Due to well known rules, laws and regulations which bar operators from advertising on the dominant digital platforms, alongside SEO, PPC, media advertising, exhibitions and other offline activities performance marketing has earned its status as one of the most effective methods.
Unfortunately, affiliate programmes, especially those working in pay per lead or a cost per acquisition models, which are dominant in the igaming market, are the riskiest. Unscrupulous affiliates will exploit it to generate fraudulent traffic with a network of bots, who can be sophisticated enough to onboard automatically, going through all the right steps to trigger a reward.
In other words, while your goal as an operator is to bring traffic to your page, the risks of using a third party affiliate vary depending on the kind of payment model you offer them.
This results in a complex relationship with your affiliates. While you rely on their services to bring new players to your service, you also know that the affiliates themselves are incentivised to deliver as much traffic as possible, without vetting its quality.
Which is why, unfortunately, the burden of monitoring and controlling the traffic is on your shoulders as an operator.
One of the greatest challenges you might face is dealing with an affiliate who brings you a mix of good and bad traffic. Is it affiliate fraud or not? Your incentive is of course to onboard as many players as possible, but how can you ensure the bad ones slip through the net?
The answer is to take control of the withdrawal step.
And while you might already have a risk team on the case here, an advanced fraud monitoring tool gives you plenty of options to improve your detection accuracy and to tailor the rules to how your specific casino does business.
By using not just device fingerprinting, but a range of custom attributes that are unique to business operations, withdrawal processing can be automated from 60 to 90 per cent when all relevant factors are fed into the risk scoring mechanism.
This is a huge time saver for the risk team, who can refocus manual efforts on less clear-cut cases and decrease fraud rates across the board.
How? By using device fingerprinting and user behaviour analysis.
Essentially you have to review the signups that affiliates bring in and vet them to determine if they came from an honest promotional campaign, or if they’re actually interconnected people working together (similar to promo abuser rings), whether they are fake accounts or not (do they have digital footprints at all?), or if the traffic is coming through proxies, or if the devices used at sign ups carry other suspicious marks that are commonly associated with fraud.
In the world of fraud detection, this is done by feeding data through risk rules, which output risk scores. For instance, you could have a rule that increases risk if the user connects with an email address from a free domain. Another one could increase risk if they use a VPN.
You also need to look at their actions on your site, specifically using velocity rules. These work with more complex parameters, for instance, the number of connection attempts per minute, or how fast the fields are filled.
And while sophisticated affiliate programme abusers may slip through even the most astute risk managers, your risk team can leverage the power of Machine Learning. By feeding your user data (both historical and current) to the engine, the algorithm can help suggest rules that highlight suspicious behaviour.
And don’t forget that behaviour based rules are only one of the tools in your arsenal to detect affiliate fraud. However, combining it with device fingerprinting, social media lookup, IP, email and phone analysis, you can build the most complete profile of your players, before they even reach the withdrawal stage.
In fact, the foundation of any lead risk assessment system when running an affiliate programme would be device fingerprinting. Put simply, it is designed to scan the configuration of software and hardware from the user and identify their connection with what we call hashes.
These hashes are effectively user IDs and they offer a surprisingly clear picture of who the users are. This is true whether they clear their cache, switch browsers, use incognito mode, or rely on emulators and spoofing tools - a practice that often points to bot usage.
Think of it this way: advanced abusers will do their best to make it seem as if they are bringing legitimate players in the eyes of affiliate managers and risk managers. They will have some sort of system in place and a bag of tricks that are designed to fool the operator. With device fingerprinting, online profiling and an overview of customer connections based on their unique information, you will be able to see suspicious patterns and set up rules to either flag them for manual review or block them automatically.
After all, each scammer has their own “signature”, but it’s something that you can only see by spotting connections across many different transactions, as those individual pieces of information come together to complete the puzzle.
The more advanced your monitoring and tools, the less manual time you have to spend on piecing together these puzzle pieces - and that’s exactly what SEON’s SENSE platform was tailored to do.
