How to pay for one client 3 times and not even know about it: Practical case "Audiomania"
Affiliate marketing is a situation in the market when one business pays another for “bringing” customers to the site. For example, if a user follows an affiliate link from site X to the site of Audiomania and buys a speaker system, then partner X receives a percentage of this transaction. But in practice, things are not so smooth.
Photo by Jana Reifegerste / CC
The World Wide Web has a huge number of sites - large and small. Many of their owners tend to make money from advertising. With the placement of advertising on large sites, everything is quite transparent - you can contact them directly or to an authorized agency. If placed on small platforms, you have to monitor everything yourself and negotiate all the conditions separately. Not to mention the fact that all this may be disadvantageous, given the fixed costs.
')
Affiliate networks are called upon to solve these problems, referring to which, you get access to a huge webmasters base. You pay only one bill - an affiliate network account - and she is already engaged in the distribution of funds between partners, withholding a certain percentage for services.
Fraud is a scourge of digital advertising that webmasters and marketers face. The last time in affiliate marketing began to appear a lot of fraudulent schemes and fraud. Using technical "holes" and, sometimes, the inexperience of advertisers, attackers receive money for allegedly attracted orders, to which they have nothing to do.
There are two most common types of fraud. The first is cookie stuffing, the second, the same in essence, but different in mechanics, is toolbar. It is probably better to start here by explaining what a cookie is. A cookie (English cookie, literally - a cookie) is a small piece of data posted by a website in a user's browser.
Sites use cookies to store user data, such as account information or the status of a shopping cart in an online store. Cookies are also used to collect information necessary for displaying contextual advertising, as well as in partner programs for identifying users brought into the project by partner companies.
But sometimes it happens that the fraudster gets the money for the purchase, as if “convincing” the advertiser that he has attracted the client. Here is the cookie stuffing. This is a situation where someone, having access to a large amount of traffic, slips a cookie from different stores to all visitors. Cookies are stored in the browser for, say, a month (which is enough for a large online store), so there is a high probability that during this period the user will make a purchase on one of the resources. The online store will think that the buyer is led by a fraudster partner, and will pay the latter a reward. In fact, this is the appropriation of money for the merits of others.
Various methods are used to set up fraudulent cookies. For example, you come to an entertainment site, but in parallel with the page you need, you also download several pages of other sites. And you will not see them, since these pages are loaded into a “point” with the size of 1x1 pixels. Only your browser will see these pages and get “cookies”.
This is done with the help of the iframe html tag, which allows you to load one web page inside another, or img tag. Thus, without suspecting anything, you “visit” a dozen online stores with affiliate tags. Now for your probable orders in one or more of them, the advertiser will pay the "unscrupulous" partner money.
As for the second type of fraud, the toolbar is an extension for the browser that calls frequently used functions or offers some additional functionality. For example, such a panel can display the weather forecast, monitor mail or block ads.
Since the toolbar has access to downloadable web pages, it can “interfere” with their work. Therefore, he is able to redirect the visitor to another address - and this will be the same site, only with an affiliate tag from the creator of the toolbar or the one who paid him.
Thus, it becomes unimportant where the store visitor actually came from, this “pseudo partner” claimed his rights to him. And in affiliate marketing it is customary to take into account only the last "transition". If the client now makes a purchase, then the utility owner will have to pay for it. Moreover, this type of fraud is often used not only in toolbars - Trojans penetrating the user's system and modified routers on Wi-Fi hotspots are used. It even happens that you go to one page and throws you onto another, similar in subject, but with an affiliate tag. This often happens when working with booking sites for hotels and air tickets.
This problem is quite serious, since more and more projects are connecting to referral programs. The larger the project and the more customers and advertising it has, the more risk it is exposed. Moreover, the risk of not only paying partners who did not bring any customers, but also offending normal partners who had previously attracted legitimate traffic, which is the source of the order.
But competent work with partner networks is far from just fighting fraud. In order to effectively interact with partner networks regardless of fraud availability, it is necessary to use an advertising container - a special module for the site, which allows you to determine which advertising channel the sale should be counted for.
Note that any network before starting work will require placing on the page of your site a few “pixels” - a couple of lines of html / javascript code. One type of pixel will be located on each page of the site, the other - where the completion of the order. The first is needed in order to record the arrival of a potential client and to set a cookie in his browser with information about a particular partner - the source of traffic. The second is a conversion pixel, which checks the availability of the desired cookie by the client and informs the partner network about the transaction.
To avoid this situation, you need to call the pixels of the affiliate network only when necessary. The pixel located on each page of the site can only be called if the corresponding tags are in the address line to your site. The conversion pixel can be “woken up” only for the network whose partner brought the visitor last. It is his cookie that will be considered active.
Moreover, the advertising container allows you to take into account other advertising channels, for example, Yandex.Market or contextual advertising. It’s up to you to consider the other channels in the container or to create competition only within partner networks.
More about the advertising container and working with several advertising channels Timofey Shikolenkov tells in this presentation:
You should also pay attention to the method of implementing the advertising container from Mikhail Garkunov, one of the leading experts on affiliate marketing in RuNet. His article can be found at the link .
Once again, we note that the topic of fraud remains quite relevant in the marketing environment. As a confirmation, one of the last high-profile cases in the United States can be cited when marketer Shawn Hogan (Shawn Hogan) helped “deceive” eBay with $ 28 million before the company caught the FBI and caught it. Moreover, last year we personally faced this unpleasant problem (not on such a scale, but still).
Since March 1, 2010, the Admitad system is functioning on the market - a network of affiliate programs with payment for a specific user action (CPA), which allows webmasters to earn money by attracting customers to online stores.
“Audiomania” has been working with it for quite a long time: participation in the affiliate program allows you to get new customers and acquire additional income in the amount of several hundred thousand rubles a month. Ideally, all project participants should be satisfied: one side gets the client, and the other - the percentage of sales.
But last year we got into a “non-ideal” situation, faced with the problem of cookie stuffing. Our attention was attracted by too much traffic from the Admitad network, although most of the audience coming from there just opened the main page and did not go anywhere (looking ahead, we say that Admitad took this problem seriously and helped us throughout " investigations "and compensated for the losses from the actions of dishonest partners). We began to understand the situation.
In the first hours it was established that several members of the Admitad network were engaged in cookie stuffing at once (this was later confirmed by the Admitad support service). I had to contact the network technical support and transfer all the data received to them. In parallel with this, we began to develop a utility that would ban unclean partners. We began to track the movement of each client on the site and count the number given by each partner.
To do this, we created a log analyzer that looked for multiple visits from a single partner ID (admitad_uid) in the web server logs. If one particular partner — whose identifier was transmitted by the partner network — in the last 5 minutes, more than twenty visitors came from different IP addresses, each of which did not go beyond one page, then the partner's identifier was sent to the ban, and the cookie was stopped when the traffic went put. At the same time, traditional web analytics systems did not see this traffic at all, because when the site is loaded via tags not intended for this, JavaScript is not executed.
After filtering the collection of collected data, we saw that almost a hundred registered Admitad partners are engaged exclusively in cookie stuffing and receive money for it. And behind all this were serious systems - people "scrolled" through the "left" traffic a huge number of Admitad advertisers.
At the same time, the attackers used special load balancing tools - the pages of one advertiser did not load more than 1 time in 10 seconds in order not to overload the advertiser’s website, and the cookie installation commands connected to banners via img src with style = display: none right during the redirect.
After reviewing the logs, we found an interesting pattern: all pseudo-visits began with a call from a specific server, which probably checked the speed of the site and the ability to set a cookie. If everything suited him, then the process started. Here is an example of such traffic.
Having worked this moment, we found that the automation was built into a number of large banner networks, in which, during the transition through the banner and the accompanying redirect, a “virtual access” of the user to several sites of advertisers was carried out in order to set a cookie. Semi-legal formats of earnings reached partner networks: first, listening to music services, now this.
On this, it would seem, it is possible to finish, because the problem is solved, the monitoring system is working, and the “unclean” partners are blocked. But it became interesting to us how deeply the roots of this enterprise go. We decided to analyze the traffic for the month and found another 6 thousand unique admitad_uid.
Then we launched a script that processed the traffic logs for six months. It turned out that the number of admitad_uid is growing almost exponentially - 32393 unique identifiers. The problem acquired a serious scope, so the system for catching fraudsters in other partner networks was further implemented, and it turned out that the “bad guys” - in the case of “Audiomania” - work only with Admitad. Despite this fact, monitoring systems for other partner networks were left, and alerts for strange traffic were set up. Just in case.
For a couple of months, these guys “earned” 127,122 rubles only on our orders. We sent all this information to the affiliate network - this traffic went past them, and they didn’t know anything about it - they promised to strengthen controls, and also compensated us for the loss! Thus, the information provided helped to detect and block the deceivers and get their money back. Now we regularly report suspicious activity to various partner networks.
The main reason for the appearance of fraudsters is the fact that there is little good selling traffic in RuNet and many insufficiently competent advertisers. Therefore, people are trying to invent new illegal schemes. And to prosecute for this type of fraud is almost impossible. Easy Money. Due to the inefficiency of servicing the “white” craftsmen, some companies have decided to turn off the channel or suspend activities in the CPA. However, many are still not ready to give up the several hundred thousand or even millions of rubles of income that an honest program can bring.
Therefore, the methodology of the affiliate program has to be ground. In its current state, it seems to be unreliable and with a lot of “holes”. The problem of stuffing can be solved if you start taking into account not the number of visits, but the behavior of users on the site: how much time they spent on the page where they clicked, what links they opened, and so on.
Another way to clean the "unscrupulous" partners is to track the ratio of clicks to sales. In most cases, partners who resort to cookie stuffing have unusually high conversion rates (according to the partner network) against the background of the content they offer. After all, fraudulent traffic goes past them.
It also makes sense to approve all affiliate program participants who will promote your product on the Internet, manually, that is, to work with a small group of webmasters. In this case, you get the opportunity to monitor their behavior and even collect statistics and information about them on the network - in such conditions it becomes much easier to calculate the cookie stuffers.
If webmasters are not selected manually, for any reason, it does not work, then it is necessary to use new means of protection to combat fraud in order not to offend honest partners who receive less profit due to fraudulent schemes.
Audiomania went along this path by creating a simple log analyzer that monitors the file where the web server records information on any requests. Even if you do not have your own server, but hosting, you should have access to the Apache log (contact your provider). The number of attempts to deceive us has drastically decreased, and today it is almost zero.
As for toolbars, you only need to determine when the visitor was on your site the last time. To do this, you can put an additional cookie and check it every time you open the page. If an affiliate tag suddenly appears in the address bar, and the potential client was on the site “just now”, you simply ignore it.
By the way, such a measure is also suitable for protection from the so-called passive coupon sites offering discount coupons or promotional codes, but not at all engaged in promotion or independent search for customers. Similar sites in partner networks have recently become too many. The reasons are the same.
As a rule, they don’t have their own traffic at all, so all they do is wait for someone to come to them from a search engine at the request of the “audio add-on promo code” type. Then they redirect the visitor back to the site, even if there are no promotional codes there. That is, this is another type of “stuffing”, when a person leaves during checkout and returns from the coupon site, which becomes the last one, which means it is paid.
If you are unable to implement such fraud protection tools, you can use ready-made service solutions that will do everything for a certain monthly fee. But do not forget to calculate and compare the cost of in-house development and continuous payment services every day.
Well, we hope that the measures taken by us will help avoid the occurrence of similar situations in the future. Other companies want to honestly warn that cookie stuffing is not just minor mischief, but the systematic work of unscrupulous partners, leading to the loss of significant amounts even for not very large companies, which can and should be stopped.
Photo by Jana Reifegerste / CCThe World Wide Web has a huge number of sites - large and small. Many of their owners tend to make money from advertising. With the placement of advertising on large sites, everything is quite transparent - you can contact them directly or to an authorized agency. If placed on small platforms, you have to monitor everything yourself and negotiate all the conditions separately. Not to mention the fact that all this may be disadvantageous, given the fixed costs.
')
Affiliate networks are called upon to solve these problems, referring to which, you get access to a huge webmasters base. You pay only one bill - an affiliate network account - and she is already engaged in the distribution of funds between partners, withholding a certain percentage for services.
A little bit about sad
Fraud is a scourge of digital advertising that webmasters and marketers face. The last time in affiliate marketing began to appear a lot of fraudulent schemes and fraud. Using technical "holes" and, sometimes, the inexperience of advertisers, attackers receive money for allegedly attracted orders, to which they have nothing to do.
There are two most common types of fraud. The first is cookie stuffing, the second, the same in essence, but different in mechanics, is toolbar. It is probably better to start here by explaining what a cookie is. A cookie (English cookie, literally - a cookie) is a small piece of data posted by a website in a user's browser.
Sites use cookies to store user data, such as account information or the status of a shopping cart in an online store. Cookies are also used to collect information necessary for displaying contextual advertising, as well as in partner programs for identifying users brought into the project by partner companies.
But sometimes it happens that the fraudster gets the money for the purchase, as if “convincing” the advertiser that he has attracted the client. Here is the cookie stuffing. This is a situation where someone, having access to a large amount of traffic, slips a cookie from different stores to all visitors. Cookies are stored in the browser for, say, a month (which is enough for a large online store), so there is a high probability that during this period the user will make a purchase on one of the resources. The online store will think that the buyer is led by a fraudster partner, and will pay the latter a reward. In fact, this is the appropriation of money for the merits of others.
Various methods are used to set up fraudulent cookies. For example, you come to an entertainment site, but in parallel with the page you need, you also download several pages of other sites. And you will not see them, since these pages are loaded into a “point” with the size of 1x1 pixels. Only your browser will see these pages and get “cookies”.
This is done with the help of the iframe html tag, which allows you to load one web page inside another, or img tag. Thus, without suspecting anything, you “visit” a dozen online stores with affiliate tags. Now for your probable orders in one or more of them, the advertiser will pay the "unscrupulous" partner money.
As for the second type of fraud, the toolbar is an extension for the browser that calls frequently used functions or offers some additional functionality. For example, such a panel can display the weather forecast, monitor mail or block ads.
“There may be useful tools among them, but few of them,” says Timofey Shikolenkov, director of marketing and business development for Audiomania. “However, the problem here is not in themselves, but in the methods of their monetization”.
Since the toolbar has access to downloadable web pages, it can “interfere” with their work. Therefore, he is able to redirect the visitor to another address - and this will be the same site, only with an affiliate tag from the creator of the toolbar or the one who paid him.
Thus, it becomes unimportant where the store visitor actually came from, this “pseudo partner” claimed his rights to him. And in affiliate marketing it is customary to take into account only the last "transition". If the client now makes a purchase, then the utility owner will have to pay for it. Moreover, this type of fraud is often used not only in toolbars - Trojans penetrating the user's system and modified routers on Wi-Fi hotspots are used. It even happens that you go to one page and throws you onto another, similar in subject, but with an affiliate tag. This often happens when working with booking sites for hotels and air tickets.
“There is no need to go far for an example. In one of the hotels where I was during the New Year holidays, there was a “built-in” server serving Wi-Fi, ”says Timofey. - When I entered Booking.com, I was redirected to the same site, only with affiliate tag Admitad. Unfortunately, the hotel administration is not able to even understand the essence of the issue. Still works! ".
This problem is quite serious, since more and more projects are connecting to referral programs. The larger the project and the more customers and advertising it has, the more risk it is exposed. Moreover, the risk of not only paying partners who did not bring any customers, but also offending normal partners who had previously attracted legitimate traffic, which is the source of the order.
But competent work with partner networks is far from just fighting fraud. In order to effectively interact with partner networks regardless of fraud availability, it is necessary to use an advertising container - a special module for the site, which allows you to determine which advertising channel the sale should be counted for.
Note that any network before starting work will require placing on the page of your site a few “pixels” - a couple of lines of html / javascript code. One type of pixel will be located on each page of the site, the other - where the completion of the order. The first is needed in order to record the arrival of a potential client and to set a cookie in his browser with information about a particular partner - the source of traffic. The second is a conversion pixel, which checks the availability of the desired cookie by the client and informs the partner network about the transaction.
“Now imagine that you are working with several partner networks. Traffic can come sequentially from different places, each of which can belong to different partners of different partner networks, explains Timofey. - If a cookie is placed on each call, and then, when placing an order, all conversion pixels work, then you will have to pay several orders for one order. You will give money to each affiliate network whose traffic precedes the transaction. ”
To avoid this situation, you need to call the pixels of the affiliate network only when necessary. The pixel located on each page of the site can only be called if the corresponding tags are in the address line to your site. The conversion pixel can be “woken up” only for the network whose partner brought the visitor last. It is his cookie that will be considered active.
Moreover, the advertising container allows you to take into account other advertising channels, for example, Yandex.Market or contextual advertising. It’s up to you to consider the other channels in the container or to create competition only within partner networks.
More about the advertising container and working with several advertising channels Timofey Shikolenkov tells in this presentation:
You should also pay attention to the method of implementing the advertising container from Mikhail Garkunov, one of the leading experts on affiliate marketing in RuNet. His article can be found at the link .
Once again, we note that the topic of fraud remains quite relevant in the marketing environment. As a confirmation, one of the last high-profile cases in the United States can be cited when marketer Shawn Hogan (Shawn Hogan) helped “deceive” eBay with $ 28 million before the company caught the FBI and caught it. Moreover, last year we personally faced this unpleasant problem (not on such a scale, but still).
What happened
Since March 1, 2010, the Admitad system is functioning on the market - a network of affiliate programs with payment for a specific user action (CPA), which allows webmasters to earn money by attracting customers to online stores.
“Audiomania” has been working with it for quite a long time: participation in the affiliate program allows you to get new customers and acquire additional income in the amount of several hundred thousand rubles a month. Ideally, all project participants should be satisfied: one side gets the client, and the other - the percentage of sales.
But last year we got into a “non-ideal” situation, faced with the problem of cookie stuffing. Our attention was attracted by too much traffic from the Admitad network, although most of the audience coming from there just opened the main page and did not go anywhere (looking ahead, we say that Admitad took this problem seriously and helped us throughout " investigations "and compensated for the losses from the actions of dishonest partners). We began to understand the situation.
In the first hours it was established that several members of the Admitad network were engaged in cookie stuffing at once (this was later confirmed by the Admitad support service). I had to contact the network technical support and transfer all the data received to them. In parallel with this, we began to develop a utility that would ban unclean partners. We began to track the movement of each client on the site and count the number given by each partner.
To do this, we created a log analyzer that looked for multiple visits from a single partner ID (admitad_uid) in the web server logs. If one particular partner — whose identifier was transmitted by the partner network — in the last 5 minutes, more than twenty visitors came from different IP addresses, each of which did not go beyond one page, then the partner's identifier was sent to the ban, and the cookie was stopped when the traffic went put. At the same time, traditional web analytics systems did not see this traffic at all, because when the site is loaded via tags not intended for this, JavaScript is not executed.
“After the system was launched, I received an alert every 5 minutes, and within three hours most of the unscrupulous partners were caught,” says Timofey.
After filtering the collection of collected data, we saw that almost a hundred registered Admitad partners are engaged exclusively in cookie stuffing and receive money for it. And behind all this were serious systems - people "scrolled" through the "left" traffic a huge number of Admitad advertisers.
At the same time, the attackers used special load balancing tools - the pages of one advertiser did not load more than 1 time in 10 seconds in order not to overload the advertiser’s website, and the cookie installation commands connected to banners via img src with style = display: none right during the redirect.
After reviewing the logs, we found an interesting pattern: all pseudo-visits began with a call from a specific server, which probably checked the speed of the site and the ability to set a cookie. If everything suited him, then the process started. Here is an example of such traffic.
Having worked this moment, we found that the automation was built into a number of large banner networks, in which, during the transition through the banner and the accompanying redirect, a “virtual access” of the user to several sites of advertisers was carried out in order to set a cookie. Semi-legal formats of earnings reached partner networks: first, listening to music services, now this.
On this, it would seem, it is possible to finish, because the problem is solved, the monitoring system is working, and the “unclean” partners are blocked. But it became interesting to us how deeply the roots of this enterprise go. We decided to analyze the traffic for the month and found another 6 thousand unique admitad_uid.
Then we launched a script that processed the traffic logs for six months. It turned out that the number of admitad_uid is growing almost exponentially - 32393 unique identifiers. The problem acquired a serious scope, so the system for catching fraudsters in other partner networks was further implemented, and it turned out that the “bad guys” - in the case of “Audiomania” - work only with Admitad. Despite this fact, monitoring systems for other partner networks were left, and alerts for strange traffic were set up. Just in case.
For a couple of months, these guys “earned” 127,122 rubles only on our orders. We sent all this information to the affiliate network - this traffic went past them, and they didn’t know anything about it - they promised to strengthen controls, and also compensated us for the loss! Thus, the information provided helped to detect and block the deceivers and get their money back. Now we regularly report suspicious activity to various partner networks.
Why is this happening - and how to deal with it
The main reason for the appearance of fraudsters is the fact that there is little good selling traffic in RuNet and many insufficiently competent advertisers. Therefore, people are trying to invent new illegal schemes. And to prosecute for this type of fraud is almost impossible. Easy Money. Due to the inefficiency of servicing the “white” craftsmen, some companies have decided to turn off the channel or suspend activities in the CPA. However, many are still not ready to give up the several hundred thousand or even millions of rubles of income that an honest program can bring.
Therefore, the methodology of the affiliate program has to be ground. In its current state, it seems to be unreliable and with a lot of “holes”. The problem of stuffing can be solved if you start taking into account not the number of visits, but the behavior of users on the site: how much time they spent on the page where they clicked, what links they opened, and so on.
Another way to clean the "unscrupulous" partners is to track the ratio of clicks to sales. In most cases, partners who resort to cookie stuffing have unusually high conversion rates (according to the partner network) against the background of the content they offer. After all, fraudulent traffic goes past them.
It also makes sense to approve all affiliate program participants who will promote your product on the Internet, manually, that is, to work with a small group of webmasters. In this case, you get the opportunity to monitor their behavior and even collect statistics and information about them on the network - in such conditions it becomes much easier to calculate the cookie stuffers.
If webmasters are not selected manually, for any reason, it does not work, then it is necessary to use new means of protection to combat fraud in order not to offend honest partners who receive less profit due to fraudulent schemes.
Audiomania went along this path by creating a simple log analyzer that monitors the file where the web server records information on any requests. Even if you do not have your own server, but hosting, you should have access to the Apache log (contact your provider). The number of attempts to deceive us has drastically decreased, and today it is almost zero.
As for toolbars, you only need to determine when the visitor was on your site the last time. To do this, you can put an additional cookie and check it every time you open the page. If an affiliate tag suddenly appears in the address bar, and the potential client was on the site “just now”, you simply ignore it.
“The time that is meant by“ just that ”can be different,” says Timofey. - I recommend to set no more than 5 minutes. It is with a margin. ”
By the way, such a measure is also suitable for protection from the so-called passive coupon sites offering discount coupons or promotional codes, but not at all engaged in promotion or independent search for customers. Similar sites in partner networks have recently become too many. The reasons are the same.
As a rule, they don’t have their own traffic at all, so all they do is wait for someone to come to them from a search engine at the request of the “audio add-on promo code” type. Then they redirect the visitor back to the site, even if there are no promotional codes there. That is, this is another type of “stuffing”, when a person leaves during checkout and returns from the coupon site, which becomes the last one, which means it is paid.
If you are unable to implement such fraud protection tools, you can use ready-made service solutions that will do everything for a certain monthly fee. But do not forget to calculate and compare the cost of in-house development and continuous payment services every day.
Well, we hope that the measures taken by us will help avoid the occurrence of similar situations in the future. Other companies want to honestly warn that cookie stuffing is not just minor mischief, but the systematic work of unscrupulous partners, leading to the loss of significant amounts even for not very large companies, which can and should be stopped.
Source: https://habr.com/ru/post/370097/
All Articles