Credit card fraud exists in all forms of ecommerce.
And the business model fueling affiliate
marketing — paying commissions to those
who refer sales — makes it particularly
attractive for scammers to abuse the system.
While hundreds of tools exist to help businesses detect and prevent
such activity, including FraudLogix, CPA Detective, AdSafe,
Brand Verity and ScrubKit, fraudulent transactions still occur and
it is imperative that merchants take preventive measures to help ensure
that they don’t fall prey to the scam.
The Double Whammy
Scamming affiliates look for any way possible to generate sales –
and for many, using stolen credit cards is fair game. The information
is primarily stolen in one of three ways: 1) a card is physically
stolen, 2) information is “skimmed” off the card during a transaction,
or 3) a transaction is “faked,” meaning that the information is
retrieved from the card’s magnetic strip, either by themselves or
someone from whom they buy the information.
Once obtained, fraudulent affiliates use stolen credit card information
to make purchases and thereby drive up commissions.
This is particularly damaging for merchants, who pay a commission
to the affiliate for what was thought to be a legitimate sale and
also get hit with credit card chargeback fees once the cardholder
realizes the information was used fraudulently. (Chargeback fees
are imposed by payment processors whenever they reimburse a
payment back to a card.)
Additionally, beyond the monetary penalties, the more chargebacks
a company endures, the more its reputation suffers. In a
worst-case scenario, a payment processor will cancel its relationship
with a merchant if the chargeback threshold is too high.
What’s a Merchant to Do?
Thankfully, there are a number of things merchants can do to protect
themselves from enterprising fraudulent affiliates.
Work with the Good Guys
Start simple by finding affiliates
through legitimate sources. Only do business with legitimate affiliates
who come through trusted sources and make sure you verify
affiliate signups. Find out where their traffic is coming from, make
sure they’re real people, and don’t pay out until you’ve checked the
quality of users they’ve provided.
Beware of Affiliates Wanting Fast Payments
This should be a big warning sign. Fraudulent affiliates often seek payment
as quickly as possible – they want to get paid and get going
before you figure out their scam.
Call Customers Referred by New Affiliates
If you ever doubt the legitimacy of a transaction, don’t hesitate to call the
customer directly to verify the purchase. Although certainly more
time-consuming, it’s a sure-fire way to ensure everything is legitimate and helps serve as a credibility “gut check” by testing traffic
from new affiliates early on.
Use Verification Systems
Credit card processors don’t
usually verify every piece of information entered during a transaction.
Sometimes a purchase will go through even though the expiration
date, for example, or zip code is incorrect. Make sure you’re
armed with an extra layer of security by using an address verification
system (AVS) or card verification method (CVM), and consider
using payer authentication methods.
Check for Proxies
Investigate any affiliate leads that might
have an anonymous and open proxy IP address as an intermediary
to disguise the location of a user.
Compare Click IP with Conversion IP
Even if affiliates
are using proxies to hide their location, few make sure the IP
address from the user’s “click” matches that from the conversion
page. This simple check will quickly show if transactions are being
made from a single location.
Watch Conversion Times
If users are converting especially
quickly – say, in just a few seconds — it’s almost certainly not a
real user but rather an affiliate using a script to automatically
generate conversions (learn more about conversion times).
I’ve Been Scammed – Now What?
If you’ve followed all these safeguards but still find yourself the
victim of affiliate credit card fraud, you must first and foremost
block the affiliate account. Immediately. Don’t merely stop crediting
them for leads — kill their affiliate link entirely so that no
traffic continues to flow. Affiliate tracking software should make
this process simple.
After you’ve blocked the affiliate account, contact your payment
processor or registration service, the card-issuing bank and the individual
customers whose credit cards were fraudulently used. Try
to work through chargebacks as soon as possible and talk with your
payment processor to see if associated fees can be waived because
of the fraud.
The most important thing to keep in mind, however, is to prevent
fraudulent affiliates from being able to use stolen credit cards
in the first place — which the tips outlined above should help you
accomplish. And remember, the best part about running your own
affiliate program is that you choose who you get to do business
with. Find affiliates that you can trust.
About the Author: Lucas Brown is the CEO of affiliate tracking software provider HasOffers,
and he has a background as both an affiliate and affiliate network