Affiliate marketing has long been considered one of the most efficient forms of digital marketing. This is because the marketer doesn’t pay until they get the sale — i.e. they only “pay upon success.” This has been the method of choice for companies like Amazon and eBay to pay others that helped them drive sales. For example, when a user clicks a link from a recipe website, and then buys something from Amazon over the course of the following 30 days, Amazon pays a small revenue share to the recipe site for helping to drive the sale. The technology behind affiliate marketing is also simple; it works by tracking the clicks on specially crafted links which contain unique identifiers – affiliate IDs. When such a link is clicked, an affiliate cookie is set; this tells Amazon who to pay the revenue share to, after a sale is completed.
Historic Affiliate Fraud
Over the years, fraudsters have found ways to make money by cheating affiliate programs. For example, two of eBay’s super-affiliates, the ones that drove enormous numbers of sales for eBay, were caught and convicted of fraud in 2013. These fraudsters stuffed their affiliate cookies into many users’ browsers to take credit for driving sales that they did not actually drive. Normally affiliate cookies are set when users click on affiliate links; but these cheaters used technology to auto-click the links and load hidden pages, without the users’ knowledge – i.e. “stuffed” their cookies fraudulently. By doing this tens of millions of times, they got paid revenue shares by eBay on sales they didn’t help create. Millions of dollars were paid out to them until eBay got wise to the fraud scheme and stopped them, after years. Hundreds more examples of affiliate fraud have been documented over the last decade by Ben Edelman, a researcher and professor at Harvard Business School, and now an economist at Microsoft.
Browser Toolbars and Extensions
Fast forward to web 2.0 when browser toolbars and extensions became popular. These toolbars were downloaded and installed voluntarily by users because they promised shopping discounts and “secret coupon codes.” But what they actually did was affiliate fraud, stuffing cookies in the background without the users’ knowledge. Of course users would click on some links to get coupon codes, but many other pages from hundreds of other merchants were also loaded in hidden windows so the toolbar maker could fraudulently earn revenue shares. These fraud schemes continue today, and are often even better hidden than before.
Modern Day Affiliate Fraud – Ripping Off Performance Marketers Now
While “affiliate” programs and related fraud are not in the news much any more, new forms of fraud still plague “pay upon success” i.e. performance marketing campaigns. Even though performance marketers like ecommerce merchants and app marketers feel they are immune to fraud, they are not. Here’s how the fraud works.
Uber, for example, ran mobile marketing campaigns to drive more installs of their app. They only paid upon success – the app install. Uber paid bounties of several dollars per successful install. So what do fraudsters do? They fake the exact thing the marketer is paying for – app installs. Uber became suspicious and Kevin Frisch, their head of analytics looked into the data more carefully. Now Uber is suing 100 mobile exchanges for various forms of fraud, namely falsifying placement reports or fabricating them entirely. The cheaters altered reports to make it appear that ads ran on legitimate sites, when they didn’t. Other cheaters just created excel spreadsheets to show ad impressions, clicks, and installs, when none of those even occurred.
The techniques fraudsters use to commit affiliate fraud or mobile app install fraud is similar to “cookie stuffing.” Click injection is where browsers and mobile apps click on affiliate links automatically to claim credit for the sale or install. Click flooding is where they do this a lot — it increases the probability that the affiliateID in the last click before the success event gets credit for it. This kind of fraud also steals credit from “organic installs” – the ones that would have happened naturally. The user installed the Uber app because they wanted to, not because they saw an ad and clicked on it.
In a direct parallel, marketers may also be incurring significant unnecessary costs in their performance campaigns because they are paying out revenue shares to fraudsters on sales that would have happened anyway — organic sales. The following investigation by Nandini Jammi and Claire Atkin illustrates this perfectly — by “blocking fake sites, bad faith publishers, random Android apps, and out-of-geo sites, Andrew’s ad spend dropped from $1,200 per day to $40-50 per day without any change in performance.”
Finally, fraudsters are able to fake the sales too. No, they didn’t actually pay for anything; they just tricked the attribution platforms into thinking a sale occurred – again by auto-clicking a carefully constructed url that has specific parameters in it. By the time the ecommerce merchant or mobile marketer settles up at the end of the month and notices the sales didn’t actually occur, the fraudsters would have already gotten away with it.
CMOs and marketers who do “performance marketing” should consider themselves at risk of fraud too. But by knowing how fraudsters rip you off, marketers can focus their attention on looking for tell-tale signs so they can stop the fraud while the campaigns are still running. After the money’s gone, it’s never coming back.