Modern marketers love referrals and bonuses. Unfortunately, so do fraudsters.
Let’s see how referral fraud works and demonstrate how to prevent it today.
What Is Referral Fraud?
Referral fraud happens when fraudsters find dishonest strategies to exploit referral programs.
If you implement a referral marketing strategy to spread the word about products or services, you must ensure fraudsters don’t abuse your program.
Unfortunately, referral fraud is increasingly common. A Statista survey, for instance, finds that it was responsible for 21% of all fraud attacks on ecommerce sites in 2021.
Referral fraud takes two main forms:
- Bad affiliate partners send bad users, unwitting visitors, or junk traffic toward your site to trigger the rewards.
- Fraudsters create multiple online accounts to refer themselves and trigger marketing bonuses.
The latter is comparable to bonus abuse and promo abuse, which are highly prevalent in the iGaming and neobank industries, among others.
The Consequences of Referral Fraud
Referral fraud means that a high percentage of your marketing campaigns are attracting bad users. Here are other consequences:
- wasting money and resources
- confusing your analytics, KPIs, and attribution numbers
- inviting fraudsters on your platform
- increasing chargeback rates or return fraud (for online stores)
- risking compliance fines for KYC and AML
The last point is particularly worrying for fintech companies such as neobanks who rely on referrals to grow their userbase. If the volume of applications is too high to check whether IDs are legitimate or not, they may face heavy fines.
The global fantasy football company is one of the many who trust SEON to stop referral fraudLearn why
5 Types of Referral Fraud
Since referral programs are unique to each business, fraudsters are able to come up with a variety of strategies to abuse them. Here are some key examples.
There are a variety of ways fraudsters can abuse referrals when you work with third-party companies to send traffic to your site.
- Cost-per-acquisition (CPA):
The affiliate gets paid after a sale goes through. Fraudsters will use bots to automate the process and pay with stolen credit card numbers. This is terrible for your chargeback rate and fees.
- Cost-per-click (CPC):
When you reward affiliates based on the number of ad clicks, they have every incentive to automate the process with bots. In some cases, they add the links to malware, malvertise, or simply steal traffic from a website and force users to click your links.
- Cost-per-lead (CPL):
The goal of a referral is to get users to fill out a registration form, subscribe to a newsletter, or bring the right data to the business (a relevant professional’s LinkedIn handle, for instance). Bad affiliates will use bots to send tons of traffic to your site and hope the high volume of traffic will yield a small percentage of successful results.
- Cost-per-impression (CPM):
The M in CPM refers to a thousand impressions (from Latin mille). Fraudsters create websites and use bots to boost ad views or layer ads on top of each other.
If you offer a referral fee or bonus to influencers, you’ll also find that some of them create fake accounts to boost their numbers. Bots and automation go through all the steps, and you’re left with junk traffic.
- Revenue share model:
It’s harder for fraudsters to abuse this more complex revenue-sharing model. However, sophisticated attackers can still use stolen credit card numbers and fake identities to make it look like a legitimate sale has gone through, pocket their share of the profits, and disappear. Cookie stuffing or bidding on search engine adverts also allows them to make bad traffic look organic, and steal your commissions.
Multi-Accounting and Self-Referrals
In this scenario, you have created a referral program with affiliate codes. User X gives their code to user Y and when user Y signs up, both users receive a discount.
This is a strong incentive for users to perform multi-accounting fraud. Put simply, they will create several, if not hundreds of fake accounts in order to refer themselves.
The accounts are created using a combination of tech tools (to spoof their software and hardware configurations) and fake IDs. The new IDs are made up, stolen from legitimate users, or a combination of both called a synthetic ID.
A less sophisticated type of referral fraud happens when users simply reuse the same referral code multiple times.
However, this stems more from a failure of your referral program system rather than criminal behavior. Users who find this type of loophole will no doubt exploit it.
If you’ve closed the repeat redeeming loophole, be careful as some users may even go as far as creating accounts, deleting them, and repeating the procedure multiple times to benefit from sign-up bonuses.
If you’re a Shopify store offering discounts to new customers, account cycling is a type of fraud to watch out for. The key here, like with multi-accounting, is to establish connections between users by logging as much data as possible. More on that in the solutions chapter below.
If you’ve ever found yourself at a checkout page with the option to enter a coupon, you might have searched for one online.
What you’ll find is that there is a whole cottage industry of websites that specialize in sharing discounts, promo codes, and affiliate links with the general public.
While most would not consider the practice strictly fraudulent, it crosses into a grey area at best, and voids the terms and conditions of your promo at worst.
It is another way in which you may find suspiciously high volumes of discounted purchases without any increase in whatever you are trying to grow in the first place: loyal customers, social media fans, or valuable partners.
How to Prevent Referral Fraud
Preventing referral fraud requires forethought both at the strategy stage and on a technical level.
#1 Continuously Vet Your Affiliates
In today’s fast-paced world, new business partnerships are faster than ever to develop. It’s also easier than ever for fraudsters to pass themselves off as legitimate businesses.
This is where a bit of foresight can go a long way.
First, make sure that you run strict KYB (know your business) checks on any third-party affiliate. That may include a background check and other kinds of due diligence processes.
You might also want to pay close attention to the first user they bring in and how soon you start experiencing chargeback requests from their users.
After that, you can:
- assign an ID to each affiliate
- track the kind of traffic they bring – making sure it’s from the right websites
- take your time in verifying the first transaction (to ensure it’s not from stolen cards)
- label each conversion as successful or not
- check the conversion rates
In the example above, which comes from the SEON dashboard, you can clearly see the number of good conversions each affiliate brought.
APPROVE shows when the transactions went through without a hitch. REVIEW shows when there was some concern they might be fraudulent. DECLINE shows conversions that were obviously bad.
Filtering the quality of the traffic in such a way helps you quickly see which affiliates performed the best during a set date range.
And last but not least, you should also consider what conversion ratio is too good to be true. A very high volume of good transactions may point to suspicious payments – and therefore potential fraud.
#2 Spot Connections Between Users
When it comes to referral fraud performed by users, your goal should be to quickly identify repeat offenders.
In the fraud prevention world, we call it multi-accounting, and it’s mitigated by gathering as much data as you can. You can then connect the dots.
First, you must gather as much information as possible about the new users on your site. Here is an example of the kind of data fields you should be able to fill:
Armed with this information, you can then start looking for connections. Some fraud prevention tools will give you neat visualization features, such as the one you can see in action here:
Are you dealing with multiple customers who log on using the same device? Or sharing an IP address? Referral fraudsters may be able to create identities out of thin air, but their device spoofing is more time-consuming, and therefore easier to catch.
The key is to understand which parameters point to a risk of referral fraud and to create a score that reflects such.
Looking at IP addresses, for instance, you could safely say that a customer using Tor to connect to your site is high risk. In the screenshot below, you can see how a rule catches that data and gives it a higher risk score (+95).
#3 Go the Extra Mile with Velocity Checks
Velocity checks allow you to measure customer behavior by looking at actions during a set timeframe. This is crucial to identifying referral abusers who go through the same motions to trigger your bonus.
Here are two examples where the risk score should be higher:
#4 Flag Bots and Automation
Another check you can implement should look at whether the user triggering a referral reward is indeed a person.
- Enable CAPTCHA: A simple preventative measure proved to reduce bot submissions by up to 88% (but be careful not to add too much friction).
- Deploy a Web Application Firewall (WAF): These firewalls are good at blocking basic bot traffic. You may catch the less sophisticated automated attempts to flood your site with referral signups.
- Use fraud monitoring risk rules: The most advanced solution also gives you the most flexibility in battling automated referral fraud. With fraud management software, you can score each referral and determine if it looks legitimate or not based on your own parameters.
Like in the previous tip, the key is to identify how these so-called users connect to your website. You may find that certain configurations are highly likely to be from fraudsters, such as:
- VPN, Tor, and suspicious proxy use: Fraudsters programmatically change their connection details to make it look like they are using different devices.
- Emulator usage: Another tool designed to quickly spoof their software and hardware configuration.
#5 Ensure Your Referral T&Cs Are Watertight
Last but not least, you should also continuously ensure that your housekeeping is in order. Go over your referral program’s settings and terms and conditions. Check that:
- The conditions for triggering a reward are set properly.
- You enable a referral review period (to catch suspicious referrals).
- You set an expiration date for coupons.
- The use of promos is limited to new customers only.
You should also regularly review the terms and conditions to catch any loopholes your users or partners might have discovered.
You might also want to track each promo code to make sure it’s not being shared widely on a discount website, which could hurt your campaigns.
How SEON Prevents Referral Fraud
SEON is an all-in-one fraud prevention solution that can look at suspicious affiliates as well as suspicious users.
By gathering hundreds of data points and enriching them, including dozens that no other fraud prevention company looks at, we can help you get a 360° view of your business partners and customers.
Our experience with iGaming clients has allowed us to develop affiliate features, including functionality that tracks conversions, vets good partnerships, and gives you the tools you need to boost the success rate of your referral program.
Coming from a competitive sector with high referral activity, these features of the SEON platform are extremely helpful but importantly, they find applications across verticals and industries.
Partner with SEON to reduce fraud rates in your business with real time data enrichment and advanced APIs
Book a Demo
Forbes: Your CAPTCHA Could Be Hurting Your Sales
Showing all with `` tag
See a live demo of our product
Jimmy Fong is the Chief Commercial Officer of SEON. His expertise in payments saw him supervise the acquisitions of companies by Ingenico, Visa and American Express. Jimmy’s enthusiasm for transparent sales and Product-Led-Growth companies drives SEON’s global expansion strategy, and he interviews both fraud managers and darknet fraudsters in our podcast to stay on top of the latest risk trends. Yes, it’s also him wearing the bear suit on our YouTube channel.
Sign up for our newsletter
The top stories of the month delivered straight to your inbox