Preventing Affiliate Fraud – An Interview with Ben Edelman

Becky Doles

Photo of Ben Edelman, an expert on affiliate fraud


Ben Edelman, Assistant Professor at Harvard Business School, is arguably the leading expert on affiliate fraud. Ben has identified some of the most creative fraud cases involving affiliate marketing and helped some of the world’s biggest companies avoid affiliate marketing issues. Here Ben talks with Jake Ludington about the current state of fraud and what affiliate managers can do to effectively prevent affiliate fraud. Ben was a keynote at the inaugural Affiliate Management Days in San Francisco.

Here’s the transcript from this interview:

Jake Ludington here at Affiliate Marketing Days and i’m here with Ben Edelman, Assistant Professor at Harvard. You seem to have an interesting fascination with affiliate fraud, is that fair to say?

I love all kinds of fraud. I love catching it most mostly, but it’s not just affiliate fraud. You know other kinds of online advertising are subjective fraud. Other kinds of commerce are subject to fraud and if I can find it I love to tell people what I find.

What are the common of things you are seeing now in the affiliate fraud space now? What are the big gotchas out there right now?

You know, it’s amazing. Nothing is really new. We still see spyware and adware. We still see cookies stuffing. We still see typo squatting. Those are the still the big three that I look at. In other contexts, stolen credit cards, bogus orders, fake leads; certainly those are important for some merchants too.

Are we seeing a lot of repeat offenders or is it always new people that are instigating these things?

I see plenty of both. I see new people. I see old people with new identities. And I see old people with old identities. Old people with old identities, of course, are particularly troubling if word still hasn’t gotten out about some of them, well, you wonder why not.

So what would an affiliate manger do if they wanted to be sure that they are doing their best to avoid fraudulent traffic?

The first thing to do is to read your terms and conditions. Read them and make sure they are very clear on the most important provisions. “When a user visits your site and clicks on a link from your site to our site.” Just put that in there. You may think that’s all assumed and it is in various ways in other agreements, but put if front and center. Then, put some you must nots. You must not use spyware and adware. You must not use pop-ups. You must not use pop unders; cookie stuffing;typo squatting; domain parking. Put about a list of about 10 things that can’t be done. Then your terms are in order and that’s a good first step.

What about the scams we’re seeing like with… BrandVerity gave an example of people using Mechanical Turk to get you to “test out a form”?

So BrandVerity has been really excellent in developing overall capabilities to catch cheaters. Catching cheaters in lots of context, trademark poachers, but also form fillers and others. For the form fillers you’d probably be able to figure it out because you’d call them up, as you would in response to a lead like they, and they wouldn’t be interested. They’d have a conversion rate of zero and you’d be suspicious. How come most of my traffic sources have a conversion rate of ten percent, but this guy is just sitting at zero and always has been? He’s a loser and in fact, I don’t think I’m going to pay him after all.

One of the things I was first made aware of when I first learned about you was that you sort of followed the money trail of a particular malware campaigned back in about 2005 or 2006, I believe. Where is the money trail? I mean obviously you get paid for converting affiliate sales, but where is the money trail leading for these affiliate fraudulent activities?

You know the most common perpetrator remains a white guy in the United States, honestly. I’ve got lots of stories about foreign affiliates, you know someone in Lebanon who cheated you, I’m sure that happens sometimes, but the most common perpetrator remains American, typically male, typically age 20-40, often living below his wealth, so living at a standard of living that doesn’t reflect the large amount of money he’s taking from his victimizing.

That’s a large segment of the population you could have just outed right there!

Yeah, you know, fortunately it’s not everyone who’s doing this, but in terms of the demographics, theres lots of interesting puzzles. Why do men do this more than women? I don’t know. That’s above my pay grade frankly, but that seems to be the pattern we’ve seen over a series of years.

One of the things you talked about during your talk today that was interesting is whether rehabilitation works for these offenders. I gave the example that I was once banned for an affiliate program, but it was genuinely due to an honest mistake and got back in and I have since remained in the program. But is there a possibility of rehabilitation or are these largely people who participate in fraudulent activity and will never really change?

Most of the folks I look at can’t be rehabilitated. They can’t be rehabilitated because their profits from engaging in fraud are so much larger than their profits would be from engaging in legitimate activity. You made an honest mistake. You told me you had the wrong creative. They had changed their creative; changed the way you were supposed to describe a product. Ok. Not everyone can change every web page on one minute’s notice, some guys are busy or make manual changes. That is the kind of mistake a person can make accidentally and in good faith. But the cheaters I mostly look at are creating intentional invisible constructs; JavaScript that spits out some iframe. You don’t do that by accident and you don’t think you were entitled to to do it. You know full well that it wasn’t permitted and you did it anyway. Ok, so you were cheating, you got caught, so what’s the remedy there? It surely shouldn’t be that we give you a second chance to do it again and maybe a third chance after that.

Is there any kind of data sharing that goes on amongst the big affiliate companies to prevent someone from bouncing from say a CJ to a Linkshare to a private affiliate program? You know, we have email blacklists, we have other kinds of blacklists. Is there a repeat offender in the affiliate fraud blacklist?

I don’t know of any such blacklist that is shared amongst the networks. BrandVerity does have a repeat offender list as to the trademark problem that they are focused on. I have a list of the folks that I’ve seen over and over, but I don’t circulate that very broadly. Maybe to my best and closest clients, but even then, it’s pretty sensitive. It could lead to lots of disputes and most of all, if the list is organized at the level of publisher ID, you couldn’t just take a Linkshare publisher ID and copy it into Commission Junction. You’d have to go back to the underlying domain name. There’d be some processing required to make the kind cross-network list you envision.

That sounds like a business opportunity there.

Yeah, you know selling fraud detection services hasn’t been a great of a business for that many people. When I do it, it’s just me in my front bedroom, so there’s very low cost, and I do it just a hobby. I’m pretty efficient at, that makes it work for me. I’d love to see guys turning this into a real business because I do think there’s an important need fulfilled. On the other hand, if I were an investor I’m not sure I’d be jumping to invest here. The fact is it’s a high dispute business, you might have some litigation risk, it’s not clear that many customers want to pay that much for your cross-network service, you have what three big networks you’re going to sell it to? If you’ve got three customers, you are at some risks there. It’s not always an easy business.

What about somebody who’s looking at establishing an affiliate program. Is there a process they should go through to help identify how to prevent affiliate fraud on a particular system they are using?

Step one is to write those good T&C’s, as I mentioned. After that, reviewing every application. If you need to use auto-approve, and some guys do think they need to use auto approve for faster approvals; I understand that. Then for god’s sake after the affiliate makes his first sale take a look at him. Auto-approve him to get in, but have some system, maybe just a file in Excel, where you go and take a look at each affiliate once they’re slated to get paid. After that, when they’re someone who’s numbers don’t add up, their site looks terrible, but they’re supposedly making thousands of dollars of sales, call them up. If they won’t take your call or can’t be reached by phone, that’s already suspicious – delay their payments a month. If they won’t talk to you even when you’re delaying their payments, then there’s something really wrong. A guy should want to talk to you when you’re holding their money.

Is there anything else you would what people to know about preventing affiliate fraud?

Well it’s important to think through where the merchants are on this issue vis-a-vis the networks. You think the network is your friend. The network has a compliance department, they say they’re working hard, you know a big merchant might want to get a rider in their contract. “If you (network) learn that that there is fraud targeting us… If you learn there is fraud by a given affiliate and you learn that affiliate is in our program, you must tell us within ten days.” Networks should agree to that. If they actually know that such and such an affiliate is engaged in fraud and that that affiliate is in your program, they should tell you. Will they agree to put this in a rider? I bet they will if you ask them in the right way, at the right way, if you’re a big merchant. Problem is of course, if you ask them after your contract is already signed or you’re not so big, they may not be in any great hurry to help you.

Becky Doles

Becky is the Senior Content Marketing Manager at TUNE. Before TUNE, she led a variety of marketing and communications projects at San Francisco startups. Becky received her bachelor's degree in English from Wake Forest University. After living nearly a decade in San Francisco and Seattle, she has returned to her home of Charleston, SC, where you can find her enjoying the sun and salt water with her family.