No Please, After You: Detecting Fraud in Affiliate Marketing Networks by Peter Snyder
Link to slides: http://slides.com/securitydaemons/affiliatemarketing
ABSTRACT: Cookie stuffing is an activity which allows unscrupulous actors online to defraud affiliate marketing programs by causing themselves to receive credit for purchases made by web users, even if the affiliate marketer did not actively perform any marketing for the affiliate program.
Using two months of HTTP request logs from a large public university, we present an empirical study of fraud in affiliate marketing programs. First, we develop an efficient, decision-tree based technique for detecting cookie-stuffing in HTTP request logs. Our technique replicates domain-informed human labeling of the same data with 93.3% accuracy. Second, we find that over one-third of publishers in affiliate marketing programs use fraudulent cookie-stuffing techniques in an attempt to claim credit from online retailers for illicit referrals. However, most realized conversions are credited to honest publishers.
Finally, we present a stake holder analysis of affiliate marketing fraud and find that the costs and rewards of affiliate marketing program are spread across all parties involved in affiliate marketing programs.