Results 1 to 5 of 5
  1. #1
    Newbie
    Join Date
    March 24th, 2009
    Posts
    22
    Exclamation sale tracking tampering question
    I am looking at "Correct conversion tracking example" How to test conversion pixel tracking - Google Affiliate Network Help

    And I am shocked how simple the tracking is. Just merchant id, order id, amount, currency. No unique token, encryption, or anything that would prevent somebody else to modify and use this link as they would like.

    Required fields: Sample pixel code only - DO NOT USE

    <img src="https://gan.doubleclick.net/gan_conversion?advid=K123456&oid=12345&amt=123.45&fxsrc=USD" width=1 height=1>
    So is there anything, that would prevent somebody to push a ton of bogus orders into merchant account just by putting random oid and amt and calling that link (assuming they have the cookie set for the given merchant)? Of course there will be no sales matching in the merchant system, but still...

    Is it a problem and is there a solution for that?

    Have anyone encountered such problem and had to cancel bunch of bogus sales in their advertiser account (in any affiliate network, not necessarily GAN)?

  2. #2
    Affiliate Manager
    Join Date
    February 22nd, 2012
    Location
    Raleigh-Durham, NC
    Posts
    56
    It is a little odd they include the amt. in the actual referral structure. It seems like prime bait for an affiliate spammer to write a script to hijack both the referral source/Id as well as the amount and alter them to their liking. Unless GAN has some way of matching it to a pre-set, defined, order ID's and accepting or denying on these terms- it does seem a little open.

    A lot of self-hosted as well as networks use the Ref/Aff ID in the structure. Perhaps 2013 will be the year of providing more "securer" ways of passing attribution (perhaps a combination of cookie and HTTP referrer verification). Thanks for the post!

  3. #3
    OPM and Moderator Chuck Hamrick's Avatar
    Join Date
    April 5th, 2005
    Location
    Park City Utah
    Posts
    16,646
    I take it you completed an order to get that pixel code? The pixel code is private and only for that order.

  4. #4
    Newbie
    Join Date
    March 24th, 2009
    Posts
    22
    I see CJ uses (or was using in 2003) the same method (http://www.abestweb.com/forums/commi...-faq-3693.html)
    Upon completion of the checkout process, transaction information is sent to CJ via a 1x1 clear pixel. A merchant sends the order subtotal, the merchant ID, and Order ID and the KEEP=YES value.
    Are there safer alternatives possible (besides batch processing), or there is nothing to worry about?

  5. #5
    OPM and Moderator Chuck Hamrick's Avatar
    Join Date
    April 5th, 2005
    Location
    Park City Utah
    Posts
    16,646
    I've been running programs since 2005 and haven't had an issue.

  6. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. tracking question
    By singer.joseph in forum Midnight Cafe'
    Replies: 12
    Last Post: February 20th, 2013, 09:49 AM
  2. Help - Have a question about tracking
    By melty in forum Midnight Cafe'
    Replies: 0
    Last Post: August 31st, 2006, 11:00 PM
  3. Pixel Tracking Question.. (Tech Question)
    By CoolAffiliate in forum Midnight Cafe'
    Replies: 1
    Last Post: August 14th, 2006, 01:40 AM
  4. Tracking question - what would you do..
    By Kend in forum Midnight Cafe'
    Replies: 6
    Last Post: September 3rd, 2005, 01:51 PM
  5. Another Tracking Question
    By tompyles in forum Commission Junction - CJ
    Replies: 3
    Last Post: November 23rd, 2001, 01:29 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •