How-to Avoid SaaS Free Trial Abuse

free-trial-botAt the Black Hat conference in Las Vegas, a security research duo showed how they built a cryptocurrency-mining botnet by leveraging cloud platform services – like Amazon Web Services, Heroku, or Google App Engine – using only Free Trials and Freemium accounts [PDF].

Cue the overly-dramatic sky-is-falling music as we mourn the demise of SaaS Free Trials and Freemium (remember, it pays to be clear on the various uses of “Free”).

I know a lot of entrepreneurs, founders, executives, and product marketers at SaaS and Cloud companies will read that Wired article and say to me – since I’ve been quite vocal about not being a fan of requiring a Credit Card to get started on a Free Trial – “See Lincoln… not having a credit card wall opens up our system to abuse!”

But they’re wrong… and here’s why.

People want the best practice to be that you should collect Credit Card details up-front on a Free Trial, because, let’s be honest… it means they don’t have to “sell” later on.

It means anyone that enters the trial is “serious” and they’ll become a paying customer because they have “skin in the game.”

They want this to be true. But it’s not.

Don’t get me wrong, it’s very important for stories like this botnet use case to be surfaced by the white-hats so that proper safeguards can be put in place. But it is also super-important to take a step back, learn from this, and then to really think about how to apply this learning in a rational way that doesn’t punish the prospective customer’s experience to your service.

The knee-jerk reaction, because it jibes with underlying biases, is generally to punish the user, prospect or customer; the captcha is a well-known example of a device that punishes the good guys.

When I work with web companies that have the potential for large-scale abuse – email marketing, website creation/publishing, landing page creation/publishing, vertical-specific ad creation/publishing (cars, real estate, etc.), phone dialer services, data or content providers, or even Infrastructure / Platform-as-a-Service companies – I tell them all the same thing:

Abuse Points are Value Points.

Let me repeat that: Abuse Points are Value Points.

When someone is “abusing” a system, they’re basically saying “this is where I find value in the system.”

Normal, ethical people probably find value in that same place in your system as the bad guys.

So these “abuse points” are where value is realized by the customer, at least from a functional standpoint; in this case, the functional standpoint is that they completed the “job to be done” with the product. Real value may come as a result of the functional completion, but that’s a story for another day.

For Email Marketing, value is realized when the email is sent to a large list. For an e-commerce store, when I open the store for business. For a Platform-as-a-Service, when I move my app to production.

What I’m about to say is for SOME web services that are legitimately prone to abuse. For MOST SaaS companies, this does not apply, but it’s still interesting to think about.

For SOME cloud services – again, not all – it is perfectly acceptable (and possibly even expected) for some features or functionality to only be activated or available only after a Credit Card (or some other financial instrument) has been presented and/or charged.

But let me be absolutely, 100% clear. If you can let a prospective customer experience the full power of your entire product for free before you ask them to enter their Credit Card or before you ask for the sale, that will always be better.

But there are times when that simply can’t be the case.

For instance, before you can send emails to your entire list (rather than a small subset), you need to at least enter a Credit Card so we can validate that you’re a real person (not a big time spammer). Before you can open your e-commerce store for business, we need you to enter your Credit Card info. Before you can move to production with your App on our Platform, you have to pay us.

The Logical Next Step

So on a 14-day Free Trial (or whatever the best length is for your Free Trial), if the prospect hits an “abuse point” on day 3, that’s great. Now they’re ready to take an action that, instead of being a way to abuse the system, is actually in your favor.

What that action is – what happens next – is up to you (though I encourage you to take your customer into consideration, as well as what they’re used to with adjacent and competitive products), but you have a couple of options.

  1. Ask for their Credit Card, end the trial, and start their subscription right then
  2. Ask for their Credit Card and continue the trial from there, automatically billing their card and starting their subscription at the end of the trial

Then, once they’re paid up or you at least have their Credit Card on file, you can let them do the thing they couldn’t do before.

Grow LTV with this Sales Hack

A nice hack to grow Customer Lifetime Value (LTV) is to follow that action they take with a One-Time Offer (OTO) to get them to convert to a paying customer right then (to end the trial) or – if they already paid – to take advantage of an even better offer. One way is to offer them a discount, but make sure you offer the right kind of discount.

So even though you have a potentially abusable system, by understanding how things work, you can create a system that doesn’t keep your prospects from signing-up initially by requiring a Credit Card up front, but rather one that works in-concert with how a potential customer might like to experience your product.

Remember, putting up a Credit Card wall doesn’t keep out the riff raff…. it keeps out many real, legitimate prospects who don’t know, like, or trust you yet.

If you understand that “abuse points” are actually Value Points, you can take back the power from the bad guys and keep the good guys flowing in.

I hope this helps you a bit.

About Lincoln Murphy

I invented Customer Success. I focus primarily on Customer Engagement. Learn more about me here.