Press enter or click to view image in full size
You’ve scanned barcodes countless times — UPC, EAN, and GS1 Databar — but have you ever wondered what they’re encoding? Until 2006, neither had I. That year, I started as a software engineer at Coupons.com, tasked with transitioning our coupons to the GS1 Databar system.
Understanding Coupon Barcodes
Before the GS1 Databar, coupons relied on UPC and EAN barcodes:
- UPC barcode identified the product.
- EAN barcode indicated the offer value, expiration date, and provided an offer code for billing purposes.
These barcodes allowed automatic processing at checkout. Surprisingly, there was no validation mechanism preventing fraudulent barcodes. If correctly formatted, any coupon barcode would be accepted by checkout systems.
Luckily, the simplicity of the UPC/EAN system limited exploitation primarily to straightforward offers, like “buy one get one free.” That changed significantly with the introduction of the GS1 Databar.
The GS1 Databar
The GS1 Databar combined the existing UPC/EAN capabilities and added a suite of additional options for building coupon offers, enabling complex, multi-product and high-value coupon offers. This expanded functionality significantly increased potential vulnerabilities. The full specification for this barcode can be found on the GS1 website at: https://www.gmaonline.org/forms/store/ProductFormPublic/north-american-coupon-application-guideline-using-gs1-databar-expanded-symbols-2015.
Understanding Family Codes
Family codes are a hierarchical system encoded in UPC barcodes to group related products. Each company assigns family codes independently, meaning these codes are specific to each manufacturer and are not universal across brands. A product’s UPC consists of:
- Manufacturer identifier: Assigned by GS1 to each company.
- Product family code: Defined by the manufacturer to categorize their products.
- Individual item code: Specifies a particular item within that family.
For example, a manufacturer of premium steaks might use:
- Family Code 123: Wagyu Ribeye Steak
- Family Code 120: All Ribeye Steaks
- Family Code 100: All beef products
This hierarchical approach streamlines promotional activities but inadvertently makes broader fraud easier, as fraudulent coupons can exploit a broader product range.
Anatomy of Coupon Fraud
Consider creating a fraudulent coupon that grants a $150 Wagyu Ribeye Steak for purchasing a $1 bottle of Arrowhead water:
- UPC for Wagyu Ribeye Steak: Identifies product specifics.
- UPC for Arrowhead Water: Required for the purchase trigger.
The GS1 Databar structure for such a coupon could look like:
- 8110: Coupon identifier (fixed standard indicator)
- 0: Length identifier
- 088110: Company code (Arrowhead)
- 0101: Offer code (arbitrary, defined by issuer for internal tracking)
- 1: Length identifier
- 0: Save value code
- 1: Length identifier
- 1: Primary purchase requirement
- 0: Primary purchase requirement code
- 123: Wagyu Ribeye Steak family code
- 1: Additional item indicator
- 1: Additional item type code
- 1: Length identifier
- 1: Additional purchase requirement
- 1: Additional purchase requirement code
- 0100: Additional item family code (e.g., beef products)
- 071142: Additional purchase company code
- 200101: Expiration date (format YYMMDD, e.g., January 1, 2020)
- 9: Misclenaeous item code
- 1: Store value code
- 1: Additional item application code
- 0: Not a store coupon flag
- 0: Do not multiply flag
You can learn more about each of these fields in the GS1 specification document. The end result afterusing a GS1 barcode generator for the “stacked databar” type:
Press enter or click to view image in full size
A valid coupon barcode that any point of sale system will accept.
Realities of Redeeming Fraudulent Coupons
Practically, attempting to redeem such coupons poses legal risks and ethical issues — it’s illegal and prosecutable. Although retailers have guidelines for coupon acceptance, they are enforced by the cashier manually, making self-checkouts especially susceptible.
Fraud often remains unnoticed until batches of coupons are processed weeks or months later by clearinghouses responsible for reimbursement. At that stage, discrepancies in offers become evident.
Examples of Coupon Fraud Prosecutions
- Operation Super Coupon (2012): A large-scale coupon fraud operation involving counterfeit coupons valued at millions of dollars. Several individuals were arrested and sentenced to lengthy prison terms.
- Virginia Coupon Fraud Case (2021): A couple was sentenced to nearly 20 years combined in prison for creating and distributing fake coupons that defrauded retailers of over $31 million.
These cases highlight the serious amounts of money at stake.
Scope and Severity of the Issue
Coupon fraud is significantly more common than publicly acknowledged. The coupon industry closely guards fraud-related data due to potential reputational damage and financial losses. As consumers become more technologically proficient, fraud cases continue to rise.
Potential Solutions
Traditional solutions, such as holograms or special inks, are ineffective in the digital age, especially given the rise in home coupon printing. Effective mitigation demands addressing the core validation vulnerabilities. Although many solutions have been proposed, none have been implemented at scale.
Conclusion
Coupon fraud is unethical and illegal, and does occasionally result in prosecution. Although this article aims to educate, it deliberately omits some critical execution details. Anyone that studies the GS1 Databar specifications could easily fill in the neccessary gaps though. The only way the coupon industry will be able to address these vulnerabilities will be by prioritizing the adoption of robust, modern solutions to secure the coupon validation processes.