000 times in total. 
The total number of redemptions per coupon code It defines how many times a single code can be used – once, custom number of times, or unlimited.  Code SUMMERLOVE2021 can be redeemed only 50 times (“Hurry up! Only 50 customers can use this deal!”)
The total number of redemption per customer per campaign It defines the total number of campaign codes that each customer can use. Customers can redeem only one code within a Welcome Discount campaign.
The total number of redemption per customer per code
It defines how many times the same customer can use a single code.
Each customer can redeem their Welcome Discount code only once.
Redeemable by card/coupon owner only It defines that only the customer who has this code assigned to their profile can redeem the offer.  Code XYZ was assigned to Jane Doe, and only she will be able to utilize it. 
Total redeemed gift amount It defines the total value of redeemed gift cards per the whole campaign. Customers can spend up to $10 000 of the balance from a given gift card campaign.
Order-based redemption criteria It defines redemption conditions that specify required cart structure and/or order volume. You can discount particular items and/or exclude some products from applying the discount. Only orders above $150 and with a Shampoo X qualify for the discount. 
Segment & customer-based limitations It defines the segment and customer metadata redemption conditions. With these options, you can target or exclude particular customers from using your offers. Codes are available if a customer enters the "Regular Customers" segment and not available for customers from the "New customers" segment.
Custom metadata limits It defines custom limits carried with a redemption request. Metadata can be attached to redemption, order, or customer attributes.  The code redemption is only available for orders made before 4 pm and via the mobile app.
Redeeming User & Redemption API key It defines which team members or affiliates can/cannot invoke a coupon redemption. It can also limit redemptions to particular API keys. User "Denver_department" can invoke redemptions, and the user "Central_department" cannot redeem codes.
Amount limit It defines the maximum discount that a customer can get per single order or single discounted item (for percentage discounts). The coupon code gives a 10% discount, and the amount limit is set to $50. When a customer's total order amount is $1000, the discount is still $50.
Redemption rollbacks You can revert redemption by using the rollback functionality available via UI and API. This operation creates a rollback entry in the voucher's redemption history and gives one redemption back to the pool. In the case of gift vouchers, rollback returns funds according to source redemption.

You can roll back a redemption up to 3 months back.

Customer subscribed to a lower plan, roll back redemption of their VIP discount used after the plan update. 
Limited activity period

You can introduce time-specific limitations:
  • Start and expiration date.
  • Validity timeframe (recurrent time periods when the coupon is valid).
  • Valid on specific days of the week.
  • Valid for X after publication (assigning the code to a particular customer). 
  • All codes from the Spring21 campaign expire 30.05.21.
  • In-cart promotion is valid every day from 9 pm to 11 pm.
  • happyhours code is valid only on Mondays.
  • Code is active for 48 hours after landing in the customer’s inbox.

Email anti-fraud

Email abuse protective measures are built to protect your landing pages. As email usually refers to the unique customer source id, it is critical to secure the form using data validation.

  • Double opt-in – this feature is enabled by default and is used to verify your customers by sending them a confirmation email. Verifying email addresses can help you combat fraud attempts and fake email addresses.
  • Block email aliases – some of your customers may attempt to provide multiple email aliases to receive a discount. That's why Voucherify can automatically block email addresses containing "+" so that customers cannot provide several email addresses such as or
  • Unique email addresses – this feature allows you to block users from taking advantage of your incentives by using the same email address over and over again. Voucherify will automatically remember and store all the email addresses used in the given Voucherify project and prevent users from creating duplicates.
  • Request lowercasing email addresses  some customers may try to sign up several times using mixed case characters, such as and You can block such users from abusing the system by automatically lowercasing email addresses before checking the address's uniqueness.

Read more on Landing Pages fraud protection.

Activity tracking

The app tracks all your campaigns and promo codes. You can also sync your ordering system and customers database to enable Voucherify to gather and analyze incoming data. Each campaign, redemption, customer, and order has an individual dashboard with detailed information, changes history, and logs. 

Campaign performance monitoring

Follow the guides below to find out how to track promo campaigns performance in Voucherify:

Customer activity tracking

With a 360-degree customer profile and real-time tracking, you get insights into customer behavior. The app gathers information about all actions taken by customers and related profile updates. Activity filters enable you to search for customer actions performed within a particular timeframe and/or campaign. Read more.

Redemption tracking

The Redemptions tab lists every redemption attempt of any code created within Voucherify. Its goal is to help you track what happens to your codes, monitor campaign performance, and see the detailed reasons for redemption failure (with provided API requests and response bodies for in-depth analysis). Read more.

Distribution performance

The Activity tab in the Distribution detailed view lists distribution events in real-time. You can see the distribution status, and updates including who and when received the messages. Using filters, you can sort distribution events performed within a particular timeframe. In the dashboard of the related campaign, you'll see basic information like distribution state, the number of channels, redemption rate (codes redeemed at least once / all sent codes), and detailed metrics like the number of published codes, delivered messages, and redeemed codes. Read more.

Project logs

The Logs section in the Dashboard presents detailed information on every interaction with Voucherify API made within your project. It enables you to track request coming from all origins including customer's requests. Each log provides details of the sent request including its status and information about related objects (campaign, order, and more). Read more.

Quick troubleshooting with filtering

If there are any issues with your incentives, you can quickly filter codes based on numerous attributes and deactivate them with one click. Filters in Vouchers view lets you browse incentives by standard attributes such as activity period, campaign type, redemptions number, or custom attributes added as metadata.

Export data

You can quickly export all customer, voucher, and redemption data to analyze in your database or external analytics and CRM tools. The export tool enables you to specify which attributes you'd like to include in the CSV file.

Notifications and reports

Use webhooks or Zapier integration to push out automatic alerts. Here you can check the list of 50+ internal events you can be notified about out-of-the-box, including failed redemption or message send-out. 

Learn how to set up notifications:

Distribution reports

Click on the distribution name and go to the Analytics tab. Charts show you the number of already sent messages divided per channel and time range. If any message fails, you'll see it in the dedicated chart. 

Distribution analytics

Some messages can be automatically re-sent after the failure. Their delivery will be visible in the Messages Recovered chart once it's successful. If you send unique codes, analytics will also show the number of codes published via the distribution and the number of already redeemed codes from the campaign used in the distribution. 

Dashboard reports

When you log into your account, you'll see dashboard reports presenting the overview of your current performance: 

  • Check the total redemptions number and percentage failure rate.
  • Stay up-to-date with the most recent redemptions made in your store and their details.
  • Keep an eye on current rates of successful and failed redemptions.
  • Follow gift card spendings globally and see the total amount to spend during your gift card campaigns.
  • Find out what types of promo campaigns are the most desired, and use this knowledge to build your future strategy.

Account Security

Besides keeping your incentives safe, Voucherify also offers built-in mechanisms for protecting your account from unauthorized access. Here's a dedicated guide on Account Security.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us