We keep a close eye on every possible fraud source in the online business. Our team members are experienced not only in various types of advertising fraud detection, but in transaction and affiliate fraud as well.
Let’s take a look in the affiliate fraud part!
Most of affiliate programs have to deal with various types of fraudulent partners. Don’t waste the words, let’s dig in!
Email spam, chat spam – Easy to do, easy to detect
What they are doing: sending unwanted promotional emails to possible customers to buy the affiliate program’s product. It’s dangerous to let the affiliates spamming customers, because usually the annoyed users who got spam email, will blame the product, not the affiliate. In email spams not just the spamming itself can harm the promoted product’s reputation. Usual problem with spam traffic also the misleading of the users. And the same case true for the chat spam too. Fraudulent affiliates usually hires freelancers for a few bucks to promote their affiliate links through Omegle or other chat platforms.
Typosqatting – Also easy to do, and easy to detect
This is a quite easy to do, you just buy a domain, that’s super similar to your brand’s domain. For example, you are the proud owner of “myfantasticbrand.com”, well known company. I’m sure when you start growing and your affiliate program starts to get bigger and bigger, one, or more affiliates will register some similar addresses like yours, like: “myfantasticbrand.cm” or “myfantasticbamd.com”. Some visitors will just accidently type in your brand’s typosqatted misrepresentation and end up on your affiliate’s site. That way you will end up paying revenues to your affiliate, who just brings you customers who were acquired by your marketing team and pay for the same customer twice.
Chargeback fraud – Little more advanced to do, still not rocketsurgery, and well, it depends on the fraudster, how hard to detect it is.
How it’s made? The affiliate buys bunch of stolen cards or cc data, usually somewhere on the darkweb. What you will see: huge visit to payment conversion rate, and even bigger failed payment rate. It’s dangerous because if you let the affiliates test stolen cards in your system, then your bank will say goodbye to you due to suspicious activities in your merchant account.
The other less criminal type can be, when the affiliate, or someone who asked by the affiliate register, buys a big amount from the product. When you pay out the big revenueshare or pps for the new coming customers, in a really short time the customer will ask for a chargeback from their bank. This way you will end up to pay the affiliate for a non existing customer, and your merchant account gets lower and lower trust from the processing banks.
Also popular technique for fraudulent affiliates. This is where we touch advertising fraud, a little too. Well, cookie stuffing can be quite technical, if the fraudster has the right know-how. We know cookie stuffing sounds delicious, but it’s not that sweet at all. This practice is using the fact, that 99% of the affiliate programs using cookies to identify the user’s origin. Affiliate programs set different cookies for their in house mediabuyers, for the different webmasters with the different offers. So basically the right legitimate practice is the following:
1. User visit a site
2. User clicks on the affiliate link
3. User gets the affiliate cookie and land on the offer site
4. User performs required action
5. Affiliate gets paid.
Sounds okay, right?
Well, you can fool this system several ways.
So basically if you translate this to a tech to-do, then you can see, the main goal is to set more-and-more tracking cookies to users who possibly want to use the promoted product. One can find lots of ways to do it, from quite primitive to some “secure” and complicated. These ways can vary on effectiveness and on the difficulty of the detection. Let’s say, you have a product review site. You know that your customers mostly read the reviews and not clicking on your affiliate links, so you decide to help them a little, and make them click on the links. Well you can’t contact every visitor and they don’t listen to your CTAs, so you do a little trick. You create a 1×1 pixel image and you set your image source link your affiliate linking code. Voila, you set the cookie for every visitor you have. This is called image stuffing. In this form it’s super easy to detect.
The user flow for the cookie stuffing version is the following:
1. User visits a site
2. User gets an affiliate cookie without interaction
3. User uses an other link or type in to visit the offer site
4. User performs required action
5. Fraudster got paid
And if you don’t have visitors on your site, you can still do it. You can still find some ad-networks that allow flash banners or third partycookies. Flash banners allow some url calls just with a few lines of actionscript coding. When the affiliate puts the linking code in the flash, they set a cookie for every impression, not just for every click. And this can harm your program a lot. A clever cookie stuffing affiliate can check out with some simpletools where your in house mediabuying team running campaigns, and buy some traffic from the same inventory. You will see that the affiliate’s earning is skyrocketing and your mediabuyers conversions are dropping down.
And that’s all folks, for today.
There are more sophisticated and tech savvy ways to execute as well as to detect affiliate fraud, to cover that we should write an encyclopedia not just a blog post. For questions about the advanced methods and how to detect them feel free to drop us a line to sales at enbrite.ly or just use the comment section below!
Our next post will cover the detection of these tactics, so don’t even think about getting your hands dirty!