16 comments

[ 6.5 ms ] story [ 67.1 ms ] thread
"Extreme couponers" is the wrong term to describe these folks. They were coupon counterfeiters. The article even states how the perpetrators didn't use the coupons themselves.
I think the article messed up there. The FBI press release claims that they did use the coupons themselves. Maybe the link should be changed?

> Talens not only regularly used her own coupons, but she sold them to a large group of subscribers who found her through social media groups.

https://www.fbi.gov/news/stories/woman-sentenced-for-coupon-...

Ok, so they were counterfeiting and distributing coupons.

> She trained herself in the different techniques she needed to manipulate barcodes to make these coupons work," said Special Agent Shannon Brill in the FBI release. Talens, who is considered the mastermind of the scheme, would create fake coupons with discounts "near or even over" an item's retail value.

> Talens was paid more than $400,000 in digital currencies such as bitcoin and sometimes "exchanged coupons for stolen rolls of the special paper stores use to print out coupons," the agency said.

She was reallllly getting sucked into it. I had a little (micro) taste of that once.

I decided to try extreme couponing some years back, coinciding with extreme weight loss. I ended up losing my last 50 lbs while eating my way through boxes of various name brand chocolate bars that cost me almost nothing. (Well, and a salad here or there. And I exchanged my macros for getting it all over with faster via eat-whatever-you-like CICO)

It was definitely an embarrassment of random riches though. One time I was able to buy about 20 high-end Zebra mechanical pencils for $.10 each. The cashier was stunned and it got a bit embarrassing as she exclaimed loudly and other people looked on.

I'm not surprised people get sucked into this stuff, because you start to realize that you are making away like a bandit. Nothing ever just costs what it costs.

So if you think that's an awesome way to feel, maybe it gets more intense from there, and you realize Photoshop is a thing? Personally I didn't like the excited reactions and making a scene at a store, though my kids and their teachers got some pretty great school supplies out of it.

So... how does one counterfeit a coupon? Like, the affected stores' systems just accept coupon codes in a format like: "Huggies 99% off?" for any arbitrary product?

I always assumed a coupon bar code just referenced some a central repository of discount options... but maybe that's wrong?

Seems like the barcodes encoded the deal, and they figured out how to insert arbitrary discounts and resell high value products. You can find legitimate arbitrage opportunities with extreme couponning, but just like mechanical turk or ad view / click rewards "work" it very rarely reaches minimum wage when you account for time and profit. If people are making bank doing seemingly trivial stuff like this, it's going to be temporary and/or illegal.
I think it was in the early/mid aughts when grocery stores wised up. Couponing was a big deal during that time frame and I worked in a grocery store in the States at that time that would periodically do "double" and "triple" coupon weekends. We would have people walking out with $200-300 worth of merchandise on the triple weekends and they would have to scan a candy bar at the check out so that we didn't owe them money. It was always a cart full of pretty bizarre stuff that didn't look like a typical grocery trip in strangely large amounts (stuff like 4 bottles of Windex). They eventually stopped doing the double and triple coupon weekends once they figured out how much money they were losing.

That was also before you could easily just walk into a store then turn around and sell what you bought online two hours later too.

Manufacturer coupons follow a GS1 standard in North America. It encodes values such as deal amount, if it’s a percent off or dollar off, minimum units required, if the coupon will work for a specific UPC or it works for the entire manufacturer, expiration date, etc.

Most point of sale terminals only verify that the data is the correct format; it does NOT validate or authenticate. The cashier should act as a second check (theoretically a barcode printed on toilet paper for 100% off a TV would work for instance). The coupon gets collected and sent to a 3rd party clearinghouse 95% of the time. That clearinghouse will check for fraud and authenticity, and invoice the manufacturer on behalf of the retailer at the end of a month.

Source: Led marketing for multiple CPG/Food companies, lmk if other questions, I don’t often get to talk about this on here!

> Most point of sale terminals only verify that the data is the correct format; it does NOT validate or authenticate

This sound like a major design flaw though doesn't it? I would assume that the system would actually check whether this particular product is eligible for that discount instead of accepting it blindly? Why is one potential API call moved further down the chain to 'clearinghouse'? Why is this process 'failing' so late in the chain?

Grocery is really behind on technology. In fact if you do direct to store delivery as a smaller farm/food manufacturer, most orders are placed via text message from the buyer to a sales person at the manufacturer.

There is very slow movement around a standard digital coupon format, that does allow validation. The biggest challenge is all parties need to work together to make it happen. Both the investment to update point of sale registers and then trying to get every grocery chain/store signed up to said format on one end, and then consumers actually using these coupons on the other (which require smartphones and app downloads currently). (https://www.gs1us.org/upcs-barcodes-prefixes/additional-ways...)

The uptake into digital coupons is still extremely slow; In 2020, the load-to-card type coupons you may have experienced are only at 30% of the coupon market.

Major chains predominantly run on Toshiba SurePOS 4960. That 4-digit number should give you a clue. It is, of course, a spinoff of an IBM monstrosity originating in 1980s.

This thing is programmed in REXX and Java. Many files end in .286

Although there are possibilities for API integrations, users usually use the ssh interface into the controller system. It would take significant effort to add manufacturer coupon validation logic.

By encoding self-contained data, coupons violate the first principle of data security - never trust the input.

Source: I service 4960 controllers for major chains. My first encounter having to edit REXX files using native tools was very interesting.

I'd love an in depth sorry on this. How did the coupons scan correctly?
There isn’t a central db of valid coupons, the discount and product barcode are encoded in the coupon barcode
I went a little more in-depth about how manufacturer coupons work in a comment above. Long story short there isn’t any “server side” verification. As long as you have the correct format, anyone can create a barcode that will scan and give you the offer you encoded. But you will be committing fraud (don’t do it) and it does get checked.
These aren’t really “extreme couponers” as much as they’re coupon fraudsters (they printed their own coupons).
Wow, the husband got 7 years because he "he was aware of and profited from the scheme." That seems pretty harsh when her sentence was 12 years. Is that normal?