Affiliate Fraud: Tackling Brand Bidding

No affiliate program can run successfully without one eye on fraud and compliance. Fraudulent traffic is growing in the channel, research from CHEQ in 2020 found that 10% of affiliate traffic was fraudulent, but by 2022 this had risen to 17%. Fraud on an affiliate program comes in many forms and due to the nature of the channel, much of the regulation relies on the diligence of affiliate managers. 

The most common type we see at Genie Goals is brand bidding. There’s two main types we see.

Voucher Brand Bidding

This is voucher sites bidding on a brand plus discount code term without permission. These voucher sites know what they’re doing; if they know where a brand’s office is based, they’ll exclude that area from their bids - a type of geotargeting - and likewise they know the majority of us work a 9-5 Monday to Friday, so they schedule bids in the evenings and weekends to avoid being spotted, using a strategy that those in the industry refer to as, dayparting. 

Ad-Hijacking

The far more concerning but less common type of brand bidding we see is ad-hijacking: What can look to a user like a genuine brand PPC ad can have some sneaky affiliate tracking added to the link. What this means is what would typically be a cheap sale to the brand - likely just a few pence -  becomes a much more expensive sale due to the fact they’re now paying affiliate commissions on this sale rather than a cheap CPC. 

There’s no sugar coating this: there’s repeat offenders when it comes to the publishers we’ve seen with the tracking on these ad-hijacking links. It’s subnetworks and on occasions, it’s users using their cash back accounts to earn commission. 

Cookie Stuffing

Cookie stuffing is a broad term used to describe times where an affiliate tracking cookie is placed on a user’s device without a genuine, intentional click. While some methods are fraudulent without questions, others sit in more of a grey area. Some of the most common ways cookie stuffing can occur include:

• Browser Extensions: Some browser extensions insert affiliate cookies in the background while a user browses the web. Sometimes this even happens without the user actively clicking an affiliate link or even realising tracking has occurred - as has been highlighted recently in the Honey saga. 
• Sneaky Cookie-Dropping: This occurs when a website that has no connection to shopping or the advertiser drops an affiliate cookie anyway, without the user’s knowledge. This could be a content site or tool, quietly placing a cookie so that if the user happens to make a purchase from the advertiser within the cookie window (typically 30 days), the affiliate earns a commission,  despite not playing any role in driving the conversion. 
• URL Hijacking and Typo Domains: Fraudsters will register domains that closely resemble well-known brands or retailers. These sites rely on typos, or sneaky redirects to funnel users to the real site. while first placing an affiliate cookie. From the user’s perspective, everything looks normal. But for the brand, their publisher has intercepted traffic they didn’t legitimately generate and a commission is paid where it may not have been needed. 
• Hidden or Invisible Landing Pages: In these situations, a user is browsing an unrelated website when a hidden landing page loads in the background. The user may never see it, but the page quietly fires an affiliate click and sets a cookie. If the user goes on to purchase from the advertiser within the attribution window, the affiliate is credited, despite the affiliate interaction being invisible and not consequential to the sale. 

How to combat? 

When it comes to brand bidding, you’ll want to see if you have any publishers on your programme driving revenue with a strong conversion rate. But if you don’t know where all the sales are coming from, it should be a red flag. Consider contacting the publisher if you haven’t already. And if you’re unsatisfied with the answer, you’re within your rights to remove them from your programme. 

However, this only applies in cases where you can identify the publisher by clicking through on the fraudulent link and checking the publisher ID present in the URL parameters. 

What’s becoming more common is these links have complicated redirects, hiding the publisher ID from being traced. Your manual checks are limited because of this, as well as the fact you’ll naturally need a lot of time & resource to monitor this effectively - due to the potential volume of different keywords you may need to check. This may require a brand bidding tool such as the likes of Marcode, AdPolice, Adthena, or BrandVerity.

Cookie stuffing can be trickier to spot. The fraud tools above can lend a hand, but if you don’t have the budget then consider:

• Being mindful of any affiliate with extremely high traffic and low conversion rate (0.1% or below) - that tells us they are driving low intent traffic
• If this is the case, reach out the publisher. Alarm bells should ring a little louder if the publisher in question is a subnetwork who isn’t open about their traffic sources
• If you’re unsatisfied with their answer, we suggest you remove. The risk of this continuing outweighs the benefit of any potential incremental sales they may be driving. 

If you have any concerns about fraud or compliance on your affiliate program please reach out to us on hello@geniegoals.co.uk.