Navigating Affiliate Marketing Compliance
A Comprehensive Guide for Stopping Fraud
by Andy Cooney
August 13, 2024
A Comprehensive Guide for Stopping Fraud
by Andy Cooney
August 13, 2024
A successful affiliate programme can be a massive revenue driver for brands, with a reported 80% of US advertisers having an active programme.
The volume of transactions and revenue delivered has made fraud a consistent problem in the industry. For brands to avoid any financial, reputational or legal complications, they must have guardrails to monitor and protect against fraud.
In this article, we'll talk about the risks to brands, the common types of affiliate fraud, ways brands should ensure their affiliate partners adhere to best practices and strategies to combat affiliate fraud
This process forces affiliates to stick to conditions established by the brand they represent and/or the affiliate network they are a part of. It can also incorporate existing national or international laws and regulations related to digital marketing or advertising.
As affiliate programmes expand, monitoring affiliate compliance becomes increasingly challenging, increasing the risk of unethical behaviour and non-compliant practices by rogue affiliates.
According to David Gasparyan from Forbes, affiliate compliance aims to “keep your affiliates honest by outlining activities and behaviours prohibited by your network’s terms and conditions.”
Setting up comprehensive brand guidelines outlining compliance policies can deter affiliate fraud and ensure transparency among affiliates. It also minimizes the potential for reputational damage and any regulatory issues in the long run, providing the means to remove affiliates in case of disputes.
Affiliate fraud is any deceitful or unethical activity undertaken to secure commissions within an affiliate marketing program. This includes actions explicitly forbidden by the program's terms and conditions, as stated in compliance policies, and violations of any compliance standards.
Affiliate fraud can range from simple to highly sophisticated, often involving the use of technology to generate fake traffic or drive visitors to earn commissions in ways that break compliance guidelines. The goal of the affiliate fraudster is to make money as quickly as possible for as long as possible. Affiliate fraud can generate vast amounts of revenue for the fraudster. At Marcode, we track companies making hundreds of thousands annually, sometimes using one relatively simple tactic.
Typical risks from affiliate fraud fall into three categories that aren’t mutually exclusive:
Mitigating these risks necessitates a systematic approach to creating a compliant and scalable affiliate programme. This becomes increasingly crucial with the emergence of new consumer privacy laws and regulations like:
Fraudsters use multiple different techniques to exploit merchants. The end goal is always the same: They want to claim affiliate commission from sales or the illusion of sales on a brand's site.
We’ll explain the most common methods we see and how brands can combat them.
Brand or trademark bidding is when a brand places ads in search engines against its branded search terms. In effect, brands put search ads in front of users looking for their brand. This can often be some of the highest-converting marketing spend. For large brands selling hundreds of products, brand bidding can incorporate thousands of potential search terms, contributing a considerable amount to their revenue.
Affiliates bid on brand keywords in paid search, such as Google or Bing Ads, to take advantage of this high-converting traffic. They either:
On the surface, it may seem like the affiliate has helped generate a sale. However, if the affiliate is offering no value and the user is already looking for the brand site, then the commission is often an additional, unnecessary cost of sale. This would not be incremental sales; it cannibalises the brand's existing paid or organic search. It also increases the brand's paid search costs, creating more competition to buy that click.
Ad hijacking is the deceptive practice of creating online advertisements that mimic a legitimate brand's ads exactly, bidding on branded or trademarked keywords, and removing the genuine brand from the search ads.
This typically involves imitating the brand's creative elements and bidding on brand keywords.
When visitors click on a duplicate ad, they are immediately redirected to the brand website with an affiliate code attached to that user.
When users buy anything from the brand site, the system automatically rewards the fraudster as their affiliate details are associated with the sale.
They operate sophisticated cloaking techniques to hide affiliate details from monitoring tools and people working at their target brand, making detection difficult. If an advertiser cannot see the affiliate's details, they cannot remove them. This cloaking reports activity as being driven by affiliate marketing, even though the clicks have come from paid searches, making performance marketing attribution incorrect. It is crucial to ensure there are no hijacking issues while budgeting across channels.
Cookie stuffing, also known as cookie dropping, is a deceptive tactic that involves placing an affiliate tracking cookie on a visitor's device without their knowledge. Later, when the visitor purchases something online, the "cookie stuffers" get credit for referring them and earn commissions for purchases they didn’t contribute to.
Common ways in which cookies are stuffed onto the user include:
These are just some of the techniques; others exist, all trying to achieve the same thing - dropping a cookie on a user who may go on to purchase without being noticed.
Coupon or discount fraud involves affiliates offering unpermitted discounts to users via their sites and claiming a percentage of these sales. It also involves taking live codes that are not meant for public distribution and promoting them to users.
Coupon fraud hurts businesses because they lose money on the discounts they weren't supposed to give. It can also hurt honest customers in the long run because companies may become less likely to offer coupons if they think people will cheat.
Typosquatting involves creating domain names that are misspellings or close matches of popular websites. If users mistakenly type that domain into their browser bar, they reach the domain the affiliate has purchased. The affiliate will set up a redirect for the typo traffic to go back to the brand itself but using an affiliate link. When that particular visitor purchases something from the brand, the affiliate earns a commission because the system thinks he sent the traffic and generated a sale.
Let's say there's a popular online retailer called RetailMart, with the domain name www.retailmart.com. A typosquatter might register a domain like www.retalmart.com, intentionally leaving out the "i" in "retail."
Whenever someone enters the wrong URL www.retalmart.com they will eventually be redirected to the actual URL www.retailmart.com with an affiliate link. Now, anything the user purchases from the authentic www.retailmart.com, the owner of www.retalmart.com will earn a commission.
Some affiliates will join an affiliate program, fraudsters and use stolen or bought credit card information to make purchases through their affiliate links, which earns them commissions.
Fraudsters can purchase "fullz" for as little as $20 to $30 and gain access to real names, IDs, credit card details, and addresses. They then use this information to make purchases, often on a considerable scale.
Preventing stolen data commission:
Merchants or affiliate managers need to maintain checks for suspicious-looking transactions. There are third-party tools available which will block these, so for any brands with substantial volumes in sales, these are worth investigating.
Affiliates may use malware and adware to engage in fraudulent or non-compliant activities. Adware is software that displays unwanted advertisements, while malware is designed to damage or disrupt computer systems.
Rogue affiliates insert their affiliate codes into transaction processes and infect potential users with malware, diverting payments meant for legitimate affiliates to themselves.
Pixel stuffing occurs when regular ads are compressed into tiny 1x1 pixel frames. Publishers earn a commission when an ad is displayed to a visitor during their browsing session. However, because the ad is so small, users typically don't see it.
Fake conversions involve deceptive practices aimed at duping affiliate programs into rewarding affiliates for actions that are not genuine.
Affiliate programs typically operate on cost-per models like cost-per-acquisition (CPA) or cost-per-click (CPC), but also actions such as leads, impressions, or app installs that don't require a purchase.
These actions can be spoofed through click frames that incentivise users to visit particular websites and click advertisements.
They try to mimic legitimate user behaviour, such as clicking links or completing applications. This practice helps fraudsters artificially inflate website traffic and increase ad impressions.
As a result, the affiliate receives credit and payouts for these fake conversions, exploiting the payout structure of affiliate programs for financial gain. Such actions can also skew campaign metrics, creating the illusion of higher visibility or engagement with the ad.
Detecting and Fighting Affiliate Fraud
Monitoring your affiliates
All affiliate programmes should have an analytics level in place. The following metrics can all suggest unethical affiliates operating:
Affiliate managers should use intuition backed with data from tools to investigate suspicious-looking activity. If something looks suspicious, either because of volume or frequency of purchase, the affiliate should be queried about the source of this revenue-driving traffic. These sites can be analysed to confirm they have legitimately driven the volumes. If it can't be explained, it should be assumed that the affiliates aren't compliant, and the affiliate manager and other responsible parties can take quick action. Fraud-fighting tools equipped with AI may also trigger defensive measures automatically once they find any unusual activity to safeguard your affiliate network.
The compliance policy should always have restrictions on brand bidding. We’d recommend stating that brands do not allow affiliates to bid on their brand terms unless:
Brands should actively monitor their affiliates to ensure they aren't brand-bidding. Marcode offers comprehensive monitoring of affiliates in search results. We track ads constantly, providing a comprehensive overview of who bids on brand terms and automating action against offenders. Brands will sometimes try and catch affiliates via spot-check manual searches; this isn’t a reliable method as:
A round-the-clock, multi-location monitoring solution like Marcode will identify affiliates breaking brand bidding restrictions.
Here's an in-depth guide to combatting affiliate hijacking:
At a high level, hijacking should be explicitly banned within your affiliate compliance guidelines, and steps should be taken to vet potential affiliates to stop bad actors from joining the programme.
Device fingerprinting is a method for tracking and identifying individuals online by gathering various details about their devices, such as their operating system, browser, version, language preference, and time zone.
This data is collected each time a person visits a website and is used to create a unique "fingerprint" for their device for future use. Later, that exact device can be traced, and activities like clicks, sign-ups, and purchases can be surveilled. This allows affiliate networks to analyze behaviour patterns and spot inconsistencies that might indicate fraudulent activity.
Unlike cookies, which are stored on a user's device, device fingerprinting operates more discreetly and can track users across different websites. For instance, if a device consistently generates many clicks or sign-ups in a short time frame, it could signal fraudulent behaviour. Device fingerprinting also enables your affiliate network to trace IP addresses linked to devices, helping you to identify coordinated fraud attempts involving multiple devices on the same network.
Continuous monitoring of device fingerprints also reveals whether the fraudsters are using emulators like Linken Sphere, Undetectable Browser, FraudFox, or AntiDetect.
Another way to tackle affiliate fraud is to monitor your traffic's IP addresses. If you notice a large influx of traffic from a particular data centre, there's a strong likelihood that fraudulent activities are taking place or click farms are being used.
You can use geolocation tools to pinpoint areas with heavy traffic by region, country, or city. For instance, if your target audience is people from the US, UK, or Canada, and all your SEO efforts are primarily focused on these regions, but you’re experiencing a surge in traffic from Nigeria or Ethiopia, it clearly indicates something is amiss.
You can also block traffic from regions where fraud is more common or, at the very least, subject those sales to additional fraud screening.
Inform members of your affiliate program that you will be using both proactive and reactive surveys to monitor their traffic and behavior. This will deter fraudsters, and sincere associates will value your proactive involvement.
It is best practice for brands to register all domains that closely match theirs and redirect to the main site. This protects against typosquatting and potential brand infringement issues that may cost money to defend. If someone has registered a closely matched domain, brands can recover this as long as it is close enough to their trademark name and the registrant of the domain has no right or legitimate interest in it. This process is handled via the Uniform Domain Name Dispute Resolution Policy (UDRP), which allows brands to lodge complaints. Services are available that handle this process on behalf of brands so that they don't get drawn into a lengthy legal battle.
Clearly define what affiliates are and aren't allowed to do to market their site. This should go down to the detail of specific keywords they can target on paid search or what they can and can't do in other forms of paid advertising. This should be as detailed as stipulating negative keywords for paid search and outlining the punishment for breaking these.
An excellent way to consider this is to look at all channels currently being run by the brand that affiliates shouldn't cannibalise. Ultimately, a brand needs to decide where they are happy for affiliates to advertise and restrict all else.
Affiliates using rogue content that causes harm or violates regulation is a considerable compliance risk for brands. Active guidelines should be established on how affiliates can use the brand and its assets and what can and can't be said.
It should be clear to affiliates that they are expected to report on the source of commission-driving revenue. Brands should reserve the right to audit any transactions, and affiliates who refuse fully transparent reporting should be declined.
Brands should prohibit domains that resemble their URL. As mentioned earlier, scammers use typosquatting techniques to take advantage of your affiliate program and earn commissions from users who mistakenly visit their sites and get redirected back to your original
Affiliates must disclose affiliation with your brand. Under FTCs Endorsement Guidelines, failing to disclose an affiliate relationship is considered unfair competition, or deceptive trade practice under the FTC Act, and the parties involved in such practices can face liability. So requiring your affiliates to disclose affiliation saves you from potential legal repercussions and safeguards your brand's reputation in the marketplace.
The process for dealing with offending affiliates should be clear in the agreement. This may be different depending on the nature of the offense so all eventualities should be outlined.
Affiliate programmes can be a tremendous source of new customers but are open to deception from many angles. Ensuring a comprehensive set of guidelines agreed to by affiliates signing up for the programme and ongoing proactive management of compliance issues is an essential part of any affiliate marketing strategy. This guide to affiliate compliance has discussed many risks and counters to them. Use this to ensure your programme is a success.
Book a demo to experience how effective Marcode is at protecting your brand online for yourself.
Book a demo