Safeguarding Your Trials: Tips to Combat Abuse

Safeguarding Your Trials: Tips to Combat Abuse

Free trials are a great conversion tool to drive more paid customers, but many companies are struggling with significant abuse on their free trial. Driving up costs without chance of turning into revenue.

I've seen this multiple times in my career and multiple consulting clients have expressed the same concerns.

The Challenge

The difficulty in preventing trial abuse is to correctly identify the same customer using the trial multiple times. All of the ways that you can usually identify a customer are fairly easy to game

Email

The most common way we identify users is by asking them to sign up for an account.

Block throwaway emails

By far the most common way users get around this requirement is by using throwaway email addresses. There are online services which will provide a temporary email address you can use from a list of domains they own.

Perfect for signing up for a trial with a unique email address, receiving the confirmation email and then abandoning that email..

There are a few ways to filter these out.

  • If your trial requires a credit card to start, you can also add a Stripe Radar rule for this:
Block if :is_disposable_email:

Block '+' modifier

Block the '+' character in emails or check for duplicates after stripping them out. mail@jurn and [email protected] are not unique emails and any email sent to the +1 address will arrive in the normal inbox. A user can easily create multiple accounts without needing additional email addresses by

Monitor at domain level

Check by domain: you can set up a wildcard email rule at domain level that forwards any email to your inbox. Which means that any possible combination before the email will arrive in your inbox. This doesn't happen often, only more technical users will use this but it is good to sense check if you get many sign ups from a single domain that isn't a popular email provider.

This is harder to detect and not as common so lower priority for most companies.

Credit Card

The most common way companies fight abuse of their free trial is by requiring a credit card. Many people only have a limited amount of credit cards to their name so in theory, this should would right?

Until a few years ago, this was a really effective strategy. However, many more modern neo banks and some online services are now offering 'privacy' cards which function the same as the throwaway emails discussed above.

You generate a unique and valid credit card number and then either block or disable that specific card number before the trial converts to a paid subscription.

This is harder to detect and block but not impossible.

  1. The most effective way to block these but an imperfect method with a non-zero false positive rate is to block prepaid cards. You can do this with a Stripe rule targeting these payment attempts
Block if :card_funding: = 'prepaid'
  1. Make it a paid trial: $1 for 7 days. This is a more common way to validate customers
  2. Reserve the first payment's full amount on the credit card. To make sure that the potential customer is able to convert to a paid customer and their card is valid and has sufficient funds, you can place a hold on their card. This is less common and it's important to communicate this to the customer before the start of their trial. You don't have to keep the hold on the card, you can also remove it straight away which will free up the funds again for the customer. Note that this often doesn't take effect right away so even if you remove the hold right after, communicate this to the customer.
  3. Switch to a money-back guarantee: instead of offering a free trial, you can also simply opt for a no questions asked money back guarantee. This validates the payment, allows the customer to trial the software while at the same time knowing that they can get the money back if it doesn't meet their needs.

IP address

IP address is another way you can identify unique customers, although this can be changed by using a VPN service, for most users this will be harder to game.

A common service used to detect this, which is also commonly used for detecting account sharing, is by using services like Fingerprint which also has an open source library you can use.

TLDR

The most effective way to prevent abuse is by using a combination of signals to block users with bad intent.

Make sure you find the right balance, free trials will always see some abuse and it's often more profitable to allow this than to dedicate resources to fighting it and accidentally introducing false positives, blocking out legit potential customers.

💡
Growth tip: offer a free trial to previous users
A free trial shouldn't be a lifetime thing, you should offer a user another chance after a cooldown period. They might have switched jobs or other circumstances might have changed in the meantime that have led them to reconsider your product.