Guide to Affiliate Compliance: Techniques, Signs, & Strategies To Combat Affiliate Fraud

Olivia Hull Jul 13, 2023

An Introduction to Affiliate Compliance

Affiliate marketing programs have the potential to add great value for a company, but a few competent scammers can quickly and vastly reduce their profitability. The technical sophistication of abusive affiliates often far outweighs the merchant’s reciprocal knowledge, allowing marketing fraud to run rampant.

This guide aims to provide extensive information about fraudulent affiliate tactics so that merchants can better understand how affiliate abuse operates, the impact of it on a company, and methods for detection and prevention. We hope that this guide can serve as a step towards an overall reduction in affiliate abuse by granting merchants a deeper understanding of the ways that unethical affiliates manipulate the system.

At BrandVerity, we provide merchants and affiliate managers with tools to detect online brand and trademark abuse. Two services, PoachMark and the Affiliate Watchlist, grant clients effective management tools for their affiliate programs by detecting affiliate abuse of paid search policies and creating a continually updated list of affiliate abusers. If you have any questions or are interested in partnering with BrandVerity, please contact us.

What Is Affiliate Policy Monitoring? 

Affiliate policy monitoring, or affiliate program monitoring, is the practice of proactive tracking and analysis of the activities affiliate partners engage in. This includes the monitoring of website content the affiliate writes, ad placements the affiliate bids on, and social media posts the affiliate makes. The goal of affiliate monitoring is to protect a brand's reputation and integrity while ensuring all affiliate partners are abiding by the rules.


Violations of Paid Search Policy

One of the most common forms of affiliate fraud arises from violations of a company’s paid search policy, often in the form of trademark bidding. In most Terms of Service agreements, companies explicitly state that affiliates cannot bid on trademarked search terms. Of course, unethical affiliates still do exactly that and they develop ever more sophisticated ways of hiding these violations from the merchant. The following section will explain and give examples of a few different ways that affiliates hide fraudulent ads from merchants as well as effective methods of countering these tactics.

 

Reverse IP-Geo-Targeting and Day-Parting

Reverse IP geo-targeting and day-parting are two of the most commonly used and fairly simple techniques affiliates use to avoid detection for paid search violations. Quite simply, affiliates set their ads to run in locations or during times of day in which they believe the merchant will not monitor them. For example, Gap’s corporate headquarters are in San Francisco. A Gap affiliate can set ads to display in every city except San Francisco, or every state except California, or only between 2am and 4am Pacific Standard Time. This means that if a Gap employee or affiliate manager searches for “Gap Coupons” from their office in California, no ads would appear and it would seem as if all affiliates were obeying the Terms of Service. If, however, a consumer searching from a computer in California at 3am, or in Nevada at any time, typed in “Gap Coupons,” a site would appear in the search results, offering a discount through an affiliate link.

There are a variety of ways to identify reverse IP geo-targeting. A commonly suggested method is to use a proxy server in order to browse with a different IP address—services such as Google Translate or Yahoo Babelfish make this process easy, albeit brittle. A number of services offer proxy servers or vpn connections that would allow you to view ads from a range of IP addresses.

It is also possible to modify your Google search query to simulate different locations and thereby trigger ads from those places. The commonly used modifiers in a Google search string are gl (country), gr (region), and gcs (city).

To simulate a location in the US, you need to use all three: Miami: &gl=us&gr=us-fl&gcs=miami New York: &gl=us&gr=us-ny&gcs=new+york

Adding these strings to the end of any already executed Google search allows you to search as if you are in those locations. If your company uses an automated monitoring system, it is important to verify that it circumvents reverse IP geo-targeting, a task usually carried out by conducting searches from multiple locations.

Warning!
  • Affiliates who convert at a much higher than average ratio
  • Affiliates with a substantial share of blank referrers in your network’s reporting
  • Affiliates with sudden or irregular surges in orders

Disposable URLs and Front Websites

More insidious than hiding trademark bidding from merchants through IP geo-targeting or day-parting are the new methods URL hijackers have developed to minimize their discoverability. To continue running fraudulent ads even as merchants become more vigilant about trademark monitoring, abusive affiliates look for ways to make it more difficult to discover who they are. If they manage to successfully hide their affiliate ID when they purchase a paid search ad, a merchant has no way to match the ad to the affiliate who bought it.

Although the techniques to do this continue to evolve, a clear “best practice” has emerged amongst the most sophisticated hijackers. Utilizing disposable URLs and “front” websites, abusive affiliates run ads on trademarked terms while very effectively hiding their identity from merchants or affiliate managers seeking to find them.

In short, the technique involves a URL hijacker purchasing ads with a destination URL that they will later discard. When a consumer visits the disposable URL, the affiliate runs a number of checks on the them and, if they pass, moves them on to a “front” website. This website effectively launders the referrer before sending the consumer through an affiliate link. This string of events can make it hard to associate the data visible at the search engine with the data visible to merchants and affiliate managers.

 
Disposable URLs

Because uncovering the destination URL of an ad is fairly simple, affiliates need a way to distance their fraudulent ads from their legitimate-looking affiliate properties. Disposable URLs serve this function. It’s common to see URL shorteners and raw IP addresses used as disposable URLs, but even more often, recently registered domain addresses and bulk subdomains serve this purpose.

Bulk subdomains, in particular, are incredibly inexpensive, allowing hijackers to use, change, and discard these sites quickly and frequently. For example, subdomains of the co.cc domain can be registered freely with fake registration information. This high-turnover rate makes it difficult to associate new abuse with historic abuse; by the time a merchant returns to the site to find out who the affiliate is, the link has been disabled. Further, hijackers often register these URLs under names that cannot be easily traced back to their legitimate looking affiliate properties, either by faking or making private whois information—or both.

 

Visitor Checks and the CSS History Hack

When the visitor arrives at the disposable domain, the affiliate runs a number of checks to decide if they should display their affiliate link. This checking process is crucial to the viability of an affiliate scam because, while not showing a link means they will not make any money, showing a link to the wrong person—a merchant, affiliate manager, or watch company like BrandVerity -- means they will be terminated from the affiliate program.

These checks range from simple procedures, such as looking at the referring URL or the visitor’s IP address, to much more complex hacks of the visitor’s browser history. One of the more complex hacks that affiliates perform on a visitor’s browser is known as the CSS History Hack. It exploits a common hole in web browsers, including Internet Explorer, Firefox, and Chrome, in order to expose information about previously visited sites. Simply, web browsers treat links you have visited differently from links you have not. By seeing what sites a visitor has previously visited, the affiliate can make a fairly accurate determination of whether or not a visitor is a merchant, affiliate manger, or network representative. Some sites that affiliate hijackers frequently search for include:

If a user has visited any of these links--or fails any other check run by the affiliate-- he or she is sent immediately to the merchant website without an affiliate cookie. If they have not, they are moved on to the next phase of the process: a “front” website.

While the CSS History Hack has been closed in the most recent versions of most major browsers, unethical affiliates are constantly developing new techniques to detect visitors that they should hide their links from.

 

“Front” Websites

A “front” website appears to be an entirely legitimate website, often a blog, review site, or, most commonly, a coupon site. This website is the one the affiliate used apply for the affiliate program, but also serves a variety of other purposes. Its first purpose is to look like a site that could send visitors to convert. The website must act as a tangible representative of the affiliate’s supposed business model, demonstrating to a potential affiliate manager how the affiliate turns a profit and how the merchant’s brand would be promoted. This aspect is important both in terms of convincing a merchant to let the affiliate join the program in the first place, as well as in terms of seeming legitimate should a merchant or network representative visit at a later date.

Even more importantly, a second series of checks are performed on the visitor by this site, similar to the ones performed at the disposable URL, but in less depth. The purpose of this series of checks is simply to determine if the visitor should be auto-redirected or not. If all visitors were auto-redirected, the website could never seem authentic to a suspicious affiliate manager. If the user passes these checks, they will be auto-redirected to an affiliate link.

 

Auto-Redirects

The auto-redirect process launders the user’s referrer before sending them on to the merchant. By laundering user traffic in this way, an affiliate manages to mask the fact that the user originally arrived via a search ad. The data sent to the merchant or affiliate manager indicates only that the user came from the “front” website, and thus this traffic is interpreted as pure affiliate value add.

There are legitimate reasons to redirect users through an affiliate site, for example, an affiliate may wish to keep the search terms they are using to buy traffic private or may want to conduct their own ad tracking, meaning that it is important when tracking affiliate traffic to differentiate between proper and improper redirects. Proper redirects usually take the form of server-side 301 and 302 redirects, methods recommended by the W3C for redirection. Neither of these techniques causes “Referrer Laundering.”

Improper redirects, on the other hand, usually happen through Javascript, meta tags, and frames. Sometimes used by unsophisticated webmasters who are unable to code proper redirects, they are more commonly used by affiliates intending to launder users.

This series of processes makes it such that simply looking at the “front” website will not reveal its true source of traffic, nor the abuse conducted by the affiliate. All traffic passing from the site to the merchant will also appear legitimate.

Although disposable URLs and front websites are one common practice to launder referrers, services also exist to help affiliates hide their search terms and methods of driving traffic. Sites like referer.us and hiderefer.org launder users for the affiliate, making it very simple for them to disguise their bad practices from a merchant.

Trademark Bidding and BrandVerity

Should you choose to hire an outside company to help monitor your affiliate program, BrandVerity provides a suite of services intended to counter this kind of paid search poaching. The Affiliate Watchlist contains over 300 affiliate IDs of abusive affiliates to help screen affiliate applications and the PoachMark Pool data provides insight into other merchants’ experiences with specific affiliates. In terms of continued monitoring, PoachMark does an outstanding job of finding, attributing, and contacting affiliates who use these techniques. BrandVerity makes a consistent effort to remain on the cutting edge of affiliate poaching techniques and routinely passes this knowledge on to its clients to help them get the most out of their affiliate programs.

 

While much affiliate fraud occurs in the form of trademark bidding and paid search violations, other types of abuse remain in active use amongst affiliates. Forcing clicks, also known as “cookie-stuffing,” is a particularly popular way that rogue affiliates gain commissions fraudulently. The following section will discuss what cookie-stuffing is, how it impacts the merchant and other affiliates, and varied means of detection and prevention.

What is Cookie-Stuffing?

The standard affiliate marketing model operates by using cookies to track how a user arrived at a merchant’s website. In most systems, a merchant pays a commission to an affiliate when a user visits an affiliate’s site, clicks on an affiliate link, and then makes a purchase from the merchant. Each time that affiliate link is clicked on by a user, it drops a cookie in the user’s system that allows the merchant to know from where the user came and what affiliate deserves a commission. Most programs also use a 30-day return period, wherein if a user returns to the merchant within a set number of days, the affiliate still receives credit for the sale. Some affiliates, however, manage to trick merchant’s tracking systems into believing that a user has clicked on a link even when they haven’t done so. By dropping cookies onto their system without their knowledge or their click-through, the affiliate gains credit for any purchase by that user without necessarily ever promoting the merchant or driving any incremental traffic.

eBay vs DigitalPoint, USA vs Shawn D. Hogan

One of the most high-profile examples of sophisticated cookie-stuffing involves Digital Point Solutions owner Shawn Hogan. Both eBay and the federal government have accused Hogan of cookie-stuffing while he was an affiliate for eBay and alleged that this practice is not only unethical, but unlawful.

The original lawsuit was a civil suit filed by eBay against Hogan, two other defendants, and all their respective companies on August 25, 2008. The company alleges that Hogan and the others committed fraud, racketeering activity under Racketeer Influenced and Corrupt Organizations, wire fraud, and unauthorized access of eBay’s servers in order to run a cookie-stuffing scheme from approximately 2003 until mid 2007. They claim that the scheme involved using hidden forced clicks of affiliate links and that the defendants actively hid their practices from eBay and denied any wrongdoing when asked about suspicious traffic. All documents pertaining to the civil suit can be found on the Justia page for eBay v Digital Point Solutions et al.

The civil suit was put on hold, however, when on June 24, 2010, Hogan and one other civil suit defendant were indicted by a California grand jury for wire fraud and criminal forfeiture following an FBI Cyber Crimes investigation. Hogan was indicted for ten counts of wire fraud. The indictment closely parallels the civil suit, but also expands upon some key details. It alleges that during the four years that Hogan cookie-stuffed, he was the number one eBay affiliate and made approximately $15.5 million in commissions from eBay. It claims that he and others forced hidden clicks not only on their own websites but also on other sites not connected to their own entities. It further specifies that they hid the practice from eBay by stuffing cookies on any given user’s computer only once, so that it looked more like real traffic, and used reverse IP-geotargeting to so as to not stuff cookies on computers near the eBay headquarters. The full text of the indictment can be found here.

The potential legal implications for affiliates, networks, and merchants are far-reaching and numerous. For one, if the federal government wins the case, it will move cookie- stuffing from being a civil contract breach into being a violation of federal law. In the USA v Hogan indictment, the legal criteria for wire fraud was established not on the transfer of money or commissions via wire, but rather because of the transmission of cookies between states and internationally. Should the defendants be found guilty— both are currently released on a $100,000 property bond and the surrender of their passports—they will face a maximum penalty of 20 years imprisonment, a $250,000 fine or twice the gross gain/loss (whichever is greater), three years of supervised release, and a $100 special assessment fee per count, in addition to the ramifications of the civil suit and legal fees.

This case has received much press in the affiliate world, with one of the most insightful articles written by Kellie Stevens, wherein she discusses the potential impact of this suit on the broader affiliate field. Hogan himself has also responded via his blog, explaining the various cookie-stuffing techniques that he used, while firmly maintaining his innocence. Of course, all defendants in both cases are considered innocent until proven guilty by the court.

Forced Clicks at an Affiliate Site

One common way that affiliates force clicks is through JavaScript on their front web- page. When a visitor arrives at their site, the site forces the user’s browser to load an affiliate link. Just by visiting the site, cookies are loaded onto the user’s computer and any subsequent purchase from the associated merchant will be credited to the affiliate. Most often this method involves the presence of an invisible iframe on a website that contains the affiliate link. The affiliate page is loaded in the iframe and cookies automatically dropped onto the user’s system. Wordpress plugins, such as CPA Redirector, CookieFire, and Chocolate Chip Cookie Stuffer, also make it extremely easy for affiliates to force clicks from a Wordpress page. Without the user ever clicking on an ad, the affiliate will gain a commission for any purchase the user makes from the merchant within a several day period. Sophisticated affiliate abusers are increasingly developing new ways to hide this kind of click fraud from merchants and affiliate managers through varied obfuscation techniques.

Banner Ads

The practice of loading affiliate links in banner ads contribute another level of complexity to the practice of cookie-stuffing. In this scenario, an affiliate loads an affiliate link and drops cookies into a user’s browser via a banner ad. This type of cookie-stuffing allows an affiliate to gain a commission based on nothing more than a user’s natural browsing.

When using this method, an affiliate gains a commission without the user ever clicking on a link or browsing to their website. The merchant pays out to an affiliate in violation of their Terms of Service, but, even worse, the merchant receives absolutely no advertising or promotional benefit. As the banner ad does not even have to be for the merchant in question, any sale that occurs would have happened anyway; the affiliate intervened in no meaningful way.

Image Cookie-Stuffing

Image cookie-stuffing makes it even easier (and potentially cheaper) for an affiliate to drop cookies without the user’s knowledge. In this model, an affiliate uses an affiliate link as the source of an image file and then places that image file on a website. A browser will follow this link and read and act on cookies sent through it even through it will not be able to load an image. This link will appear either as an innocuous broken image icon or a more sophisticated scammer may set the image to appear as a blank space.

While this technique is very effective on an affiliate’s website, its real advantage to an abusive affiliate is its capacity to drop cookies on large quantities of free traffic. Online discussion forums provide a huge opportunity to force clicks through the use of these image files in online signatures. By embedding these affiliate links in a signature, any user who views a post written by the affiliate will have the affiliate cookies dropped in their browser. Not only has the affiliate managed to force clicks without directing a user through a link or to their own site, they have also managed to do so without even paying for ad space. This technique works equally well in forums such as Myspace profiles, eBay auctions, and craigslist ads. Abusive affiliates can create pages on these sites in which they embed an affiliate link image and thereby force a cookie on to a user’s browser whenever they view the profile, auction, or ad. And, as explained before, any purchase made at the targeted merchant’s site for the duration of the “return days” period will be credited to the defrauding affiliate.

Warning!
  • Affiliates who convert at a much lower than average rate
  • Blank or odd HTTP Referrer headers
  • Long delays between clicks and purchases
  • Clearly manipulated statistics
  • The appearance of click cookies when you haven't clicked on anything

Countering Cookie-Stuffing

There are a few different ways of determining if a suspicious-looking affiliate is in fact cookie- stuffing. One simple method is to clear the cookies off your browser, visit a suspect site, and then look at what cookies have been dropped on you. If there are any click cookies, they have been stuffed as you haven’t clicked on anything. Make sure if you plan to do this kind of investigation yourself, that you learn the difference between “impression cookies” and “click cookies.”

The other option is to use a plugin-type HTTP viewer or full packet sniffer to track the redirects that a site sends you through to see if they include any affiliate links. Some popular suggestions include HttpWatch, IEWatch, EffeTech, Endace, and Wireshark. Of course, the affiliate may only be cookie-stuffing for certain IP addresses so you are best served by using a proxy server.

Ascertaining exactly how an affiliate is cookie-stuffing can be difficult and usually will involve examining source code. Some monitoring can be done automatically via software, but it is also highly recommended that at least some members of an affiliate marketing management team have a strong technical background. Abusive affiliates only continue to adapt and improve their methods in the face of merchant actions.

Malware and Adware

Web-based cookie-stuffing is not the only way that rogue affiliates create fraudulent clicks. Unethical affiliates have been using malware and adware to drive traffic, steal from merchants and other affiliates, and participate in “cookie-stuffing” for many years. This section will explain how malware and adware work and examine the way they contribute to false clicks and other violations of affiliate Terms of Service agreements.

What is Malware/Adware?

Malware and adware includes programs such as spyware, pop-ups, and pop-unders. Oftentimes these programs are installed on users’ computers without their full knowledge or express permission.

Malware and adware work in various ways to drive traffic to an affiliate, often to the detriment of the merchant and other honest affiliates. This software tracks users, granting the affiliate detailed information about a user’s online activity so that the user can be targeted more directly. Using information gained about the user’s searching and purchasing, this software can launch various ads or browser windows that cookie-stuff and steal from the merchant and other affiliates.

“Pop-Ups, Pop-Unders and Hidden Windows”?

Pop-up ads are generally designed to recognize when a user is navigating to a site and then show an ad for a competitor. Often these ads cover large portions of the user’s screen and the hope, on the part of the advertiser, is that the user will choose to buy from the competitor instead of the site to which they originally navigated.

Abusive affiliates, however, may use pop-up advertising to drive affiliate income. Instead of opening up an ad for a competitor, the adware opens up a window for the site the user was already on; only this time, it is opened through an affiliate link. For example, if a user navigated to SampleSite.com, the pop-up would show SampleSite.com again but this time loading an affiliate cookie in the user’s browser. This sort of abuse can appear at any point while a user is browsing a website, but is frequently targeted at urls used in the purchase process. Again, the merchant ends up paying a commission for a customer who had already arrived at their site without any help from an affiliate.

These pop-ups might be very visible or nearly invisible. By opening a window off-screen or so small as to be nearly invisible, abusers can perform much the same trick as explained above. Instead of showing a duplicate window, one is opened in the background, which activates an affiliate link and makes it seem to the merchant that the affiliate drove the sale.

Warning!
  • Transactions with missing HTTP Referrer headings
  • Unusual conversion rates (high or low)
  • Affiliates sending traffic in the middle of a user session

Countering Malware and Adware

Uncovering clear evidence of malware and adware can be quite challenging and takes a healthy degree of technical sophistication. The best approach for most organizations is to work with a consultant that operates their own malware lab. Another technique to counter malware is to maintain a high standard for affiliates you approve into your program.

Cookie Fraud Consultants

  • Various consultants will also perform these services for a fee. Ben Edelman has built a sophisticated lab that monitors a wide range of malware programs for abuse by affiliates. Kellie Stevens also provides a service that highlights affiliates found running malware. More information about both consultants and their services can be found in the Resources section at the end of this book.

Typosquatting

Another way that some affiliates seek to steal commissions from merchants is through the practice of typosquatting. Typosquatting takes on several forms but always involves the registration of a domain name very similar to the merchant’s trademarked domain and the use of that domain to make a profit off the merchant’s intended traffic. This section will look at how typosquatting causes merchants to pay out unnecessary commissions, specifically focusing on how affiliate marketers use these domain names. It will also discuss ways of countering these abusers.

What is Typosquatting?

Typosquatting is a subsection of the domain parking business wherein a person purchases domain names that are only a few letters off of a major business’s trademarked domain name. For example, domain names that might be bought for the purpose of typosquatting the site www.sample.com could be wwwsample.com, sampl.com, or sanple.com. The concept is predicated on the idea that users typing quickly into a URL field will often misspell a word, landing them at the typosquatter’s domain instead of the merchant’s domain. These kinds of users are particularly likely to convert as they were searching for the merchant— presumably to make a purchase—originally and have simply been diverted to the incorrect web address. Affiliate hijackers are able to turn these users into extremely profitable customers at the merchant’s expense.

Pay-Per-click Advertisements

The most common use for a typosquatted domain is to display pay-per-click advertisements. Many of these websites partner with the major ad platforms, such as Google Adsense for Domains, to sell ad space to advertisers and collect payment for those ads. Usually the top ad on a typosquatted site will be for the merchant’s trademarked site, i.e. the top ad on www. sampl.com would be for www.sample.com. Often, listed below the advertisement for the misspelled domain will be ads for competitors, www.example.com for instance. [besstbuy. jpg and/or homedepo.jpg] If the user clicks on the ad for the site to which they originally intended to navigate, the legitimate merchant ends up paying both the ad platform and the owner of the misspelled domain for what had truly been naturally driven traffic.

Cookie-Stuffing, Redirection, and Affiliate Links

While the above kind of typosquatter is not usually a member of an affiliate program, affiliates have found several ways to use typosquatted domains to skim money from a merchant. A common, and fairly simple, technique is for an affiliate to set 301 redirects to the intended site on a typosquatted domain. During the redirect, they will set a cookie onto the user’s browser, claiming credit for a sale that was already going to be made. This technique forces a merchant to pay a commission on a sale that arrived organically. It also makes the affiliate seem to have a particularly high conversion rate as many people directed through the link were, in all probability, navigating to the merchant’s site with the intention of purchasing from them.

Redirections to Competitors

Finally, a typosquatter can target a merchant by using a typosquatted domain to redirect to a competitor’s site. Some typosquatted domains of popular sites automatically redirect the user to another, sometimes less popular, site that performs a similar service. Again, users typing in domain names, albeit, misspelling them, often intend to make a purchase. If they are redirected to a different, but not too different, site, they may end up making their purchase from them instead of the merchant they originally attempted to reach.

Legal Ramifications of Typosquatting

Beyond the basic financial consequences of typosquatters for a merchant, there are attending legal implications to allowing typosquatters into an affiliate program. Should a merchant wish to later file a claim that the typosquatted domain infringes on their trademark, under the language of the Uniform Domain-Name Dispute-Resolution Policy (UDRP) the merchant must prove that the typosquatter has no legitimate business interests in the domain. Some of the case law surrounding typo and cybersquatting, for example, Skype Limited v. Benjamin Decraene, suggests that allowing an affiliate who uses typosquatting into an affiliate program can authorize their claim to being a legitimate business. To cite that case, “The fact that an announcer expressly accepts – as in this case – that an affiliate becomes part of an affiliation program hyperlinking to the announcer’s website may, according to this Panel, be considered as an authorization/permission to use the Domain Name. The Complainant, by accepting the Respondent as an affiliate, could perhaps be regarded as having recognized the rights and/or legitimate interests of the Respondent in the Domain Name” (Skype v. Decraene). Because the trademarked merchant allowed the typosquatter to use that domain name as an affiliate in their program (even unknowingly), under the law they can be seen as having provided permission to the affiliate to do so. Should the case be interpreted in such a way, the merchant will probably never be able to retrieve the domain name, even though much trademark law would suggest it is rightfully theirs.

Countering Typosquatting

Countering typosquatting and its impacts begins with prevention. By self-registering misspellings of its domain name, a merchant can head-off typosquatters before they begin. Purchasing a wide variety of domain names similar to the trademarked one and setting these sites up to auto-redirect to the correct site can potentially save you from paying large sums for unnecessary pay-per-click and affiliate marketing.

The UDRP also provides a process for quick recovery of a domain if: 1) you can prove that the domain is similar enough to the trademark as to be confused by some users, 2) that the typosquatter has no legitimate interest in the name, and 3) that the name is being used in bad faith. Of course, pursuing action through these channels will be a potentially drawn-out process requiring a lawyer, so various domain recovery programs, most notably Alias Encoreand CitizenHawk do exist.

Both of these companies can actually participate in your affiliate program. They work to recover your domains, and instead of collecting an up front fee they receive commissions on all sales that pass through those pages for a set period of time--often one or two years.

Warning!

ISP Error Pages, Paxfire and Sendori

Close relatives to typosquatting are the error traffic monetization schemes increasingly implemented by ISPs. Many ISPs intercept 404 Error pages or requests for non-existent domains, redirecting clients to other sites. Most commonly, the ISPs show a page filled with ads similar to those ads found on parked domains.

Recently, Paxfire, an ISP partner that manages this monetization system, began intercepting user searches and inserting affiliate links. A user would submit a search request for a brand like ‘Amazon’ to Google. Paxfire and their partner ISPs would intercept that request and send the user directly to Amazon’s home page through an affiliate link. They implemented this scheme across hundreds of affiliate programs in many networks.

Sendori is a domain monetization platform that allows advertisers to bid for visitors. Rather than bid to display ads on typosquatted domain names, advertisers bid for the visitors directly. For example, the domain tinyprint.com is part of the Sendori ad network. The winning advertiser sends visitors to any URL they choose. Naturally, some TinyPrints.com affiliates bid on that traffic and route it through a Sendori affiliate link. Not only do affiliates use Sendori, but they are also in many affiliate programs. In some instances, Sendori may send traffic directly through an affiliate link. Sendori is increasingly partnering with ISPs and providing error monetization systems as well.

Incentive Marketing

Unlike the methods discussed above which nearly every affiliate program bans, incentivized marketing is allowed under some Terms of Service. Incentive marketing has evolved substantially and can take a wide-rage of forms. Even if incentive marketing is generally allowed in your program, there may be some forms of incentive marketing that are disallowed.

Incentive marketing is broadly used to cover a range of marketing activities. Those activities can include:

  1. Loyalty & Cashback Programs. Sites like UPromise, FatWallet and eBates offer cash back on purchases made through their affiliate links. Similarly, airlines like United offer miles for purchases made through their affiliate links.
  2. Social Gaming Offers. Many social games create opportunities for users to increase their capabilities or accomplishments in those games by completing offers in exchange for points, status, etc. For example, a user in Farmville can add Coins and Cash to their account by creating a trial Blockbuster DVD rental account.
  3. ‘Free’ Promotions. ‘Free iPod’ and similar programs. Consumers are presented with the opportunity to receive a free iPod. In order to do so, they are required to complete a long list of offers - things like complete a survey, sign up for a trial (eg Blockbuster), apply for an auto insurance quote, etc.
  4. Pay-to-complete. Some affiliates have systems that simply pay users to complete affiliate offers. This particular approach is most commonly banned in programs and networks, however it is still used frequently.

Toolbars and Couponware

Toolbars and couponware are often used in incentivization schemes. Usually presented to customers as a way to save money, these types of programs promise the client discounts, cash back, and sometimes even donations to charity on nearly any online shopping site. Once the client downloads the software, a toolbar appears in their browser that activates any time that client accesses a site for which the program has an affiliate link. This toolbar will either automatically set a cookie that tells the merchant that the affiliate drove the sale—even through the customer arrived organically—or will flash a message to the customer that a discount is available if they leave the site and return through the affiliate link. Others will show coupons over the merchant’s site that set a cookie, again suggesting that the sale arrived via an affiliate rather than via a search. In short, these kinds of advertising toolbars and coupon reminder software may redirect a merchant’s own traffic through an affiliate link, making a merchant pay a commission on a freely achieved sale.

Building a Policy for Incentive Marketing

Incentive marketing can both deliver and destroy value in affiliate programs. Advertisers need to carefully consider the incremental value added by incentive marketing affiliates. A loyalty site may bring new customers to a merchant or it may just divert a merchant’s existing customers through its affiliate links.

Users that request an auto insurance quote in order to increase their status in a social game might be more or less likely to ultimately convert than typical users requesting a quote. Some sophisticated affiliate advertisers understand these metrics well and have built different commission levels depending on the source of the traffic.

The toolbars and couponware associated with incentive programs may bring issues of their own. The toolbars have been found in the past to overwrite existing affiliate cookies, auto-insert their own cookies and engage in behavior not clearly identified by the affiliate.

Countering Incentivized Marketing

First and foremost, familiarize yourself with the techniques and consider their impact on your program. If you choose to work with incentive marketers, ensure that you understand exactly how they market your service and what tools they use to do so. Of course, if you’ve prohibited a technique there is no guarantee that some affiliates won’t be applying the technique.

Build a strong relationship with your customer service team. They will likely hear about any problems first. They might receive complaints about ‘not receiving their iPod’, or they may hear mentions of social games, or perhaps overly aggressive third-party email that they hadn’t opted into (spam).

If the affiliate offers a toolbar or other download, familiarize yourself with the software (ideally in a virtualized environment), or reach out to other affiliate managers on forums such as ABestWeb and the Affiliate Summit forum and understand their experiences. A few web searches can also yield a great deal of information about the software and whether it may create problems.

Most importantly tie your key metrics back to individual affiliates. These metrics need to go deeper than just commissions paid and should track the ultimate value contributed by each affiliate. This should help identify problem affiliates before they’ve had a tremendous negative impact on your service.

FTC Endorsement Regulations and Complaints

In 2009, the Federal Trade Commission updated their endorsement guide in order to better reflect the ever-changing field of internet marketing. The updates were aimed largely at the use of social media and blogs as platforms for paid endorsements and specify that bloggers who endorse products must disclose any financial benefits they receive. Should they fail to do so, and should the violation come to the FTC’s attention, the advertiser, not the endorser, bears the brunt of responsibility. This update to the regulations has clear ramifications for merchants running affiliate programs.

The merchant is considered liable for any false or unsubstantiated claims made through endorsements—defined as advertisements that consumers are likely to think express the opinions, beliefs, findings, or experiences of a person or party other than the sponsoring advertiser—or for a failure to disclose material connections between themselves and their endorsers. Advertisers are thus responsible for establishing a program to train and monitor affiliates that explains to the members of your network what can and cannot be said about a product, regularly monitors what people are saying about your product, and effectively follows-up on questionable practices. The FTC states that if a merchant has such a program in place, it is unlikely that a single rogue blogger would result in law enforcement action against the merchant. The updated Guides Concerning the Use of Endorsements and Testimonials in Advertising and the FTC’s FAQ section concerning them contain much useful information about the disclosure requirements as well as offer examples of compliance and non-compliance.

The Legacy Learning Case

The Legacy Learning case was one of the biggest FTC complaints regarding affiliate marketing since the updated guides were released in 2009. The complaint states that Legacy Learning sold the Learn and Master Guitar program, a way to learn guitar at home though DVDs and written materials, via an affiliate program for which the company recruited “Review Ad” affiliates. These affiliates endorsed the program through articles, blogs, and editorial material that included affiliate links to purchase the system. These affiliates made large commissions and generated approximately $5 million in sales of Learn and Master. Because Legacy Learning did not disclose that their affiliates were paid for every generated sale, instead, allowing their affiliates to imply that these online endorsements reflected the opinions of average consumers and “independent reviewers,” the FTC charged the company with dissemination of deceptive advertisements.

The FTC and Legacy Learning settled in June, 2011. Under the settlement, Legacy Learning will pay $250,000 to the FTC and agree to monitor their top 50 affiliate marketers as well as another random sampling of 50 each month. This monitoring will ensure that their marketers are both disclosing their relationship to the company and are not representing themselves as independent reviewers or average consumers. Legacy Learning must submit these monthly reports to the FTC. They further must remove any affiliate in violation of these terms immediately.

Prevention and Elimination of Affiliate Abuse

While we have mentioned methods to counter each of the specific types of affiliate abuse mentioned, there are some general steps that should be followed to prevent and remove poachers from your affiliate program. This section will cover crafting a Terms of Service agreement, approving affiliates, reviewing affiliate statistics, and continued comprehensive monitoring of affiliates.

Terms of Service Agreement

Most importantly, a clear and thorough Terms of Service agreement is absolutely crucial. This document sets the parameters for your affiliates and serves as a legal document detailing the ways and means of marketing that you consider legitimate for your company and brand. The language of the agreement should be in plain English and describe exactly what techniques are and are not allowed in your program—should an affiliate violate the agreement, it must be clear that the terms were stated and that they knowingly disobeyed them. There are several components of affiliate agreements that we deem essential:

  • Require the use of negative keywords in PPC Campaigns. If you do not allow brand-bidding in paid search, also require that your affiliates include your brand terms as negative keywords in their campaigns. This will prevent the search engines from broad matching their ads onto searches containing your brand and provide for clear accountability should you find affiliate ads on your brand terms.
  • Prevent use of TM terms in domain names, subdomains, usernames, etc. Allowing an affiliate to use your trademarks in any sort of Internet naming system may forfeit your rights to that name.
  • Directly address incentive marketing programs. Consider the different forms of incentive marketing and clearly state which forms are and are not allowed.
  • Require disclosure. Affiliates, particularly affiliates that are writing reviews of your product or service absolutely must disclose, in a conspicuous manner, their relationship with you.
  • Prohibited web site content. If there are types of content that you don’t want your brand promoted alongside (adult content, hate-speech, etc.) identify it in your agreement.
  • Require CAN-SPAM compliant email. If you allow your affiliates to email your affiliate links require that every email be CAN-SPAM compliant.
  • Ability to delay and withhold payment. Your Agreement should also grant yourself the right to delay payments to affiliates. Affiliate fraud is often detectable through data monitoring but verification of fraud can take several weeks to produce. By delaying payments, you give yourself the time to investigate potential fraud, collect the necessary data, and then deny or reverse payments.
  • Include ‘Detrimental to brand’ language. A generic statement that can be applied to future abusive techniques provides you with protection from the ever-evolving state of affiliate poaching. A common approach to this statement would be a clause that prohibits campaigns deemed detrimental to the merchant’s brand.

Of course, these terms in your agreement minimize your risk of affiliate fraud, but do not by any means prevent it. A comprehensive fraud prevention program includes in-depth affiliate application reviews, regular communication with affiliates, and abuse monitoring.

Payment Delays

Ben Edelman, in his paper, “Deterring Online Advertising Fraud Through Optimal Payment in Arrears,” presents compelling, and much more in depth, economic evidence for the benefits of delaying payments to affiliates. His research makes clear both how payment delays punish rogue affiliates and can potentially award ethical, producing affiliates.

Approving Affiliate Applications

A strong front door can be one of the most effective ways of preventing abusive affiliates from ever entering your program. Many affiliate networks allow merchants to “auto-approve” affiliates, a tool that dramatically reduces the time a merchant needs to spend looking through hundreds of affiliate applications. But using auto-approve almost guarantees that abusive affiliates will enter your program, as networks also have “auto-apply” tools for their affiliates. Many affiliates auto-apply to all programs and are then auto-accepted into them— giving them access to affiliate links that they already know are not particularly well-monitored.

The best way to head-off abusive affiliates from the start is to interview every affiliate that applies to your program. Many affiliates who intend to defraud you will not want to respond to emails, let alone talk on the phone. The more anonymous they remain, the better chance they have of continuing their illicit activities, so demanding an interview will significantly reduce abusive affiliates from the start.

Interviewing all your applicants, however, can take a lot of time and may not seem like the best use of it, especially given that many affiliates never end up making a sale for your company. To save on time, some companies make contact with an affiliate as soon as they have made their first sale. Many send an email or give them a phone call to congratulate them on their first sale and, as they talk, get a sense of their brand presentation, how they drove the sale, and make sure they understand exactly how the affiliate is driving their business. Affiliates whom you cannot reach, avoid your calls, or don’t respond to email may very well be up to something suspicious.

Another option that some merchants choose is to send an auto-response email to all applicants asking for more information on who they are and how they intend to represent the brand and drive sales. This additional hurdle to approval will deter many abusive affiliates.

However you decide to run your approval process, you should always check to make sure that your new affiliates’ business models seem legitimate and reasonable. You should also do your best to verify that the party is real. Checking sites like Compete and Alexa can help in this process as well as Google searches to make sure that the website the affiliate claims will sell your products appears, has visitors, and seems capable of sending users who will convert.

Finally, BrandVerity’s products, the Affiliate Watchlist and the PoachMark Pool, give merchants lists of affiliates who have been abusive in the past as well as information about other merchants’ experience with specific affiliates. This kind of information can be very beneficial during the affiliate screening process.

Reviewing Affiliate Statistics

When monitoring your affiliates statistics, there are several warning signs that indicate different types of potential fraud. The first thing to keep an eye out for is a very rapid acceleration in affiliate activity. If an affiliate suddenly jumps from no sales to a hundred in a day, it should alert you to check out their website, give them a call, and try to figure out how exactly they drove those sales. Although it may all be above board, it’s equally likely that something illicit is going on.

Another major warning sign is a conversion ratio above your program average. If most of your affiliates are converting 2% of the time but one is converting at 8%, it can be a fairly strong indicator that they are trademark bidding. Conversely, very low conversion rates are often a sign of cookie-stuffing. The affiliate is managing to make it look like they have a lot of traffic, but much of that traffic is not quality traffic. Tools like Alexa, Quantcast, and Compete show how much traffic an affiliate website receives and can help clarify if their site is legitimate.

In addition to monitoring numbers, it is helpful to have regular conversations with your top affiliates in order to keep track of how they are driving traffic. The more in-touch you are, the less likely they will be to try to circumvent your affiliate agreement or defraud you.

Adding New Networks

Most merchant affiliate programs start with a single affiliate network and spend a lot of time and effort monitoring it, eliminating abuse, and making it profitable. As soon as an affiliate program is profitable, however, other networks will come knocking, telling you that their network will provide you with many new affiliates that your current network doesn’t represent.

The problem is, however, that all your historic policing becomes irrelevant as soon as you join a second network. You will need to start over with your anti-abuse actions and, often, will end up ejecting the same bad players for a second time, as many abusive affiliates participate in multiple networks.

This is not to say that adding new networks is necessarily a bad choice, only that adding a new network has an associated set of risks. Before adding a new network, it is important to verify that you have the time and resources to apply the necessary degree of oversight to your program.

Internal Programs

Another decision that can leave you open to affiliate fraud is the creation of an internal affiliate program. Many merchants launch a successful affiliate program using one of the major affiliate networks and soon decide that they would rather not pay the commissions a network requires. They make the decision to take their biggest affiliates with them and create an internal program that they monitor using third-party software. The company is then able to pay affiliates more as they no longer pay the network commission as well—meaning that many affiliates will encourage merchants to form in-house programs.

Although running an internal program may seem like a great and fairly easy way to cut down on commissions while maintaining your best affiliates, the move away from a network is also a move away from the protections a network offers. For example, abusive affiliates are often removed from the network; the network will eject the worst actors before they ever enter your program. Additionally, networks will typically employ tools in an attempt to prevent affiliates from obtaining multiple accounts. Without a network, you will not have that kind of high-level oversight. If you are going to run a program yourself, it becomes even more important thus to maintain a strict reporting and oversight structure for your affiliates.

What to Do If You Find Abusive Affiliates

Should you discover fraud in your program, the rogue affiliate should be reported to your network compliance team, their payment reversed or canceled, and they should be terminated from your program. Allowing abusive affiliates to remain in a program only sends the message that you allow these kinds of marketing techniques, making your legal position less tenable, and opening yourself up to other attacks.

Affiliate Marketing Resource Lists

Please feel free to consult our affiliate compliance, affiliate marketing, and conference/forum resource lists below.

Affiliate Compliance Resources

Ben Edelman

Benjamin Edelman, a Harvard Business School professor, was one of the first to actively fight against the use of adware and malware in affiliate marketing. He developed software that offered video proof of nonconsensual adware installations as well as documented their revenue streams. His website, benedelman.org, makes publicly available much of his work in these fields. More specifically, his articles on how spyware forces clicks, his well-illustrated examples of spyware at work, and his descriptions of how revenue streams operate in spyware driven affiliate marketing are invaluable resources for anyone managing an affiliate program. He also provides consulting services on spyware and adware to merchants.

Kellie Stevens and AffiliateFairPlay

Kellie Stevens, at AffiliateFairPlay.com, provides services that test, identify, and report potentially abusive affiliate behavior to merchants and affiliate managers. She is a frequent contributor to ReveNews and has helped countless advertisers uncover abusive affiliates in their programs through her thoughtful contributions on forums such as ABestWeb.

Adam Riemer

Adam Riemer is a well-known and successful affiliate, affiliate manager and consultant whose blog posts about the industry are essential for any newcomer. His series entitled “Are Your Affiliates Adding Value” provides great insight into ways to optimize an affiliate program as well as information for understanding what techniques do and don’t best serve merchants.

BrandVerity Blog

On the BrandVerity Blog we aim to keep our clients and other industry insiders appraised of the techniques that abusive affiliates use and the best ways of stopping them. It’s a source of information not only about our products, but trends in the industry, law suits impacting merchants and affiliate managers, and the cutting-edge ways that affiliate marketers scam the system. We believe that merchants and managers need to be just as informed as the bad guys, and we provide that information.


Affiliate Marketing Resources

Affiliate Marketing Blog by Shawn Collins

Shawn Collins, co-founder of Affiliate Summit writes an excellent blog on all issues affiliate. He frequently posts videos from prior Affiliate Summit sessions that are great resources for learning more about affiliate marketing. He also regularly highlights detailed findings from the annual AffStat survey of affiliate marketers that he runs.

Affiliate Marketing Blog by Geno Prussakov

Geno Prussakov, an affiliate management consultant and author of Affiliate Program Management: An Hour a Day, maintains a blog that provides fantastic information about structuring and maintaining an affiliate program. Advocating for affiliates, affiliate managers, and merchants, Prussakov’s blog comments upon the daily issues in the performance marketing field and advises all actors in the space on the best practices to gain the best results.

Clickz

ClickZ provides a variety of resources for interactive marketers; from news to expert commentary, statistics to a job board, they aim to provide in-depth coverage of the interactive marketing field. ClickZ Tools, their White Papers, and the ClickZ Academy offer valuable informational and educational resources to merchants and affiliates.

FeedFront

FeedFront Magazine is the official magazine of Affiliate Summit. Co-edited and co-published by Missy Ward and Shawn Collins, it seeks to be on the forefront of affiliate marketing techniques and ideas. Frequently publishing work that highlights the cutting-edge in affiliate marketing, it’s an indispensible resource for anyone who hopes to truly understand not only where affiliate marketing is, but where it’s going.

IndustryPace

IndustryPace is a blog run by Pace Lattin that discusses issues pertaining to affiliate fraud and compliance. Lattin has a background in law enforcement, interactive advertising, and affiliate marketing. Working with an attorney, he’s converting IndustyPace into a legal resource for affiliate compliance while also maintaining his work with Performance Marketing Insider and the Executive Council of Performance Marketing.

Performance Marketing Association

The Performance Marketing Association is a trade association that connects performance marketing industry leaders. It focuses on education and advocacy in and about the performance marketing industry. Their Anti-Fraud/Anti-Abuse Working Group aims to create policies and methods for the detection and elimination of online fraud and affiliate compliance.

Performance Marketing Insider

Performance Marketing Insider publishes daily about performance and affiliate marketing. Run by Amy Capomaccio and Pace Lattin, the publication reviews affiliate networks, comments on the legal issues facing the field, and publishes “expert guides” for marketers seeking to improve their businesses.

ReveNews

ReveNews provides great coverage of online marketing industries including affiliate marketing, SEM, and e-commerce. Co-published by Angel Djambazov and Missy Ward, ReveNews features articles by many industry leaders, including Kellie Stevens, Sarah Bundy and Adam Riemer.

Sarah Bundy

Sarah is an incredibly experience affiliate manager and founder of All Inclusive Marketing and Affiliate Management Trainers. Not only does she write on industry blogs such as ReveNews, she also is a frequent speaker at industry events. Her blog touches on a wide range of issues related to affiliate marketing and highlights strategies for effectively working with affiliates.

Conferences and Forums

Abestweb Affiliate Manager’s Only Forum

Abestweb is one of the oldest and certainly most successful forum dedicated to affiliate marketing. Abestweb features an Affiliate Managers Only forum that contains great discussions around various shady affiliate practices.

Affiliate Management Days

AM Days is the newest affiliate conference, but the first and only affiliate conference to focus on the needs of affiliate managers. The sessions planned for the inaugural conference in San Francisco go into the greatest depth on compliance issues of any conference yet.

Affiliate Summit

The first and biggest affiliate conference continues to get bigger year after year. Affiliate Summit features a wealth of sessions targeted at training affiliate marketers across the skill spectrum. Affiliate Summit also proves to be the central event for advertisers to find affiliates and vice versa.

Topics: affiliate technology, affiliate tracking, Marketing Compliance, brand compliance

Don't Miss Out

Get the latest insights on brand protection, compliance, and paid search delivered right to your inbox.
Popular Posts
Topics
What you don't know will hurt you. Start monitoring and protecting your brand.
Request Demo