Share
How to outsmart referral fraud
Referral bonuses are great for attracting new customers. There’s just one little problem: fraudsters love referral programs too.

Referral marketing is a sure way to expand your customer base. In financial services, banks, credit unions, and fintechs use referral programs to tap into their existing customers’ networks to attract more high-quality applicants. Long-standing programs like AMEX’s Member Get Member (MGM) program have used referral incentives as part of a customer acquisition strategy designed to bring more super-prime customers to the bank.
For companies like AMEX, the super-prime customers that these referral programs attract aren’t adopting just any credit products: they are also willing to pay more for better services. In 2022, about 70% of Amex’s new cardholders acquired premium cards (any cards with an annual fee). Of those new customers, three-quarters were Millennials and Gen Z — a larger share than the company has seen in the last twenty years.
There are four main types of referral fraud to look out for
Gaining approval from brand advocates can help new financial services products build traction. But more brand exposure can, unfortunately, also open you up to more fraud.
Referral fraud is when a person attempts to use a financial institution’s referral program to receive rewards under false pretenses. Here are four types of referral fraud that banks, fintechs, and credit unions should be aware of:
Self-referral
A type of referral fraud that occurs when a customer creates new accounts to earn repeat referral bonuses.
Exploitation
This form of fraud happens when a customer gets someone else to sign up for the referral program who is not interested in using the product for the sole purpose of monetary gain. For instance, someone who has an account with a neobank that pays out $100 for referring a friend could find someone online who is willing to sign up for an account in exchange for the referral bonus. This is considered exploitation referral fraud because the referred party does not plan on actively using the financial services product: an exploitation fraudster’s only intent is to take advantage of the offer’s monetary benefits.
Account cycling
A type of referral fraud that takes place when someone signs up for an account, gets the reward, and then cancels their account.
Broadcasting
When someone shares their referral link or promo code across websites and social media accounts like Reddit, Facebook, or Twitter/X — encouraging anyone who sees it to use the referral code whether they know the person or not — they are committing broadcasting fraud. This type of referral fraud involves inviting a large number of users who are outside of the original customer’s network to receive numerous referral rewards.
How to run a referral program without opening yourself up to more fraud
With the right guardrails, you can tighten up your referral marketing program, reducing fraud risk while incentivizing your customers to spread their love for your product with their friends and family.
Here are Alloy’s suggestions for safeguarding your marketing program against referral fraud:
- Limit the number of accounts each individual can apply for. Ensure that one customer can only apply for one account for each product. To achieve this, set up a new rule that matches an application's Personally Identifiable Information (PII) with the existing customer database. If PII like their Social Security Number (SSN) matches the SSN on an existing account, decline the application. This new rule will protect you from account cycling referral fraud.
Alloy’s Identity Element Velocity (IEV) examines an incoming application's personally identifiable information (PII) and compares it with a company’s existing customer database. Clients can customize their rules using IEV and deny applications containing PII elements identical to the existing customer information.
- Limit the number of times a customer can receive referral bonuses. Consider introducing a rule that caps the number of times a customer can receive a referral bonus over a twelve-month period. By restricting the number of times customers can receive a referral bonus, your existing customers are still incentivized to refer genuine applicants, but your financial institution will be sheltered from excessive losses.
- Add a condition each new customer must complete to receive their referral bonus. Fraudsters always choose the path of least resistance. Getting money in the bank by just signing up is easy. However, adding a condition, such as “you must spend $100 in the first 60 days to receive the welcome bonus,” will deter fraudsters because they usually go after lower-hanging fruit, and fraudsters do not intend to use your products.
- Update the terms and conditions to state that you reserve the right to revoke account referral bonuses. Include language on referring only family/friends/acquaintances, and being aware of the third-party websites’ policies. Clearly state that “program violation or abuse may result in the forfeiture of the referral bonus.”
A good referral marketing program will attract good prospects and reward existing customers for being brand advocates — a win-win situation for all parties involved. And a good fraud prevention program lets you show gratitude to your customers who advocate for your brand without opening yourself up to fraudsters trying to take advantage of your referral bonuses.