Credit card fraud exists in all forms of ecommerce. And the business model fueling affiliate marketing — paying commissions to those who refer sales — makes it particularly attractive for scammers to abuse the system.

While hundreds of tools exist to help businesses detect and prevent such activity, including FraudLogix, CPA Detective, AdSafe, Brand Verity and ScrubKit, fraudulent transactions still occur and it is imperative that merchants take preventive measures to help ensure that they don’t fall prey to the scam.

The Double Whammy

Scamming affiliates look for any way possible to generate sales – and for many, using stolen credit cards is fair game. The information is primarily stolen in one of three ways: 1) a card is physically stolen, 2) information is “skimmed” off the card during a transaction, or 3) a transaction is “faked,” meaning that the information is retrieved from the card’s magnetic strip, either by themselves or someone from whom they buy the information.

Once obtained, fraudulent affiliates use stolen credit card information to make purchases and thereby drive up commissions. This is particularly damaging for merchants, who pay a commission to the affiliate for what was thought to be a legitimate sale and also get hit with credit card chargeback fees once the cardholder realizes the information was used fraudulently. (Chargeback fees are imposed by payment processors whenever they reimburse a payment back to a card.)

Additionally, beyond the monetary penalties, the more chargebacks a company endures, the more its reputation suffers. In a worst-case scenario, a payment processor will cancel its relationship with a merchant if the chargeback threshold is too high.

What’s a Merchant to Do?

Thankfully, there are a number of things merchants can do to protect themselves from enterprising fraudulent affiliates.

Work with the Good Guys

Start simple by finding affiliates through legitimate sources. Only do business with legitimate affiliates who come through trusted sources and make sure you verify affiliate signups. Find out where their traffic is coming from, make sure they’re real people, and don’t pay out until you’ve checked the quality of users they’ve provided.

Beware of Affiliates Wanting Fast Payments

This should be a big warning sign. Fraudulent affiliates often seek payment as quickly as possible – they want to get paid and get going before you figure out their scam.

Call Customers Referred by New Affiliates

If you ever doubt the legitimacy of a transaction, don’t hesitate to call the customer directly to verify the purchase. Although certainly more time-consuming, it’s a sure-fire way to ensure everything is legitimate and helps serve as a credibility “gut check” by testing traffic from new affiliates early on.

Use Verification Systems

Credit card processors don’t usually verify every piece of information entered during a transaction. Sometimes a purchase will go through even though the expiration date, for example, or zip code is incorrect. Make sure you’re armed with an extra layer of security by using an address verification system (AVS) or card verification method (CVM), and consider using payer authentication methods.

Check for Proxies

Investigate any affiliate leads that might have an anonymous and open proxy IP address as an intermediary to disguise the location of a user.

Compare Click IP with Conversion IP

Even if affiliates are using proxies to hide their location, few make sure the IP address from the user’s “click” matches that from the conversion page. This simple check will quickly show if transactions are being made from a single location.

Watch Conversion Times

If users are converting especially quickly – say, in just a few seconds — it’s almost certainly not a real user but rather an affiliate using a script to automatically generate conversions (learn more about conversion times).

I’ve Been Scammed – Now What?

If you’ve followed all these safeguards but still find yourself the victim of affiliate credit card fraud, you must first and foremost block the affiliate account. Immediately. Don’t merely stop crediting them for leads — kill their affiliate link entirely so that no traffic continues to flow. Affiliate tracking software should make this process simple.

After you’ve blocked the affiliate account, contact your payment processor or registration service, the card-issuing bank and the individual customers whose credit cards were fraudulently used. Try to work through chargebacks as soon as possible and talk with your payment processor to see if associated fees can be waived because of the fraud.

The most important thing to keep in mind, however, is to prevent fraudulent affiliates from being able to use stolen credit cards in the first place — which the tips outlined above should help you accomplish. And remember, the best part about running your own affiliate program is that you choose who you get to do business with. Find affiliates that you can trust.

About the Author: Lucas Brown is the CEO of affiliate tracking software provider HasOffers, and he has a background as both an affiliate and affiliate network owner.