What Is Affiliate Fraud?
Affiliate program fraud is associated with affiliate marketing. So to understand affiliate fraud (and affiliate fraud detection), it’s useful to quickly run down what affiliate marketing involves. It’s when a third party publisher or affiliate generates a commission on the basis of promoting a company’s products, as well as traffic to the company’s site and leads for them.
However, affiliates can abuse this system (as well as your trust in them) to generate for example legitimate traffic to business. Their aim is to make it seem as if they’re generating legitimate interest in a company’s product, by using tools that can create fake trails. In order to take advantage of an advertiser, a fraudster will set themselves up as an affiliate marketer. The way a fraudster takes advantage of the affiliate program will depend on the kind you’re using.
Fraudsters are ultimately trying to make it seem like they’re generating legitimate, useful traffic to your business (that will lead to sales conversions). The abuse comes from them trying to bump up their traffic stats so it seems like they’re doing their job, when really, they’re creating illegitimate traffic that a real customer isn’t voluntarily creating (via clicks because they’re interested in a deal or referral). Sometimes a fraudster will use malware and other strategies to make it look like an organic click or install of an app is via affiliate marketing, therefore making it seem like they should receive a much bigger cut of an advertiser’s budget.
How Does Affiliate Fraud Work?
Fraudsters will use different tactics depending on the model of the affiliate program, and the reason for why affiliates are paid through each one.
CPA stands for cost-per-acquisition – the affiliate gets paid when they successfully encourage a customer to make a sale. Criminals can claim this fraudulently by using stolen identities and card details to make a purchase, instead of a legitimate customer. The problem with this kind of fraud is that it can lead to huge chargeback costs, due to victims attempting to claim their money back.
CPL – cost per lead – on the other hand means the affiliate gets paid per lead generation. This would involve a customer taking an action such as registering with the company, downloading a guide, subscribing to a mailing list or similar. Fraudsters take advantage of this by filling out the forms via bots rather than real customers, for example.
Affiliate click fraud can be costly to businesses who are simply paying per clicks – Cost per click (CPC) affiliate programs can be exploited by fraudsters who are able to automate these. Finally, cost per impression programs (CPM) that pay per views are exploitable by placing ads on a fake website and using bots to direct views to the page that the ad is on.
Example of Affiliate Marketing Fraud
How do these tools work? There are a few different ones out there that affiliate fraudsters employ to make it seem like there’s a lot of traffic or referrals, which means that an advertiser will cut them a bigger share of the budget – by making a fake trail. There are many affiliate fraud examples: we’ll look at just one below.
Cookie stuffing is one of the most popular forms of affiliate fraud – it’s probably the main example to be aware of. They’re a target because affiliate marketers or third party publishers often use a user’s browser cookies in order to show that they’ve clicked on their affiliate marketing link (and so are generating traffic). Cookies are small files stored via a user’s browser, and usually show their legitimate browser history. However, with cookie stuffing (or spamming as it is sometimes known), fraudsters can make it seem as if a customer has repeatedly accessed the link by placing cookies on a visitor’s computer. Not only is this illegal, it also means that you can no longer use this information to tell you whether affiliates are generating legitimate customers or not.
How Affiliate Fraud Impacts Businesses
One of the biggest targets of affiliate fraud is the iGaming industry. Gaming and casino sites can’t use Google Ads to market their product so they often have to turn to affiliate marketing to gain traffic and customer engagement. The issue with this is that they (or any companies that rely on affiliate marketing) run the risk of affiliates fraudulently using bots to fake high traffic, which results in high CPC spend.
Affiliate fraudsters distort your stats. The bots they use will confuse your analytics, meaning that you think you should be paying out more to them. Because of artificially boosted analytics, it makes it much harder to measure your campaign KPIs overall.
How to Prevent Affiliate Fraud & Protect Against it
Affiliate fraud prevention should be something you think about before you even start taking on affiliates. That’s because the scale of the impact that affiliate fraud has on your business really depends on how quickly you’re able to catch the fraudster before you start assigning some of your budget to them – if you catch them, you can cancel your contract. However, you’ve probably already paid out to them by the time you’ve caught them, meaning that you’ve probably lost money regardless. Wondering how to prevent affiliate fraud and protect against it? Keep reading.
Using Device Fingerprinting
Device fingerprinting helps you to find patterns of affiliate fraud via signals that fraudsters leave behind while taking actions on your site. One particular red flag easily spotted by device fingerprinting is device spoofing. Affiliate fraudsters basically turn to device spoofing to cover up the fact that they’re only using one device to take actions (like clicks, downloads or form filling). Instead, it now looks like these are coming from multiple devices and so different users. This can be difficult to catch with device fingerprinting, however, the most cutting-edge solutions that involve canvas fingerprinting (tracking users through an HTML5 canvas rather than browser cookies) can still catch them using this technique.
Behavioural Analysis
Customer behaviour on your website can tell you a lot about them, even if they don’t even register with you. Criminals have suspicious behaviours that with the right tools, you can spot. For instance, you might find that affiliate fraudsters violate terms of service repeatedly. They might make a suspicious number of connection attempts per hour, at an usual velocity. Another clue could be a very short time between your conversion page and attempting to purchase a good or service from you. Fraud prevention and detection software that uses behavioural analysis will usually be able to flag up some of the actions described above.
Traffic Monitoring
Finally, traffic monitoring is another good means to spot fraudsters posing as affiliates. A good place to start is making sure that you’re logging affiliate IDs via whatever system you’re using to keep track of them, so you can get a sense of how many visitors they are bringing on average. You can gain an idea this way of how many successful or unsuccessful conversions they bring as well, which can give you an indication of whether they’re good to use or bad. Some tools you can use to monitor traffic include Google Analytics, or Adobe Analytics.
So that wraps up some of the affiliate fraud protection options, but which tools have them?
Affiliate Fraud Prevention Tools
Fortunately, there are quite a few affiliate fraud prevention tools on the market. That way you can hopefully stop a fraudster in their tracks before they’re able to do real damage to your budget, or have your analytics blown out of proportion for their own criminal gains. Tools like SEON include browser fingerprinting analysis, device fingerprinting analysis and behavioural analysis as well. As SEON’s device fingerprinting supports canvas fingerprinting, it’s one company out there using the latest technology to stop criminals using device spoofing (which may not always be detectable using device fingerprinting). FraudHunt’s product focus is on preventing affiliate scams (alongside preventing credential stuffing attacks and content fraud) – using their fingerprint ID module. It’s considered cost-effective and efficient if this is the only solution you’re looking for. Finally, Signifyd also offers device fingerprinting in the form of tags that enable the collection of a user’s page views, mouse clicks, movements and other actions which could be possibly suspicious.