Mass enumeration of coupon numbers, voucher codes, discount tokens, etc.
What is Token Cracking?
Identification of valid token codes providing some form of user benefit within the application. The benefit may be a cash alternative, a non-cash credit, a discount, or an opportunity such as access to a limited offer. For cracking of usernames, see OAT-007 Credential Cracking
Token Cracking is also known by terms such as coupon guessing, voucher, gift card and discount enumeration.
The symptoms of Token Cracking
Sectors targeted by Token Cracking
Can InfiSecure prevent Token Cracking?
InfiSecure’s advanced bot fingerprinting technology can stop automated token cracking attempts by identifying and restricting automated usage by fingerprinting the user agent for its unique characteristics. InfiSecure identifies and restricts automated usage by reputation methods and employs rate limits to the number of failed token submission attempts per session /user / IP address/device / fingerprint. InfiSecure can even identify and block the most advanced persistent bots engaged in token cracking.