Results 1 to 5 of 5
  1. #1
    Join Date
    January 17th, 2005
    My name is Aaron Graham, I graduated last year and am now undertaking research as a postgraduate in Information security and would love to further develop affiliate marketing fraud as my main focus. Obviously artificial threats such as proxy bots and cheat scripts have implications for anyone wanting to start an affiliate commission system, this coupled with the inherent vulnerabilities that exist with any web based marketing system i.e. manipulated traffic. Myself and some other members of the Information security group (assisting me) would be interested in collating and diagnosing the affiliate marketing fraud problem through collecting information on the percieved vulnerabilities in the technology and implementation. I would be very interesting in developing some solutions to the problem, such as figuratively fingerprinting clickers to gain a stronger sense of uniqeness or perhaps designing a customer quality algorithm. If any of you have any guidance, connections, previous prevention mechanisms, scripts etc. it would be very helpful.Until now I have found it difficult to find technologically descriptive material, which is unfortunate for a potentially big Information security issue. Any feedback would be great.


  2. #2
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    St Clair Shores MI.
    I would imagine the forums at the third world affiliate networks would be a good source for info on click cheats. No reputable network wants anything to do with policing the script kiddies who flourished in the late 90's. Do some searches on the script sites and try the P2P thievery networks like Morpheus -Kazaa -Grockster as those users will sell CyberCrime scripts if you wire the money to Pakiland -Siberia or the Balkins.

    Better project would be diversion tactics widely used within the affiliate merchant ranks. Take Dell on as an example, since they are the kings at it.

    Articals referencing the Nov 7th network meeting abound so this should be a great case study on parasitic BHO adware programs and how they pilfer commisisons. Look all over this site for references and articles.

    We, the affiliates and merchants of ABestWeb™, submit for the respective Ad Networks review, this "Honesty & Fair Practice" statement for the industry standards meeting on November 7th, 2002.


    1. ParasiteWare™ is technology (eg. bho's, browser plug-ins, toolbars or pop ups/sliders) used to retain or acquire new customers that knowingly or unknowingly undermines or removes another affiliate's ability to compete by changing , intercepting or redirecting a link from the originating link. Parasiteware™ may be installed intentionally or unknowingly by the end user altering their normal web browser functions and/or installing a 3rd party application that works through the user's altered browser.

    In order to utilize the the services offered by [insert network name] all affiliates and merchants, as defined below, must agree to use honest and ethical business practices as defined by existing USA and International business and criminal laws. Any action -misrepresentation or software application that circumvents or violates existing or future laws will be just cause for immediate termination from the [insert network name] affiliate network with loss of all network benefits and acrued commissions.

    *MERCHANT: A licensed business who collects money for products or services and takes responsibility for the delivery of the same to their customer. Merchants agree to pay all commissions derived by honest affiliate sales activity in a timely manner and devulge any activities that negate referral commissions. Those entities who agree to pay commissions on the [insert network name] network trackable actions, who are not involved in delivering a billable product or service, will be clearly marked as "special class merchants" during the affiliate signup process.

    AFFILIATE: An easily identifiable hosted domain who seeks commissions for driving targeted traffic to [insert network name] merchants using trackable affiliate coded links assigned to them. In order to qualify for a commission an affiliate has to originate the trackable click from their own authorized domain or from an e-mail marketing piece identifying their authorized domain.


    Part 2: Merchant must divulge in their profile if they use any of the following diversion tactics:

    a] Whether the merchant uses a 800# call center that either acts as an affiliate or works on a commission basis without recording original referral ID# for commission credits.

    b] Third party gift certificate or gift registry services, who themselves are earning affiliate commissions by swapping their ID# with original referrers.

    c] This merchant selectively approves and works with "incent" and reward affiliates.

    d] The merchant's number of return cookie days and whether they are disabled after the first sale. ( no need to single out CJ for this request)

    e] This merchant has passed all network test purchase transactions done on a random basis at least once a month.

    f] Some sections of this merchant's website contain non-commissionable products or links to partner sites that do not track commissionable sales.

    g] This is a special class merchant who offers commissions based upon recruiting customers for outside parties or offers loyality shopping incentives.

    WebMaster Mike

  3. #3
    Join Date
    January 17th, 2005
    Do you know of any open source fraud detection software that exists i.e. CGI JSP. Or perhaps a document for merchants who want to start affiliate programs and would identify some of the weaknesses and how to combat them?
    I need to find something that consolidates the fraud issue in a technical way??
    any ideas?


  4. #4
    ABW Ambassador
    Join Date
    January 17th, 2005
    Look in the "merchants against parasites forum" o this site and you'll get a feel for what parasites exist at what activity level and you can easily track down how they operate individually.

    What you wont see is what is likely a vast number of other parasites being undetected such as screen savers, search engines that are rewritting scripts and serving them themselves, and popup blockers that are perfect applications for diverting funds without suspicion ever being rasied.

    The ability to override an affiliate link exists both on the web server side as well as by any desktop application.

    On a technical level, the desktop application can hook into and watch the windows message queue along with using standard HTTP hook API's provided with the windows interface to see what is going on in an IE session. See the "IEHelper" or "Browser Helper Object" information available from Microsoft. Here is an old but probably useful intro that you can use as a starting point on a technical level.;Q179230&

    Once an application has it's hooks in with the helper object, it can monitor urls being visited and can easily start it's progams and or windows with hidden states to accomplish clicks to overwrite an affiliate id with or without the user knowing it. In the case of a popup, the user/affiliate sees it and may become suspicious -other methods yield no clue the link was overwritten.

    I don't have direct knowledge of the specific techniques actually being used (I'm dont develop parasite applications) but do have a lot of windows development experience and am very familiar with the windows messaging process and the underlying API's used to develop applications with.

    Hope this helps.

  5. #5
    Join Date
    January 17th, 2005
    "Parasite" as what everyone seems to be calling it (hi-jacking affiliate links), is one of the main reasons that I've been searching out affiliate related forums, and to your credit, this forum seems to be one of the better ones...

    Anyway, since this is a new topic for me, I can't really make any compelling arguments... until I learn a bit more about it.

    Nevertheless, I'd like to emplore you on your project, in whatever direction it takes you.

    I think there'd be a certain risk in participating in this sort of theft. And from that standpoint, perhaps you should investigate and target those companies who would have the most to lose should they get caught, and have not only criminal actions to answer to, but civil liabilities as well.

    I imagine some good targets to start with, would be ISP access services, site hosting, search engines, and shopping malls.

    Personally, I feel that the entire affiliate industry is merchant driven. And in consideration of typical shoppng behavior and the restrictions in place, in many cases little to nothing goes to the affiliates, even though they made a measurable contribution to the marketing process.

    I'll comment more on it later...

    [This message was edited by ET on June 04, 2003 at 07:21 PM.]

  6. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Merchant fraud, affiliate fraud, or just fraud?
    By Catwoman in forum ShareASale - SAS
    Replies: 1
    Last Post: January 28th, 2005, 11:08 AM
  2. CJ needs stricter Fraud prevention for Publisher Accounts
    By FreeDebt in forum Commission Junction - CJ
    Replies: 4
    Last Post: March 25th, 2003, 12:23 PM
  3. affiliate fraud prevention development proposal
    By aarongraham in forum Midnight Cafe'
    Replies: 0
    Last Post: November 6th, 2002, 10:48 AM
  4. Affiliate Partner Proposal
    By webby in forum Midnight Cafe'
    Replies: 0
    Last Post: March 16th, 2002, 08:36 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts