Now You See Me! What is CPA Fraud and How to Fight it

CPA (Cost Per Action) is surely a common way to get more customers for your business. If run properly, CPA campaigns can bring up to 20% of the whole website traffic. Though, there’s trouble even in paradise marketing, as certain CPA partners can sometimes play unfair or even fraud. Disclaimer! We’re not saying that everyone does that. We’re just sharing our customers’ experience of working with webmasters who operated in bad faith, to keep your business safe. But first, let’s dive in deeper into what is CPA marketing and how it works.

How it works

The CPA game implies three parties:

• Advertiser — a company hiring someone to advertise its services or products.
• Webmaster — a hired performer to place ads in social media, emails, websites, etc.
• CPA network (Affiliate network) — a third-party mediator to bring the two together. The main task of the network here is to distribute orders from advertisers among webmasters, to conclude agreements, track the work done, make the payments for closed tasks, and so on.

Thus, when an advertiser finds a webmaster in one of the CPA networks, they make an agreement. Next, the webmaster places a partner link in one of its marketing channels, adding specific UTM tags to the link. Once a user follows such a link and makes a conversion action like an order or a purchase, the webmaster gets money for acquiring the user.

What issues may arise

What are the known CPA fraud scenarios

Brand search ads
A webmaster places some search ads, using the advertiser’s brand name as a keyword. When a user clicks on such an ad, he or she gets to the webmaster’s site. Next the traffic source data in the user cookies is written as the webmaster’s, and the user is redirected to the advertiser’s site. If this user eventually converts, the webmaster gets paid. Why is this wrong? Because a user was already looking for an advertiser’s site and would have got there anyway without the webmaster’s help. Moreover, the bids on keywords go up, making the advertiser spend even more on brand ads.

Click Under
A user comes to a website to, say, watch a movie, and clicks anywhere on the site. Meanwhile, the webmaster’s site opens in a new tab, marking the traffic source data in the user cookies with the affiliate’s. Later, the user gets to the advertiser’s website, say, directly or from Facebook, but with the rewritten source data. If this user buys something, cha-ching! The webmaster gets the money.

iFrame site opening
Pretty similar to ClickUnder, users also open webmasters’ websites, but in a tiny pixel-sized pages, and the user source data is rewritten. This happens thanks to the <iframe> tag that allows loading a page inside of another one. Can you see a pixel? Neither do users. But if they come to the advertiser’ site later, webmaster is paid for these “attracted” conversions.

Addons
These browser extensions add up some features for users, like cashback, adblock, weather, etc. Though, such extensions can substitute the traffic source data in the user cookies with the affiliate’s. Another possible way is that a new tab pops out for some seconds, and the users is back to the advertiser’s site, already tagged with UTMs. The webmaster wins again, without actually attracting the user to the advertiser’s site.

Rewriting source/medium (cookie stuffing)
We wrote a success story with Raiffeisen Bank devoted to this, so you can go and check it out in more detail. The main problem was that the company’s expenses on CPA ads grew, while the revenue from it was still the same. Moreover, Raiffeisen’s customers had session breaks when already checking out at the banks site. Thanks to the cooperation with OWOX BI, Raiffeisen Bank discovered that:

• Before visiting the bank’s site, users installed add-ons to get discounts.
• When they visited the bank’s checkout page, customers saw a pop-up window offering a discount and clicked on it.
• Their session on the website broke up, and a new one started within less than a minute, already with the user source data changed to the affiliate’s.

Thanks to the reports obtained with OWOX BI, Raiffeisen stopped cooperating with dishonest CPA partners and saved their marketing budget from extra expenses.

How to detect fraud

There’s a certain set of signs to discover unfair play:

• Different CPA partners charge you for the same transaction.
• There’s a dramatic increase in the affiliate traffic costs, while the revenue remains the same. You can actually see that in GA reports: Acquisition — All Traffic — Source/Medium.
• Frequent session interruptions happen before checking out at the website. You can also check that in GA: Audience — User Explorer. Click on the client ID and view the user interaction history:

  

  We can see that at 7.59 a user came to the website from a paid source. In less than a minute, the same user comes to the site, already from the affiliate source and converts. This means that the user didn’t leave the site, but his traffic source was rewritten. In such a way you can check each user, but that won’t solve the overall problem. Enough bad news. The good news is that there’s a better and a more comprehensive solution!

How to set up CPA reports

You can use different tools to monitor the work of CPA partners, but the steps to take will remain the same:

1. Collect raw behavior data.
2. Choose sessions with breaks of less than 60 seconds between them, when the traffic source is substituted to the affiliate’s.
3. Build reports.

Step 1. Collect raw data

To detect cookie stuffing, you’ll need raw unsampled data about web user behavior. We’ll tell you how to collect and process data via SQL queries in Google BigQuery, as we’ve got good experience of using this method for our customers.

To import the info from the website to BigQuery, you can use:

• OWOX BI Pipeline — this way you get raw data in near real time.
• BigQuery Export — a type of export available for the Google Analytics 360 subscribers.

There are a few moments that you should definitely pay attention to, when checking the tables with data on user behavior:

• See if Client ID and User ID, or other identifiers are present in the table and properly sent. All of the queries will use this parameter, so the identifier should be correct and unique for each of the site visitors. To check if everything’s works properly, form a segment of users with User ID in GA, and track any changes within a few last months.
• If there are mistakes in the data and you can’t fix them with an SQL query (for example, filter all the abnormal transactions and users), it’s better to analyze only the periods that you have correct data about.

Step 2. Choose abnormal sessions

We’ll use behavioral data to form a set with the following fields:

• Date.
• Identifier (Client ID or User ID).
• Source and medium of the session.
• Time between two sessions.
• First and final URLs of each session.

There also should be conditions in SQL queries to discover the rewritten sources. You can customize these queries for your business. For example, in our case, we had the following conditions:

• Less than a minute between two sessions.
• The page doesn’t change when the source does.
• There was a purchase in the last session.
• The last source is affiliate, cpa or aff.

As a result, you’ll get a similar table with data on customers with rewritten sources and less than 60 seconds between two sessions:

Step 3. Build reports

You can use multiple options to form a report with the data from an SQL query.

Option 1. Import data from BigQuery to Google Sheets via the free OWOX BI BigQuery Reports add-on. Next, you can create a pivot table to monitor statistics on affiliate partners:

As you see, partners 3, 4, 5, and 8 had the most of suspicious transactions. In most cases, CPA substituted CPC and Organic sources.

Option 2. Visualize data from GBQ in Google Data Studio, Power BI, Tableau, or any other service you’re used to.

Option 3. Stay safe with the set of CPA-reports in OWOX BI Smart Data. Using plain English (no need for SQL!) you get instant reports in the format of a table, a graph, or a diagram.

What you can do with CPA reports in Smart Data

1. Detect rewritten traffic sources.

With this report, you can see the number of transactions with a substituted source across every campaign. For instance, campaigns 3, 4, and 5 had the most transactions with less than a minute between two sessions. The more transactions like this, the more probable that the sources were rewritten. Therefore it’s better to double check the partners who run these ads.

2. Learn which sources and mediums receive less value because of the fraud.

In this report you can see the sources and mediums that were before the affiliates in the funnel. For example, the campaigns 1 and 4 had some paid channels (facebook/cpm and bing/cpc) before the sessions with CPA transactions. Additionally, 17 and 18 seconds between sessions are a sign of cookie stuffing. Therefore ad campaigns in Bing and Facebook were underestimated.

3. Discover the affiliates who use your brand keywords in ads.

If you ask Smart Data “How CPA sessions are distributed among landing pages and keywords”, you’ll get a report as in the screenshot above. To learn if your affiliates use your brand name in ads, simply add the brand name to the Keyword filter.

4. Understand who should get paid if different affiliates charge you for the same transaction.

If multiple webmasters ask you to pay for the same transaction, this report will help you choose the actual transaction source. From our experience, it’s usually the last source to get paid.

If you need the full list of CPA reports from Smart Data, you can check out our Help center.

Conclusions

We’d like to imply that we by no means recommend you to get rid of affiliate traffic or to reduce CPA costs. The other way round, we suggest you a set of anti-fraud reports to:

• Boost the efficiency of work with affiliate partners who perform in good faith.
• Make the payments for CPA partners more transparent.
• Measure the value and price of the affiliate traffic, along with its influence on other sources. For instance, if we talk about cookie stuffing and undervalued sources that were rewritten.
• Get rid of wacky routine with automated reports to monitor the CPA work.

To detect cookie substitution, it’s enough to collect complete data on user behavior with OWOX BI Pipeline and use an SQL query to the data. If you’d like this query, simply fill out the form and you’ll get it straight to your inbox. Or you could get the same type of CPA reports in Smart Data with even more details, using simple questions in English instead of SQL.