Ben Edelman is an assistant professor at Harvard Business School who has for years published insightful research into the affiliate marketing sector.

I interviewed Ben to find out more about the various forms of fraud that affect e-commerce companies.

What are the most common types of online marketing fraud?

I’ve seen fraud through every method of online marketing. Most news coverage and online discussions have focused on click fraud – charging merchants for paid search clicks that never really happened. But there’s plenty more.

Recently I’ve seen a rash of sites buying cheap run-of-network pop-up or pop-under traffic, and monetizing that traffic by showing all manner of banner ads. Even savvy, brand-conscious advertisers find themselves promoted through these sites.

To the untrained eye, these sites look legitimate – often, real sites with real content that, in principle, users might value. But when these sites show ads through pop-ups – often coming from spyware or adware – the sites don’t give advertisers the placement they expect or the placement they paid for.

How big a problem is fraud in the affiliate sector, and why?

I’ve worked with merchants for whom it turned out 10% of their affiliate marketing was fraud – sales they would have gotten anyway. Is that a big problem? I think so.

Crucially, it’s a problem merchants are well positioned to solve by looking at affiliates’ practices and excluding affiliates who turn out to be cheaters.

What are the various types of CPA fraud?

I’ve seen two basic genres of CPA fraud. Some affiliates use spyware or adware to claim commission on merchants’ organic traffic – traffic merchants would otherwise have gotten for free. Here’s how they do it: first, the underlying spyware/adware watches what websites users browse. Then, if the spyware/adware sees a user browsing a targeted merchant, the program pops open an affiliate link to that merchant. If the user makes a purchase, the affiliate gets credit for the sale – as if the affiliate caused the sale, even though it did not.

Other affiliates are performing cookie-stuffing – faking clicks when users merely view a web page, receive a banner ad, or read a discussion forum. If that user later happens to make a purchase from the targeted merchant, the affiliate gets a commission – even though the affiliate never actually promoted the merchant.

Of course there are plenty of other improper CPA practices too. For example, improper trademark bidding continues to be a problem – charging merchants for traffic even after merchants specifically said they didn’t want that traffic.

Why is CPA so ripe for exploitation?

One problem is that merchants often view CPA as “fraud-proof.” E-Consultancy’s own Affiliate Marketing Roundtable Briefing (October 2008) described CPA promotions as “inherently low risk.” That’s a widely-held view, and it leads merchants to think they need not manage CPA programs, need not be alert for violators, and can generally run their programs on auto-pilot. I emphatically disagree.

Rule-breaking affiliates can cheat merchants – claiming commissions they didn’t fairly earn, commissions that merchants ought not have to pay according to the plain language of merchants’ stated rules. CPA payments reduce some risks, but plenty of others remain.

Because merchants often view CPA as a low-risk channel, merchants don’t ask as many questions about CPA promotions as they do about other channels.

When buying banner ads CPM, advertisers specifically consider which sites would be suitable. When buying keywords CPC, advertisers optimize and reoptimize targets and bids. But when buying CPA, advertisers often treat every traffic source as good traffic – on the misguided view that nothing can go wrong.

Should sales be attributed in some other way, rather than by using the ‘last click wins’ rule?

I haven’t yet seen any viable, scalable alternatives that make sense across the board, that offer reasonable clarity to publishers and advertisers, and that give users the information they need when considering purchase processes (e.g. at cashback sites). I applaud the suggestion of rewarding partners in proportion to their contribution to the sales process. But the details are quite challenging.

Is this a lame technology problem (eg bad web pages) or a major adware / spyware issue?

I see CPA fraud through both malicious web pages and spyware/adware. But it’s worth noting that not only “bad” web pages can be targeted. For example, forum-based cookie-stuffing – stuffing cookies through 1×1 IMG tags in message footers on discussion forums – can hit ordinary discussion forums, including forums that have the best of intentions.

What kinds of consumer / web user are most at risk from these schemes?

These issues apply across the board. Certainly novice users and kids are at particular risk of spyware/adware infection, particularly given the novice-focused and child-focused promotional methods spyware and adware vendors continue to use. But anyone can browse a discussion forum that has been hit by cookie-stuffing IMGs. There’s really no user target for that attack.

How can retailers spot fraud and what can they do about it?

One special challenge is that some CPA fraud blends right in, or even looks excellent by standard metrics. For example, consider an affiliate using spyware/adware to distribute its cookies when a user visits a merchant’s shopping cart. That affiliate is likely to have a high conversion rate and a high average order size – for it’s grabbing a cross-section of the merchant’s high-quality organic traffic from existing, committed customers. By most metrics, this affiliate looks great. Only by investigating the underlying traffic source can a merchant realize that the affiliate’s traffic is fraud.

So I encourage merchants to have a critical eye. Ask yourself: “Who is this affiliate, who came from nowhere to be my #2 biggest producer?”; “If this affiliate is really buying paid search traffic from Google, why do none of the HTTP Referrers mention Google?”; “Why is this affiliate’s payment address in one country, while the affiliate always logs in from an IP somewhere else?”.

Tough questions like these can help uncover the inconsistencies that reveal fraud.

Shouldn’t the networks and retailers be doing more to prevent and police fraud? Are people guilty of looking the other way, and why might that be?

I’m particularly struck by networks that play both sides of this issue.  For example, ValueClick’s Commission Junction unit kicked Zango out of CJ, and on the whole CJ does a reasonable job at catching many affiliates who use Zango. Yet ValueClick’s FastClick (ValueClick Media) group continues delivering banner ads that promote Zango – including deceptive “fake user interface” banner ads that are designed to look like messages from software already on a user’s computer. ValueClick can’t have it both ways. If Zango is bad for the online economy, as CJ has concluded, then ValueClick ought not be helping Zango solicit users.

There are plenty of other networks that continue to work with spyware, adware, and fraudulent traffic sources. For example, this month Hydra Media disputed the suggestion that spyware and adware were cheating and overcharging its merchants, although in my view the proof is abundant and clear

Are all brands at risk, or is this sort of thing aimed specific types of programme / company / sector?

Generally any CPA advertiser can be a victim. Some tactics, especially cookie-stuffing, target large advertisers disproportionately. But otherwise, these fraudster affiliates are happy to take any victim they can find.

We have been great cheerleaders of the affiliate sector, but it is definitely starting to plateau. To what degree might duplication and fraud have played in our bullish forecasts in previous years?

I’ve worked with merchants for whom one or more top-5 or top-10 affiliates turned out to be fraud. Their rosy assessments of affiliate marketing often reflected erroneous inclusion of this fraudulent traffic. Now, exclude the fraud and CPA remains an interesting, valuable marketing strategy. But it’s less clear that CPA can be as big, as fast, or as easy as some had hoped.

Affiliate marketing is of course eclipsed by paid search, in terms of client spending. What kind of issues are you seeing with paid search / the PPC model?

One big question is where paid search ads appear. Does Bank Of America know that when it buys paid search from Google, its ads appear on typosquatting sites like, and thousands of others? (Note the stray “d”)  Is that really what PPC advertisers want?

There is ongoing syndication fraud litigation against Yahoo, claiming that Yahoo placed advertisers’ ads into spyware and adware, and otherwise placed ads in ways beyond what the underlying contract specified.

Yahoo continues some placements in this vein – I have recent video and packet log proof. And Google placements can be equally tainted.

What are your thoughts on the mooted Google/Yahoo partnership?

My prepared testimony from a Congressional hearing this summer can be seen here (PDF).

In short:

  • Google sets reserve prices and other parameters that substantially determine prices. Contrary to Google’s claims, Google’s auction does not fully determine prices; Google’s actions and policies importantly influence prices.
  • Google’s purchase of substantial advertising inventory from Yahoo would increase prices for many advertisers that currently buy ads from Yahoo.
  • The proposed deal would substantially reduce Yahoo’s ability to offer competitive payments to web site publishers seeking to show pay-per-click ads. Without Yahoo bidding against Google to obtain publishers’ inventory, publishers are likely to receive far lower payments.
  • Other Google practices, particularly Google’s restrictions on export and copying of advertisers’ campaigns, further hinder competition in Internet advertising – without any countervailing benefit whatever.

Do you think internet marketing will thrive, stagnate or fade in a recessionary climate?

Some sectors will thrive – offering a lower-cost way of finding customers in tough times. But advertisers ought to cut the fat in their programs. If they look carefully, they may find their CPA campaigns have more waste than they had expected.

The good news is, it’s possible to exclude this waste while retaining the core benefits of affiliate marketing.