BigHabitat
Level 2 Member
Hattip – WillRunForMiles
Bigcrumbs is a popular shopping portal site. In the past, it has been extremely popular for purchasing American Express gift cards (for example, see this post from DoctorOfCredit).
Shopping portals get referral fees from the merchant website for driving traffic, and many portals return all or part of those fees back to the customer. However, this assumes the transaction tracks and the merchant pays the shopping portal. If the merchant doesn’t pay (for example, if the purchase was for gift cards and gift cards are excluded), the merchant won’t pay the portal and the portal will not pay the customer.
Was it the BigCrumbs referral system?
Bigcrumbs has a referral system, where you could earn an additional amount for purchases from people that you referred. So you could earn an additional 0.175% on purchases from people you referred. And it goes 2-deep, so you get credit from people they referred.
Naturally, it wouldn’t take a genius to figure out that if you could maximize the bonus by creating Account A, referring your significant other for account B, having them refer back to you for Account C, and then using Account C to make all the purchases. If you were doing a high volume of purchases this would certainly be tempting
I’m not sure if this was allowed in the Terms and Conditions, and I can’t check now since it is offline
And there is a question of how bigcrumbs could offer the same level of cash back as other portals when they had this 2-deep referral system in place. It doesn’t seem sustainable at high volumes at stores like Amex for gift cards, but on the other hand it may work for other stores and it doesn’t seem like the kind of thing where they would take down the entire website.
Could the site have been hacked?
Definitely a possibility. When your site is hacked companies do tend to say it was the result of illegal or fraudulent activity on someone else’s part instead of saying that they didn’t secure their networks and sites properly.
If you think the site is insecure, you wouldn’t want to keep adding more customer information. However, I’m not sure what information is actually retained by bigcrumbs, especially if they would have access to credit card information, store passwords, etc. Seems better to hack the actual store…
Could it be something else, like transaction fraud?
In a Forbes article from 2010 the CEO gave an example of how his site could be victims of transaction fraud
Vince Martin, CEO of BigCrumbs.com, has his own problems with fraudulent accounts on his online coupon service. For a consumer-oriented service, making the sign-up process as easy as possible is critical, Martin says, “but ease of use also makes us vulnerable to people out to do no good.”
Consumers sign up for a BigCrumbs account so that they will get cash back from any purchase made in response to a coupon on the site. When they click on a coupon, a Web tracking “cookie” file is recorded by their browser, making it possible to detect when that same consumer makes a purchase on the retailer’s website. The retailers then include a reference to a transparent image stored on the BigCrumb.com servers on the purchase confirmation page. This is a simple way of signaling back to the coupon service that the individual should get a cash back bonus.
The protocol “is open, and it has to be for the process to work,” Martin says. But it could also be hacked. Eventually, someone figured out a hack that would simulate these transactions, so that BigCrumbs would get back a faked confirmation and wind up paying cash back on orders that had never been placed. As a result, its affiliated retailers could wind up paying fraudulent refunds, or refusing to pay BigCrumbs for transactions they couldn’t match to their records. In either case, it was no way to do business.
So What’s Next for BigCrumbs?
Obviously, shutting down the portal is an extreme step. Especially because they typically have a long time between the transaction date and when they actually pay. So it seems serious, as they should be able to deal with an isolated problem with a few players in that time.
Are they going to make a structural change? Employ additional verification of current and new customers? Implement a different system to confirm the transactions?
And if it happened to them, it probably happened to other portals as well…
Continue reading...
