Affiliate fraud is a growing concern for online marketers. Here’s how it works, and a primer on choosing the right prevention tools.
According to Juniper’s Future Digital Advertising: Artificial Intelligence & Advertising Fraud 2019-2023, advertisers’ total loss to fraud will rise to $100 billion by 2023.
And most of it is to blame on affiliate fraud.
The thing is: affiliate marketing is more important than ever for modern online businesses. We live in the age of comparison websites, Youtube influencers, and heightened customer expectations for sourcing engaging content.
How Affiliate Fraudsters Adapt to Your Model
When an affiliate says they’ll bring traffic to your site, it’s understood that these users are likely to go through the conversion stage.
This is true whether you reward your affiliates for each lead they bring, or every ad impression, based on several possible payment models:
- Cost-per-acquisition (CPA): the affiliate gets paid upon fulfilment of a sale. Huge CPA businesses include MoneySuperMarket and TripAdvisor, amongst others. Fraudsters will use stolen IDs and credit card numbers to finalize the conversion, often using bots to automate the process. This can incur huge chargeback fees for your company.
- Cost-per-lead (CPL): the affiliate gets paid upon completion of a registration form, subscription to a newsletter, or simply by delivering the right user data. Unscrupulous affiliates will deliver bad customer data, use bots to fill forms, and even give you opt-out lists instead of opt-ins.
- Cost-per-click (CPC): affiliates receive a rate based on the number of ad clicks. Fraudsters use bots to automate clicks, and find ways to direct unsuspecting users towards the clickable link.
- Cost-per-impression (CPM): the M in that case, stands for Mille, referring to every thousand impressions. Fraudsters will create fake websites and use bots to increase the number of ad “views”, and even layer multiple ads on top of each other to count as impressions.
- Influencer model: you offer freebies to an online personality with enough of an audience. But of course, here again fraudsters have no qualms about creating fake accounts and boosting their numbers with bot views and comments. A whole cottage industry of social profile boosting exists for that purpose.
Breaking Down an Example of Affiliate Fraud
Let’s look at an example we’ve encountered multiple times in the iGaming world. The vertical is particularly susceptible to affiliate fraud, simply because it needs affiliate marketing more than other types of businesses (Google ads doesn’t allow online casinos and gaming sites, for instance).
In this scenario, the gaming company has set up an affiliate program with a CPA model. The action required, or KPI, is a user registration on the site. They will need to enter their details (full name, email address), and verify their age (a legal requirement).
Because of the fact that reducing friction is primordial, some operators will try to wait until the withdrawal stage to provide ID verification.
Now, a fraudster signs up to become an affiliate.
Their first goal is to bring in legitimate traffic to the site. It can be done with domain spoofing, when they create fake landing pages that look like legitimate ones. Users who end up on these fake pages are redirected toward the iGaming site. If some of them sign up, that’s a plus for the fraudsters.
But to ensure they get the reward, fraudsters can rely on multi-accounting. They will source stolen IDs from data breaches purchased on the darknet. By using bots, they can automate the process and scale it to their liking.
Because all the conversions appear legitimate and from different users, the fraudsters receive high payments, but meanwhile, your business has to live with the consequences.
The Consequences For Your Business
Best scenario without affiliate risk management services? You realize you’re wasting marketing money on the wrong people and cancel the contract.
But the problem is that by the time you perform a review of the affiliate’s performance, it’s already too late.
- Bots will play havoc with your analytics.
- You waste precious marketing dollars.
- Campaigns’ KPIs are harder to measure.
And for the worst-case scenario: you also put yourself at the mercy of KYC or AML fines. If your bad affiliates go all the way to the transaction stage, you’re also left in a lurch when it comes to processing chargeback fees.
Finally, let’s not forget that you could also be losing money if you offer signup bonuses. There is an overlap between affiliate fraud and promo abuse, which bad agents will only be too happy to exploit.
The Solutions: Check the Traffic, Device, and Behaviour
You want a three-pronged approach to check the quality of your affiliates. Ideally, your fraud prevention solution should be able to deliver the following tools:
The first step is to keep track of traffic quality. Make sure your system lets note affiliate IDs, and that you get an accurate view of how many of the users they bring, will eventually go through the conversion stage successfully.
In the screenshot above, we can clearly see that each merchant (or affiliate) brings in users whose transactions are approved, reviewed or declined. These three results can of course be automated by your fraud prevention system.
But the key point is that after logging every conversion for a while, you’ll have enough data to start separating good affiliates from bad ones.
But what if you want to block fraudulent traffic before it enters your system? You can look at device fingerprinting.
Each user that lands on your conversion page will arrive with some data. We call it a digital footprint, and it includes the configuration of their software and hardware.
Now with a device fingerprinting module on your site, you can create IDs for these configurations, and see when anything looks suspicious. For instance:
- Has this exact configuration already been found on your site? There is a possibility you could be dealing with a fraudster trying to fool your system with multi-accounting.
- Does the device point to an emulator like FraudFox, Kameleo, Linken Sphere, MultiLogin or AntiDetect? These are tools favoured by fraudsters who use bots to abuse affiliate programmes on a mass scale.
Combined with other data enrichment tools, you will be able to build a pretty complete profile of your users – all in real-time.
Note that device fingerprinting is also a fantastic tool for curbing bonus abuse, for instance in the gambling world, or even to reduce chargeback rates and manual reviews.
In fraud detection, the behaviour is tracked via a series of risk rules. Every time the user data is checked against the rule, a risk score increases or decreases.
The most obvious example would be a standard IP analysis. Is the user’s IP address pointing to the same location as the cardholder’s address? But you can of course get much more sophisticated with the rules:
- How many connection attempts did they make per hour?
- How fast did they complete the fields on your signup form?
- What was the average time it took them between landing on your conversion page and going to checkout?
Key Takeaway – Don’t Let Bad Affiliates Sink Your Marketing Efforts
Cutting through the noise is harder than ever for marketers, and things are made more complicated by fraudulent affiliates.
The good news is that affiliate fraud detection is faster, easier, and more affordable than ever.
Using a simple combination of decent traffic monitoring, device fingerprinting, and tailored risk rules, you should be on your way to flag bad partnerships and focus on the best ones that can really help grow your business.
Learn more about our products
Tamas is the founder and CEO of SEON and an expert in all the technological aspects of fraud prevention.