Affiliate marketing is often misconstrued by marketers as a set-and-forget channel. Automation is prevalent in the management of affiliates thanks to advances in digital technology and affiliate networks, alleviating the need for constant management. Simultaneously, a lack of understanding by non-specialized marketers about the intricate methods that fraudsters have adopted as affiliate marketing has gone digital has led to a lack of effective security practices by advertisers.
Advertisers should take concern with the security of their affiliate marketing practices to guard against fraud, which is relatively common in a channel dependent on publishers who earn commission for achieving specific results — and the dupable technology that triggers those commissions. While most affiliate KPIs have evolved from simple traffic or clicks to more substantial actions like form submissions, direct sales or subscriptions, fraudsters continue to find ways to game the system.
In this article, we will discuss how various, common forms of fraud takes place in affiliate marketing, how advertisers can detect and prevent fraud, and how establishing certain security practices in compliance with FTC guidelines is a critical baseline for avoiding other legal and financial issues down the road.
What is affiliate fraud?
Affiliate fraud is the exploitation of affiliate marketing programs to gain unwarranted commissions through false or unscrupulous means. This kind of advertising fraud also extends to any practice that breaks the agreement in place between the publisher and the advertiser, explicitly stated in the written terms and conditions of the affiliate agreement.
If an affiliate strategy is something you’re considering as part of your marketing funnel, it’s crucial to understand how and where your advertising budget might be exploited through fraudulent publisher activity.
Like any digital advertising practice (e.g. banner ads or paid search ads), the traffic to and through your affiliate ads can be false traffic — such as bot traffic or human fraud farms that contribute large amounts of commissioned actions without any true business intent behind them.
Alternatively, fraud can take the form of misattribution, when fraudsters steal credit for the work of actual affiliates or take credit for leads who did not knowingly engage with a brand via an affiliate. This could be the result of practices like cookie stuffing or click spam.
Common methods of affiliate fraud – defined
Let’s define and break down the common kinds of affiliate fraud with which your brand could contend. Keep in mind that all of these forms of fraud have serious consequences: advertisers can lose huge percentages of their affiliate ad spend to fraudsters without any ROI, and misattribution can lead to real affiliates becoming discouraged, losing trust and abandoning advertisers who pay them less due to the redirection of rewards to fraudsters.
Bot traffic: Bad bots can be leveraged by fraudsters to fulfill actions at scale and earn commissions without delivering leads or sales. Automated botnets can be deployed to fill out forms on an advertiser’s site or drive up clicks and impressions.
Human fraud (farms): Instead of using bots, some more organized fraudulent publishers or groups pay low wages to large groups of people who carry out affiliate activity to generate commission based on actions that are more difficult to falsify. For example, a human farm of a hundred workers could spend hours every day filling out forms or taking other on-site actions, while easily bypassing the bot-prevention systems in place.
Click fraud (click spam): Click fraud, also called click spam or click injection, is a specific form of affiliate fraud generated by bad actors like bots or humans when clicks or impressions are the primary endpoint for affiliate commissions. These bad actors will repeatedly click through affiliate ads to generate revenue which would, for example, be exchanged for human traffic from a publisher’s site.
Typosquatting (URL hijacking): One tricky method fraudsters employ to capture users attempting to visit an advertiser’s site is typosquatting, also known as URL hijacking — fraudsters can steal credit for organic or direct traffic by owning URLs adjacent to the advertiser’s URL, especially URLs that are common misspellings of the original URL (e.g. wallmart.com instead of walmart.com). Major brands can typically avoid this easily by buying up site domains of these typos so fraudsters can’t squat in them and redirect to the advertiser’s site through an affiliate link to gain commission they wouldn’t otherwise gain.
Transaction fraud: Transaction fraud can be one of the most detrimental forms of ad fraud because it involves the fraudster making a purchase using stolen credit card information. In the affiliate space, this could mean not only lost commission going to the fraudulent affiliate who sent through the false purchase, but also potentially lost product and credit card chargebacks.
Attribution fraud (app installs): In cost-per-install (CPI) campaigns, fraudsters sometimes attempt to steal credit for app installations by claiming fake clicks just before the initial launch of the app after installation. Often, this is done through malware that recognizes installation of a new app and then creates a fake click report to exploit the typical last-click-attribution model.
Adware/spyware: If fraudsters can successfully get users to install adware or spyware on their devices (most often, without their knowledge), the fraudsters can use this malware to insert affiliate codes automatically, such as in the example of attribution fraud for app installs.
Loyalty software: Fraudulent affiliates offer the installation of loyalty software on a user’s device to automatically remind them about various benefits available from certain brands. Then, even if the user is not actually enrolled in a loyalty program necessary to receiving benefits, the user will still be redirected through affiliate links to these merchants, providing commission to the affiliates.
How to detect and prevent affiliate fraud
The list above shows just a handful of tactics that fraudsters may use to defraud affiliate networks and exploit advertisers for falsely earned commission. Most of them can be prevented or managed, but may also be very difficult to detect if the advertiser or network is not looking for the warning signs.
To mitigate the damage that fraudsters could cause to an advertiser’s business and ensure that their affiliate ad spend is not being wasted falling into the wrong hands, there are a few standard security practices that should be in place when partnering with affiliates.
1. Vet and communicate with affiliates
Though networks take the hassle of acquiring affiliates at scale, having your own manual vetting process in place to screen new affiliates and understand who they are and what they can offer in terms of traffic is an effective first step to preventing future fraud. A tradeoff for the scale offered by affiliate networks is that they provide minimal visibility into individual publishers, which can create a greater risk for fraud and fraud attribution difficulties. Depending on the size of your business and your affiliate budget, it may be worth seeking out affiliates more deliberately and forming partnerships completely on your own terms. Regardless of the mechanisms in place, you’ll want to make an effort to communicate your terms and conditions clearly to every affiliate and keep them updated if any changes are made to that agreement.
2. Keep an eye on analytics
Close monitoring of incoming traffic to your site and transaction history will be an important step in catching fraudsters red-handed. If you begin to notice unusual amounts of traffic with abnormally high bounce rates, for example, that might be a clue that bots are bombarding your site to help a fraudster. Other hints might be a large number of transactions coming from a specific IP address or a sudden increase in the number of redirect pages showing up. This practice of data monitoring can be time consuming in terms of ongoing management, but it’s absolutely necessary to protect your business from unscrupulous affiliates.
3. Remove suspicious affiliates
If you’re monitoring the data carefully and come across patterns of unusual or suspicious behavior from a single IP address or known affiliate publisher, it could indicate that someone is using fraudulent tactics to boost their commissions. Have a plan in place to confront any suspicious affiliates and block or remove them if necessary.
4. Consider using a fraud prevention platform
There are several solutions available to help detect, prevent and handle affiliate fraud in real time. Consider using a paid fraud prevention platform to gain access to useful tools and expert service that will give your business greater peace of mind when running your affiliate marketing strategy.
FTC compliance: Why terms and conditions matter
The backbone of any affiliate marketing program is a strong set of terms and conditions. The laws around affiliate marketing are continuously evolving as the Federal Trade Commission (FTC) seeks to help protect both advertisers and affiliates.
That’s why it’s crucial for advertisers to take the steps needed to remain compliant with FTC requirements and hold their affiliates accountable. This will ensure the avoidance of any potential fines or other legal issues for the business. For advertisers, accountable affiliates should also mean trustworthy affiliates.
The primary rule enforced by the FTC in relation to affiliates is the clear disclosure of their status as an affiliate with whatever brand(s). For example, any social media influencers will clearly use “#ad” when they are promoting the brand for whom they are an affiliate.
So, think of your affiliate agreement’s terms and conditions as sacrosanct — they lay down the law about how commissions are earned, how affiliates should present themselves as a partner, and any other specific guidelines that should be followed. These terms and conditions help keep an advertiser protected from exploitation and in compliance with FTC regulations. Then, when any fraudsters might appear, there’s a clear understanding on both sides of the consequences.
Need a clearer picture of the true consequences of affiliate fraud? In 2013, two of eBay’s super affiliates were convicted of fraud as a result of their cookie stuffing practices that led to a payout of over $28 million in commissions. It’s easy to see why advertisers need to be incredibly cautious when establishing their affiliate marketing plan, including who they work with and what terms and conditions help enforce safe practices.
Partnership marketing: An antidote to affiliate fraud
Here at Hamster Garage, we view affiliate marketing a little differently. The industry is constantly changing, but we know the next evolution is to focus on strong, strategic partnerships with real people and innovative brands.
Want to learn more about how Hamster Garage can help elevate your affiliate marketing strategy by building beneficial partnerships that will elevate your business? Learn more about what partnership marketing means and what we can do to help you.