fix

7 Essential Security Features You Need to Prevent Cheating in Your Next Contest or Giveaway

This content discusses seven easy-to-implement methods to combat cheating in online contests and giveaways, including bot detection and email restrictions.

By Jessica Miller-McNatt ・5 min read
Best Practices

In my 10+ years working for an online contest and giveaway software platform, I’ve seen some things. Cheating, in the way of bots, voting groups, and nefariously savvy users, have reared their ugly heads in more contests and giveaways than I would like to admit. 

If you’re interested in running an online contest or giveaway, thwarting potential cheaters is either rightfully on your list of concerns, or you’ve been blissfully oblivious to potential cheating until now. Either way, the good news is that there are many measures to take to help you combat potential cheaters. Let’s look at seven easy-to-implement (with the right software!) methods you can use in your next contest or giveaway.  

Detect Bots 

Bots are simple software applications programmed to do small tasks over and over, autonomous of a human user. Bots are used in many useful ways but have gained a reputation for helping cheaters cheat. Protection from bots is simple to implement, but you want to be mindful of the method you choose. 

One method is Google’s Captcha. You’ve most likely experienced the notorious “Are you a human?” test in which you’re asked to translate scribbled-out letters or “click all of the images displaying a traffic light”. These tests are meant to be simple but are often more difficult and confusing than intended. For this reason, using a Captcha can really tank your giveaway’s conversion rate. Instead, use Google’s reCaptcha. This method works in the background of your entry form. It doesn’t require that obnoxious “are you a human?” test and, in fact, requires zero human interaction at all. 

Collect Full Or Anonymized IPs

If you know a thing or two about designing optimized entry forms, you’re probably not too wild about the idea of including a field to collect a participant’s IP address. With good contest software, you shouldn’t have to - an IP can be collected in the back end, automatically. If you’re staying GDPR compliant, then this IP address should be anonymized, meaning you’ll be unable to see the user’s actual IP address, but one that has been made anonymous, instead. 

So, how does collecting an IP address help you thwart cheaters? By collecting this data, you’ll have the means to cross-reference the entries being collected. In other words, when a participant is suspected of cheating, you’ll be able to look and see how many entries have the same IP, therefore, helping you to identify a participant who has circumvented your entry allotment. 

Collecting an IP address is also essential in allowing you to customize how many times and how often you’d like to allow participants to vote in a contest. Since voting typically doesn’t collect contact information (such as an email address), the IP address is used to know if that user has already voted or when they voted last. This will allow you to restrict votes to one per contest, one per day, one per hour, etc. Good contest software, such as ShortStack, offers a means to collect an IP address combined with browser information, called an “anonymous fingerprint”. This adds an extra layer of protection from cheaters who have learned how to bypass the IP restriction. 

Use Email Addresses to Restrict Entries or Votes

Just as contest software can cross-reference incoming votes with previously collected votes using an IP address, so too can you use an email address to cross-reference entries collected in an entry form. You may be thinking, “Can’t participants just make up new email addresses to enter more than once?” To which I’d say, “Yes, absolutely,” but if you announce the winner via email, these made-up email addresses will have to be real email accounts that the participant checks, which makes this option a little more difficult to fake. 

ShortStack’s form builder makes it easy to restrict entries by email address

Since an email address is typically an essential piece of information collected in a contest or giveaway, using this piece of data for double duty (i.e., for a follow-up marketing contact and also for an entry restriction) allows you to keep the entry form nice and short, which goes a long way in boosting participation rates

Require a Login

If you want to level up your security measures even more, use a login that sends a verification code- a method that can be used for collecting both entries and votes. 

When requiring an email login, a unique code is sent to the user’s email address, which is then used to enter a form or cast a vote. Users can only use a valid email address to receive their unique code, which makes this another option in the way of cheater protection. However, the downside of using a login is that it adds a number of steps to submitting an entry, thusly complicating the entry process - which, could possibly reduce your conversion rate. 

Use a Moderator

A great way to combat cheating is to bring human eyes into the mix. Depending on the popularity of your contest, a moderator can be far less expensive and involved than you think. I’ve moderated contests with thousands of entries, and with the right software, the task can take an investment of mere minutes just a few times a day. 

ShortStack’s Entries Manager allows for bulk actions and quick moderation

Moderators provide a number of benefits, including catching entries that don’t seem legit, outside of what bot protection and restriction methods can offer. Also, once an entry is detected as suspicious, a human can investigate and act accordingly before the user has a chance to submit more bogus entries. 

Display Terms and Conditions

Any well-executed contest or giveaway requires a bit of forethought and planning. One thing that should be given careful consideration ahead of time is a list of terms and conditions. These can include measures to protect contest hosts from potential cheaters. For example, include a clause that states anyone suspected of cheating will be disqualified. You can also indicate that, in the event of a suspected cheater, a winner can be chosen by an alternative means, such as a panel of judges. 

It may not seem like you’re doing much to deter cheating by incorporating measures like these into a set of terms and conditions, but clearly displaying your terms can, in fact, make cheaters think twice. Much like a burglar scoping out a house to rob - the most vulnerable targets are houses with the fewest perceived obstacles. In other words, why would they risk breaking into a house with an advertised security system and a “Beware of Dog” sign when they can just as easily move on to a house with no visible protection? Writing thoughtful terms and conditions and displaying them within your contest or giveaway is like that advertised security system and “beware of dog sign” - perceived obstacles that may convince cheaters to move on to an easier target.  

Combine security features for the best protection

It should go without saying that protection against cheaters takes more than the implementation of one or two of these methods. To ensure your contest or giveaway is as close to ironclad as possible, a combination of these efforts and some forethought into your promotion’s potential vulnerabilities will give you a leg up when it comes to preventing cheating and dealing with it after it’s happened. 

About the author

By Jessica Miller-McNatt ・5 min read
Follow

Jessica Miller-McNatt has been with ShortStack for over a decade and has served in every role from Marketing Team Lead to Customer Success. Her journey in martech continues to fuel her fascination for what drives growth. Jessica's favorite weekends are spent in the North Georgia mountains, chasing waterfalls and exploring with her family.


Get marketing tips straight to your inbox

Thank you!
Your submission has been received!
Oops! Something went wrong while submitting the form.
We’ll email you 1-3 times per week—and never share your info.