top of page

Navigating Affiliate Marketing Compliance:

A Comprehensive Guide for Stopping Fraud

by Andy Cooney

August 13, 2024

A successful affiliate programme can be a massive revenue driver for brands, with a reported 80% of US advertisers having an active programme. 

​

The volume of transactions and revenue delivered has made fraud a consistent problem in the industry. For brands to avoid any financial, reputational or legal complications, they must have guardrails to monitor and protect against fraud.

​

In this article, we'll talk about the risks to brands, the common types of affiliate fraud, ways brands should ensure their affiliate partners adhere to best practices and strategies to combat affiliate fraud

vitaly-gariev-YXCpQsDgoYA-unsplash_edited.jpg

What is affiliate compliance?

This process forces affiliates to stick to conditions established by the brand they represent and/or the affiliate network they are a part of. It can also incorporate existing national or international laws and regulations related to digital marketing or advertising. 
 

As affiliate programmes expand, monitoring affiliate compliance becomes increasingly challenging, increasing the risk of unethical behaviour and non-compliant practices by rogue affiliates. 

According to David Gasparyan from Forbes, affiliate compliance aims to  “keep your affiliates honest by outlining activities and behaviours prohibited by your network’s terms and conditions.”
 

Setting up comprehensive brand guidelines outlining compliance policies can deter affiliate fraud and ensure transparency among affiliates. It also minimizes the potential for reputational damage and any regulatory issues in the long run, providing the means to remove affiliates in case of disputes.

​

What is Affiliate Fraud?

Affiliate fraud is any deceitful or unethical activity undertaken to secure commissions within an affiliate marketing program. This includes actions explicitly forbidden by the program's terms and conditions, as stated in compliance policies, and violations of any compliance standards. 

​

Affiliate fraud can range from simple to highly sophisticated, often involving the use of technology to generate fake traffic or drive visitors to earn commissions in ways that break compliance guidelines. The goal of the affiliate fraudster is to make money as quickly as possible for as long as possible. Affiliate fraud can generate vast amounts of revenue for the fraudster. At Marcode, we track companies making hundreds of thousands annually, sometimes using one relatively simple tactic. 

​

What are the Risks You Run If Your Affiliates Use Fraud? 

Typical risks from affiliate fraud fall into three categories that aren’t mutually exclusive:
 

  1. Financial Loss: Fraudulent affiliates will primarily trick your system into paying them commission on either non-existent or undeserved sales.
     

  2. Loss of Reputation: The main goal of fraudulent affiliates is to generate commissions, even if it comes at the cost of your company's reputation. Fraudsters can lure customers into purchasing your products with false marketing, promising benefits your products may not deliver. Customers eventually realize your products don’t offer what they've been promised, leading to negative reviews and decreased sales. Affiliates can also control their messaging, meaning they may present the brand in an undesirable way.
     

  3. Legal issues: Furthermore, legal troubles can arise if affiliates violate consumer protection laws and are not appropriately addressed.
     

Mitigating these risks necessitates a systematic approach to creating a compliant and scalable affiliate programme. This becomes increasingly crucial with the emergence of new consumer privacy laws and regulations like:  
 

  • VCDPA
     

  • CTPA
     

  • CPA â€‹â€‹

How Does Affiliate Marketing Fraud Work?

Fraudsters use multiple different techniques to exploit merchants. The end goal is always the same: They want to claim affiliate commission from sales or the illusion of sales on a brand's site.

​

We’ll explain the most common methods we see and how brands can combat them.

Half Open Laptop

Different Types of Affiliate Fraud

1. PPC Brand Bidding

Brand or trademark bidding is when a brand places ads in search engines against its branded search terms. In effect, brands put search ads in front of users looking for their brand. This can often be some of the highest-converting marketing spend. For large brands selling hundreds of products, brand bidding can incorporate thousands of potential search terms, contributing a considerable amount to their revenue. 

Affiliates bid on brand keywords in paid search, such as Google or Bing Ads, to take advantage of this high-converting traffic. They either: 
 

  1. Send the users to their affiliate site, sometimes offering little to no value setup to drop an affiliate cookie on the user to claim any future commission. We typically see this with voucher codes or listicle sites designed purely to get users to click on the link to the target brand's site as quickly as possible.
     

  2. Hijack searches, more on this to follow
     

On the surface, it may seem like the affiliate has helped generate a sale. However, if the affiliate is offering no value and the user is already looking for the brand site, then the commission is often an additional, unnecessary cost of sale. This would not be incremental sales; it cannibalises the brand's existing paid or organic search. It also increases the brand's paid search costs, creating more competition to buy that click.

​

2. Ad Hijacking

Ad hijacking is the deceptive practice of creating online advertisements that mimic a legitimate brand's ads exactly, bidding on branded or trademarked keywords, and removing the genuine brand from the search ads.

​

This typically involves imitating the brand's creative elements and bidding on brand keywords. 

When visitors click on a duplicate ad, they are immediately redirected to the brand website with an affiliate code attached to that user. 

​

When users buy anything from the brand site, the system automatically rewards the fraudster as their affiliate details are associated with the sale.
 

They operate sophisticated cloaking techniques to hide affiliate details from monitoring tools and people working at their target brand, making detection difficult. If an advertiser cannot see the affiliate's details, they cannot remove them. This cloaking reports activity as being driven by affiliate marketing, even though the clicks have come from paid searches, making performance marketing attribution incorrect. It is crucial to ensure there are no hijacking issues while budgeting across channels. 

How affiliates hijack your ads: 

Duplicate Ad

Fake-Ad.png

Real Ad

Real-Ad.png

COMMISSION 

AFFLIATE TRACKING LINK 

product-page.png

3. Cookie Stuffing 

Cookie stuffing, also known as cookie dropping, is a deceptive tactic that involves placing an affiliate tracking cookie on a visitor's device without their knowledge. Later, when the visitor purchases something online, the "cookie stuffers" get credit for referring them and earn commissions for purchases they didn’t contribute to.
 

Common ways in which cookies are stuffed onto the user include:
 

  • Corrupted Browser Extensions: Fraudulent affiliates control browser extensions that pose as legitimately applicable. When users install these, they use a variety of methods to inject cookies, including firing a script when users visit a particular site, injecting iframes when users visit a site, or using pop-ups to set cookies without user interactions
     

  • Embedding invisible frames: These load affiliate links when a user visits without being seen.
     

  • Pop-ups or pop-unders: A new window that opens in a way that is not perceptible to set cookies on the user
     

These are just some of the techniques; others exist, all trying to achieve the same thing - dropping a cookie on a user who may go on to purchase without being noticed.

4. Coupon Fraud

Coupon or discount fraud involves affiliates offering unpermitted discounts to users via their sites and claiming a percentage of these sales. It also involves taking live codes that are not meant for public distribution and promoting them to users. 
 

Coupon fraud hurts businesses because they lose money on the discounts they weren't supposed to give. It can also hurt honest customers in the long run because companies may become less likely to offer coupons if they think people will cheat.

5. Typosquatting

Typosquatting involves creating domain names that are misspellings or close matches of popular websites. If users mistakenly type that domain into their browser bar, they reach the domain the affiliate has purchased. The affiliate will set up a redirect for the typo traffic to go back to the brand itself but using an affiliate link. When that particular visitor purchases something from the brand, the affiliate earns a commission because the system thinks he sent the traffic and generated a sale. 
 

Let's say there's a popular online retailer called RetailMart, with the domain name www.retailmart.com. A typosquatter might register a domain like www.retalmart.com, intentionally leaving out the "i" in "retail." 

Whenever someone enters the wrong URL www.retalmart.com they will eventually be redirected to the actual URL www.retailmart.com with an affiliate link. Now, anything the user purchases from the authentic www.retailmart.com, the owner of www.retalmart.com will earn a commission. 

6. Earning Commissions Using Stolen Data

Some affiliates will join an affiliate program, fraudsters and use stolen or bought credit card information to make purchases through their affiliate links, which earns them commissions. 
 

Fraudsters can purchase "fullz" for as little as $20 to $30 and gain access to real names, IDs, credit card details, and addresses. They then use this information to make purchases, often on a considerable scale.

​

Preventing stolen data commission:

​Merchants or affiliate managers need to maintain checks for suspicious-looking transactions.  There are third-party tools available which will block these, so for any brands with substantial volumes in sales, these are worth investigating. 

9. Malware

Affiliates may use malware and adware to engage in fraudulent or non-compliant activities. Adware is software that displays unwanted advertisements, while malware is designed to damage or disrupt computer systems.

Rogue affiliates insert their affiliate codes into transaction processes and infect potential users with malware, diverting payments meant for legitimate affiliates to themselves.

​​

10. Pixel stuffing

Pixel stuffing occurs when regular ads are compressed into tiny 1x1 pixel frames. Publishers earn a commission when an ad is displayed to a visitor during their browsing session. However, because the ad is so small, users typically don't see it.

11. Fake Conversions Through Incentivized Browsing

Fake conversions involve deceptive practices aimed at duping affiliate programs into rewarding affiliates for actions that are not genuine.  

​

Affiliate programs typically operate on cost-per models like cost-per-acquisition (CPA) or cost-per-click (CPC),  but also actions such as leads, impressions, or app installs that don't require a purchase. 

These actions can be spoofed through click frames that incentivise users to visit particular websites and click advertisements. 

​

They try to mimic legitimate user behaviour, such as clicking links or completing applications. This practice helps fraudsters artificially inflate website traffic and increase ad impressions.

As a result, the affiliate receives credit and payouts for these fake conversions, exploiting the payout structure of affiliate programs for financial gain. Such actions can also skew campaign metrics, creating the illusion of higher visibility or engagement with the ad. 

Employee

How to Keep Affiliates Compliant?

Detecting and Fighting Affiliate Fraud 

1. Always analyse affiliate behaviour 

Monitoring your affiliates  

​

All affiliate programmes should have an analytics level in place. The following metrics can all suggest unethical affiliates operating:

 

  • Large volumes of affiliate sales from sites that do not have the appropriate traffic volumes to provide it. 
     

  • High rates of engagement without corresponding conversions. This is particularly relevant for programmes whereby commission is paid on non-transaction.
     

  • Sudden spikes in affiliate registrations from specific areas or IP addresses
     

  • Affiliates with exceptionally high conversion rates
     

  • Affiliates with persistently low return rates
     

Affiliate managers should use intuition backed with data from tools to investigate suspicious-looking activity.  If something looks suspicious, either because of volume or frequency of purchase, the affiliate should be queried about the source of this revenue-driving traffic. These sites can be analysed to confirm they have legitimately driven the volumes. If it can't be explained, it should be assumed that the affiliates aren't compliant, and the affiliate manager and other responsible parties can take quick action. Fraud-fighting tools equipped with AI may also trigger defensive measures automatically once they find any unusual activity to safeguard your affiliate network. 

2. Ensure compliance for brand bidding in your affiliate programme 

The compliance policy should always have restrictions on brand bidding. We’d recommend stating that brands do not allow affiliates to bid on their brand terms unless: 
 

  1. The terms are highly specific, and the affiliate will add value, such as allowing authorised voucher code sites to bid on “brand + voucher code” terms
     

  2. The brand operates in a highly competitive space, and having affiliates bidding offers brand protection. This is common in finance, whereby brands aggressively target their competitors in search. Having an affiliate fill one of the other slots may stop a customer from being lost to a competitor at the expense of a commission.
     

Brands should actively monitor their affiliates to ensure they aren't brand-bidding. Marcode offers comprehensive monitoring of affiliates in search results. We track ads constantly, providing a comprehensive overview of who bids on brand terms and automating action against offenders. Brands will sometimes try and catch affiliates via spot-check manual searches; this isn’t a reliable method as:
 

  1. Affiliates will target locations away from company offices.
     

  2. Affiliates will target times when it is unlikely to be checked, such as outside of office hours.
     

A round-the-clock, multi-location monitoring solution like Marcode will identify affiliates breaking brand bidding restrictions. 
 

Here's an in-depth guide to combatting affiliate hijacking:
At a high level, hijacking should be explicitly banned within your affiliate compliance guidelines, and steps should be taken to vet potential affiliates to stop bad actors from joining the programme. 

3. Device Fingerprinting

Device fingerprinting is a method for tracking and identifying individuals online by gathering various details about their devices, such as their operating system, browser, version, language preference, and time zone.
 

This data is collected each time a person visits a website and is used to create a unique "fingerprint" for their device for future use. Later, that exact device can be traced, and activities like clicks, sign-ups, and purchases can be surveilled. This allows affiliate networks to analyze behaviour patterns and spot inconsistencies that might indicate fraudulent activity.
 

Unlike cookies, which are stored on a user's device, device fingerprinting operates more discreetly and can track users across different websites. For instance, if a device consistently generates many clicks or sign-ups in a short time frame, it could signal fraudulent behaviour. Device fingerprinting also enables your affiliate network to trace IP addresses linked to devices, helping you to identify coordinated fraud attempts involving multiple devices on the same network.

​

Continuous monitoring of device fingerprints also reveals whether the fraudsters are using emulators like Linken Sphere, Undetectable Browser, FraudFox, or AntiDetect.

4. Monitoring Suspicious IP Addresses and Traffic Locations

Another way to tackle affiliate fraud is to monitor your traffic's IP addresses. If you notice a large influx of traffic from a particular data centre, there's a strong likelihood that fraudulent activities are taking place or click farms are being used.

​

You can use geolocation tools to pinpoint areas with heavy traffic by region, country, or city. For instance, if your target audience is people from the US, UK, or Canada, and all your SEO efforts are primarily focused on these regions, but you’re experiencing a surge in traffic from Nigeria or Ethiopia, it clearly indicates something is amiss.

​

You can also block traffic from regions where fraud is more common or, at the very least, subject those sales to additional fraud screening.

5. Inform Your Affiliates

Inform members of your affiliate program that you will be using both proactive and reactive surveys to monitor their traffic and behavior. This will deter fraudsters, and sincere associates will value your proactive involvement.

6. Register domains to protect against typosquatting

It is best practice for brands to register all domains that closely match theirs and redirect to the main site. This protects against typosquatting and potential brand infringement issues that may cost money to defend. If someone has registered a closely matched domain, brands can recover this as long as it is close enough to their trademark name and the registrant of the domain has no right or legitimate interest in it. This process is handled via the Uniform Domain Name Dispute Resolution Policy (UDRP), which allows brands to lodge complaints. Services are available that handle this process on behalf of brands so that they don't get drawn into a lengthy legal battle.

Colorful Notebooks

Creating compliance regulations for your programme

1. Restriction on marketing behaviour

Clearly define what affiliates are and aren't allowed to do to market their site. This should go down to the detail of specific keywords they can target on paid search or what they can and can't do in other forms of paid advertising. This should be as detailed as stipulating negative keywords for paid search and outlining the punishment for breaking these. 

​

An excellent way to consider this is to look at all channels currently being run by the brand that affiliates shouldn't cannibalise. Ultimately, a brand needs to decide where they are happy for affiliates to advertise and restrict all else. 

2. Restrictions on content

Affiliates using rogue content that causes harm or violates regulation is a considerable compliance risk for brands. Active guidelines should be established on how affiliates can use the brand and its assets and what can and can't be said.

3. Data sharing and reporting

It should be clear to affiliates that they are expected to report on the source of commission-driving revenue. Brands should reserve the right to audit any transactions, and affiliates who refuse fully transparent reporting should be declined.

4. Prohibit Domains that Resemble Yours

Brands should prohibit domains that resemble their URL. As mentioned earlier, scammers use typosquatting techniques to take advantage of your affiliate program and earn commissions from users who mistakenly visit their sites and get redirected back to your original

5. Ask them to Disclose Affiliation

Affiliates must disclose affiliation with your brand. Under FTCs Endorsement Guidelines,  failing to disclose an affiliate relationship is considered unfair competition, or deceptive trade practice under the FTC Act, and the parties involved in such practices can face liability. So requiring your affiliates to disclose affiliation saves you from potential legal repercussions and safeguards your brand's reputation in the marketplace.

6. Outline the dispute process

The process for dealing with offending affiliates should be clear in the agreement. This may be different depending on the nature of the offense so all eventualities should be outlined.

Wrapping up affiliate compliance

Affiliate programmes can be a tremendous source of new customers but are open to deception from many angles. Ensuring a comprehensive set of guidelines agreed to by affiliates signing up for the programme and ongoing proactive management of compliance issues is an essential part of any affiliate marketing strategy. This guide to affiliate compliance has discussed many risks and counters to them. Use this to ensure your programme is a success. 

Start protecting your brand today!

bottom of page