I love writing about affiliate fraud. The more we study (and understand) it, the better-informed we become about it, and often -- the better-equipped we get. Earlier this year I discussed the subject with Ben Edelman of Harvard Business School.
Today we pick up that conversation with another key detective in the affiliate marketing industry, Wesley Brandi, a PhD in Computer Science. Wesley has spent half a decade fighting fraudsters on the front line of Microsoft's online services, and is the founder of iPensatori which specializes in identifying and mitigating threats to businesses in the online world, and through affiliate programs, in particular.
How has affiliate marketing fraud evolved over the past decade?
Despite a few changes in implementation, the core principles remain the same. What has evolved tremendously are the fraudsters themselves and the tools available to make it all happen. Not only is there a phenomenal amount of collaboration between them, but the career fraudsters are well organized, well-funded and incredibly professional.
This is best characterized by an underground forum you won't see mentioned publicly or on any of the blackhat web sites out there. It was surprising for me to see that it included detailed training material for existing members that were looking to expand their efforts into businesses that they have yet to explore. In addition to meticulously compiled texts explaining the do's and do not’s of existing scams, the fraudsters had prepared videos which went into the finer details of how entire eco systems are put together and where their fraud comes into the picture.
What made the training material dangerous, is that they were backed up with step-by-step instructions on which tools the fraudsters required, details on the services they should sign up for and methods they can use to cover their tracks all the way. Services included which bullet-proof hosting providers to use, how to sign up at a specific advertising/affiliate networks and even a list of members in the forum that can arrange money laundering services at specific rates.
What are the major present-day threats that affiliate managers should be aware of?
The threats remain the same: cookie-stuffing, typosquatting and adware. Every week, I cover a rogue affiliate involving at least one of these categories on my blog. The devil is always in the details here, so I usually deep dive into what's going on behind the scenes (the innovation that fraudsters come up with never ceases to amaze me).
Give us a couple of examples of the more lucrative/interesting affiliate fraud you've encountered lately?
Fraudsters are exploiting a hole in Google's display advertising network. Essentially, they are cookie-stuffing users through Google's ads and Amazon is a popular target. In a few instances, fraudsters have managed to target the users of a merchant's site, from ads within the merchant's site! I have even seen this attack on sites within the global top 50 of Alexa.
What can merchants do to protect themselves in this scenario? Unless they have top notch fraud detection on their side, then not much. Of course, they could turn off ads on their site or move to an advertising network which does not suffer from this flaw, otherwise it is up to the advertising network to step in.
In practical terms, what can merchants and affiliate managers do to detect such types of fraud?
I am of the opinion that one should not expect affiliate managers to be experts in fraud detection of this nature, for this is a skill that not only draws upon many disciplines but also requires one to be constantly monitoring and learning from what the fraudsters are up to.
With this in mind, I believe fraud detection should fall squarely upon the shoulders of the affiliate network responsible for connecting affiliates to merchants. They have the intelligence and expertise required to connect all the dots and effectively identify rogue affiliates.
If you are an affiliate manager that (a) uses an in-house affiliate program that does not have up to date fraud detection or (b) uses an affiliate network which doesn't boast top notch fraud detection (have you asked your affiliate network what their fraud detection program looks like?), then you may want to take a very close look at your affiliates.
From my experience in dealing with a few affiliate networks that use iPensatori for fraud detection, rogue affiliates learn very quickly that these networks are not to be messed with. In which case they move onto much softer (unprotected) targets.
What would be the top 3 things you'd advise merchants to implement in their affiliate programs today to make them more fraud-proof?
- Clearly prohibit fraudulent activity in your Terms and Conditions. If you are unsure of what this looks like, be sure to take a look at Affiliate Window's Terms and Conditions. These are top notch.
- Contact your affiliate network, ask them what steps they are taking to detect rogue affiliates.
- Take a look at whether or not your site is a target by looking it up in the logs exposed by myself and Ben Edelman (available at query.ipensatori.com). If you have rogue affiliates, ask your network what is being done to mitigate this.