Webmaster Fraud Control
By Lisa Ryan, of www.pornmegabucks.com
In days past, a fraudulent webmaster could cost your business money, but they were rarely a threat to the survival of your program. These days, with processing controls tightening, particularly in relation to charge-backs, a fraudulent webmaster can force you to lose your processing, either your merchant account, or your account with one of the third party processors, purely because of the number of charge-backs they generate. Without a method of charging credit cards online, the viability of your business is next to nil.
Tracking down fraudulent webmasters is usually a combination of instinct, and analysis. I can't help you to develop your instinct, but I can point out issues common to many fraudulent accounts that you can use in your analysis.
The most important thing is to monitor your webmaster accounts carefully, particularly those of new webmasters. Although it occasionally happens that a webmaster who has been with a program for some time decides to try and get away with putting fraudulent sign-ups through, it's much more rare than a new webmaster who signs up with the sole intent of attempting to defraud your program.
It used to be true that fraudulent webmasters targeted only pay-per-sign-up programs, however that is no longer the case. Webmasters, particularly those from countries with low annual incomes, have discovered that defrauding recurring programs is just as easy, and as they don't cancel the trial sign-ups they put through fraudulently, those sign-ups recur to monthly memberships, potentially making the income significant enough to be worth the risk.
This brings me to the first two points that can quickly help you to identify a fraudulent webmaster. You should already have an idea of: A.) how many of your overall sign-ups are trial vs full monthly memberships, and: B.) how many of your trial sign-ups recur to monthly memberships.
A webmaster that has put through only a handful of sales, but who miraculously has all full monthly, or worse, three monthly memberships, deserves further investigation.
The same goes for a webmaster that sends lots of trial sign-ups, none, or very few of which, cancel prior to the trial finishing.
Obviously, a webmaster that sends three hits, and from those three hits, has three sign-ups, should also come in for some special attention.
The three points listed above should be the first indicators you look for when analyzing the account of a new webmaster, in the case of the first and last, fairly easy to check, and all of them are reasonably clear pointers to the fact that the webmaster could be committing fraud.
Unfortunately, from there, the analysis becomes more difficult. Basically, I'm suspicious of ALL new webmasters, until they prove otherwise. Some of the tactics I have seen mean that I no longer trust most webmasters at first.
Some of the more blatantly stupid fraud attempts I have seen include:
All sign-ups coming from the same IP as that of the webmaster when he/she signed up for the program.
Only one sign-up coming in per day, which is not normally enough to arouse suspicion... except if every one of those sign-ups comes in at the same time of day, day after day.
It used to be the case, that one of the easiest ways to track a fraudulent webmaster, was if none of his 'members' ever entered your members' area. These days, many programs have software in place to detect this quickly, so the fraudsters have taken steps to circumvent this.
A strategy I see quite often, is the fraudulent webmaster entering the members' area of the site he has signed up for, once or twice, however, they usually do it immediately after the sign-up, and not again. If you can track the times/dates that your members sign up to your site, and then enter your members area, you may see something similar to this:
Date Added: 2/14/2004 4:58:54 AM
Date Updated: 2/14/2004 4:59:39 AM
Date Last Access: 2/14/2004 4:59:39 AM
Auth Count: 1
As you can see, the 'member' entered the members' area only once, directly after the sign-up took place. This was constant for ALL the members referred by this particular webmaster, and by numerous other confirmed fraudulent webmasters as well.
Other patterns to look out for include:
- Similarities in e-mail addresses: something@CooksKitchen.com whatever@MikesDiner.com
(Note the capitalization of each word in the domain name).
- Mismatching first and last names with e-mail addresses (Why would George Smith have the e-mail address fredjones@hotmail.com?).
- Similarities in usernames and passwords (random letters for usernames, random numbers for passwords, or words for usernames, random letters for passwords).
You'll usually see the above applying to ALL members referred by your suspect webmaster.
Another thing to check is the referral URL for the sign-ups. Sometimes you'll see that the webmaster is sending plenty of hits, with sign-ups giving him 'normal' ratios for your program, but if you take a closer look you'll see that while he has sent 3000+ hits from xyz.com, all of the sign-ups come from either a different URL, or have no referrer at all. It's unlikely that of the 3000+ hits he has sent from xyz.com, none of them resulted in a sign-up, while the FOUR hits that came from a different URL, or had no referrer at all, all resulted in sign-ups.
Sometimes you'll find when you visit the URL referring the majority of the hits, that there is not even a link to your program on the page, but by viewing the source code you may find there is a script in place which results in a 'hit' to your program every time that page is viewed.
While it's possible for fraudulent webmasters and their sign-ups to still slip by you, to ensure you can adequately analyze your webmasters, you should be able to easily see the following:
- The IP address of the webmaster when he signs up with your program.
- The IP address of the member at the time he purchased the membership.
- The time and date of each member sign-up.
- The number of times (time and date stamped if possible) a member has accessed your members' area.
- Which webmaster, if any, has referred each of your members.
- The referring URLfor every sign-up.
Having identified a fraudulent webmaster, what's next?
Immediately remove their access to your webmaster area.
Also remove access to the stats reporting areas of third party processors, and change their referral percentage to 0%, if applicable.
Refund all sales referred by that webmaster. Failure to do so will most likely result in those transactions being charged back anyway. Not only will you lose the money earned from those sign-ups, but you will also potentially lose all processing options due to going over the chargeback limit.
Notifying the webmaster of your decision depends on your individual protocols. Interestingly, final confirmation of whether or not the webmaster was fraudulent often comes from their reaction to discovering their account has been terminated. Honest webmasters will contact you, usually pleasantly, asking why their password no longer works. Fraudulent webmasters will either be indignant, or most likely, not contact you at all. They already KNOW why their account has been cancelled. Of the 30+ webmasters I have terminated for fraud over the last three years, only one of them contacted me to ask why he no longer had access.
Webmaster fraud control is a vital, if irritating, part of this business. However, it's not all bad news. The detection, analysis and termination of a fraudulent webmaster can actually be fun, knowing that you had a win against the bad guys is incredibly satisfying.
Lisa Ryan has been working with www.pornmegabucks.com for over three years, and in that time has worked with 1000's of webmasters assisting them to make money with their adult websites. Lisa's experience in affiliate management ranges from billing issues to site building techniques, making her a valuable contact for every newbie webmaster.
|
Printer
Friendly Version