How to spot and prevent affiliate fraud

The question most founders ask before opening their first affiliate program is what if someone tries to game this? eBay’s biggest affiliate, Shawn Hogan, went to federal prison after pulling $28 million out of eBay’s affiliate program through a trick called cookie stuffing. Hogan is the most famous example but far from the only one. The FTC has taken affiliate marketers to court for millions over outright scams. Companies have written off nine-figure attribution fraud bills once someone finally ran the numbers. Entire programs have been drained through clever exploits in the checkout flow.

What all those stories share is a structural feature worth naming. They happened inside programs with thousands of affiliates, hundreds of millions in commissions, and no realistic way for any human being to look at an individual conversion and ask does this one look real? eBay had so many affiliates that the guy pulling $28 million off them blended in until a federal sting operation pulled him out. Uber once shut off $100 million of its annual ad budget when it realized it couldn’t audit individual mobile installs. At that scale, fraud hides in the noise.

That’s the most important thing to understand about affiliate fraud. Almost every case that makes the news happened inside a program too large for any human to actually scan. The fundamentals in this post, starting with manual review by a human who knows what to watch for, are how almost every other case gets caught before it grows.

Why tight programs prevent most affiliate fraud

A lot of affiliate marketing advice quietly assumes the goal is to scale to the eBay model. The $500-a-month fraud detection services exist because at enough scale, the only way to catch bad conversions is to buy software that scores them in real time. That’s the market those services are built for, and at enterprise volume they’re worth the money.

Below that scale, running a tighter program with collaborators the operator actually knows something about is a better protection than any tool. I’ve written about this before in most affiliate programs suck but yours doesn’t have to. The reason most affiliate programs fail isn’t that they got too big. It’s that they recruited too indiscriminately and then had no way to tell signal from noise. The fix is more about who gets invited in than how many.

Siren ships with fraud prevention built in, self-referral blocking, activity feeds that surface patterns, and flexible approval workflows that let you automate the right checks for your program. The rest of this post is about configuring those mechanisms to match your program’s structure.

The rest of this post depends on one mechanical thing being true. That you can see what happened to any given conversion without spending ten minutes clicking through five admin screens. Siren just shipped activity feeds on every major record (conversions, obligations, fulfillments, collaborators, and the rest) to make that possible. Each feed is a running, timestamped log of everything the system did to the record, in order. The feed doesn’t prevent fraud. What it does is drop the friction on pattern recognition low enough that the weekly review this post keeps recommending actually happens.

Self-referrals, coupon stacking, and fake leads

Almost every fraud case below enterprise scale falls into one of three buckets, and each has its own fix.

The first and most common is a self-referral. An affiliate buys the product through their own tracking link or coupon so they pocket a commission on a sale they were already going to make. Most of this is casual. Someone sees they can shave 25% off a thing they were buying anyway, and they pull the trigger. The deliberate version, where someone has worked out they can run ten gift cards through their own link every month and net 25% on each, is real but rarer. Either way the sale didn’t come from a genuine referral, and paying out on it is paying for nothing.

The second is coupon stacking, and it’s slipperier because the affiliate isn’t technically breaking any rule. They publish their code on a deal site or a coupon aggregator, customers who were already going to buy find the code at checkout, and the affiliate collects commissions on sales they had nothing to do with. That’s most of most affiliate programs suck but yours doesn’t have to in a sentence. The program got intercepted by parasites.

The third applies only to lead-gen programs where you pay a flat bounty per qualified form submission. This one is fake leads. An affiliate fills out the form themselves with a throwaway email and a plausible name. Run at volume, it turns a lead-gen program into a money pit before anyone realizes what’s happening.

How Siren stops self-referrals

Siren has an always-on mechanism that catches the most common self-referral case. When a logged-in collaborator makes a purchase on your site, Siren detects the login, identifies them as a collaborator, and invalidates any active opportunity tied to them before an engagement can fire or a conversion get created. The attempt dies before it produces a commission. Self-referral prevention covers the full mechanics, and it’s on by default.

The honest limit is that the mechanism keys off the login event. An affiliate using guest checkout, or checking out under an email that isn’t linked to their Siren account, won’t be caught automatically. The rare determined attempts usually show themselves in manual review anyway. Same shipping address as the affiliate, a purchase within hours of signup, a run of purchases in a single week that doesn’t look like real customer activity. Those patterns all show up as a cluster on the collaborator’s activity feed and make themselves visible the next time you scan their record.

Catching coupon stacking

Coupon stacking is harder to catch because it doesn’t look like fraud. The affiliate published a code on a public site, and customers found it, and whether that counts as them earning a commission depends on whether those customers would have bought without the code. The only way to answer that is to look at patterns.

The clearest signal is coupon-driven conversions that come with no accompanying referral traffic. If an affiliate’s code is generating 50 conversions a month but their tracking link is getting 5 clicks, that’s a red flag. Real affiliate promotion produces clicks. Commissions without clicks means the affiliate isn’t actually promoting your product. They’re letting the coupon do the work on sites where your existing customers are already looking.

Geography and timing are a second signal. If coupon uses cluster around the hours and regions where your direct traffic peaks, the code is being found by existing customers, not shared with a new audience.

The fix is almost always to change how the coupon works, not to punish the affiliate. Rate-limit it so each customer can use it once. Shorten the attribution window so deal-site parasites don’t get a month of free credit off every discovered code (cookie duration covers how). Or move the affiliate to tracking links only: “Hey, coupons aren’t working for you on this program. Let’s switch to tracked links.” That conversation either fixes the behavior or causes the affiliate to go dormant, and both outcomes are fine.

Catching fake leads

Fake leads leave fingerprints, and a weekly scan of lead conversions will surface most of the fraud. Look for repeated email domains, especially throwaway ones. Same IP address behind several submissions. Form completion times that are suspiciously fast, or suspiciously identical across submissions (a script running on consistent delays). Names that read like a random generator produced them, phone numbers that don’t route to a real person, companies that don’t exist when anyone searches for them. None of those are slam-dunk on their own, but three or four of them together on a single lead is almost certainly fake, and can be rejected without hesitation.

The review itself is where the activity feed earns its keep. Once a week, open your lead conversions for the past seven days and sort by affiliate. For any collaborator producing an unusual volume, click into a sample conversion and scroll its feed. You’re reading the full sequence: when the opportunity was created, when the engagement fired, when the conversion was triggered, whether an obligation was issued, whether anything got rejected or silently reversed after the fact. A legitimate lead has a clean sequence. A suspicious one has gaps, identical timing, or a refund two days later that quietly unwound the whole thing.

If you find a pattern, reject the conversions and ask the affiliate for an explanation. Sometimes they have a real one. Other times they go silent, which is its own answer.

Quiet problems the feed catches

The feed catches more than fraud. The same weekly scan surfaces the quiet problems that cost money without anyone calling them fraud. A refund that reverses a Tuesday conversion and rejects the obligation that would have paid out is the same class of problem as an engagement that fires for a customer who never converts. Normal once, meaningful as a pattern. Usually a broken integration or a coupon that’s leaking somewhere it shouldn’t be.

Every one of those events now has a timeline on the record involved. You stop finding out about problems from collaborator email and start noticing them when you open a record for any other reason. The friction on “what happened to this conversion?” dropped enough that the answer is actually there when you need it.

Don’t auto-approve new affiliates

Everything above matters, but one habit matters more than all of it combined. Hold new affiliates’ conversions in pending status instead of approving automatically.

When a new affiliate joins your program, their conversions should land in pending instead of approved. You look at the first wave yourself, checking whether the sales make sense, whether the referral traffic looks like real promotion, and whether the overall pattern is consistent with a legitimate affiliate. Only after they’ve built up a track record of clean referrals do you switch them to auto-approval.

This one change prevents almost everything this post has covered. Pending catches self-referrals before any commission is paid, it throws out fake leads before anyone has been promised money, and it makes the gap between coupon conversions and click activity impossible to miss once someone is actually looking. Manual review is annoying for the first week of any new affiliate relationship, and then it goes away for that specific person. The mechanics of pending, approved, and rejected conversions are at what is a conversion.

When you actually need a fraud detection service

Most programs never do, but some genuinely benefit. The threshold is roughly per-conversion dollar value. A thousand-dollar rejection a business can’t absorb changes the math, and so does operating in a category (gift cards, gambling) that attracts organized attempts no weekly review can keep up with regardless of program size. Once the problem is rings running coordinated accounts and forged identities, DIY is over and specialized help pays for itself.

Programs running at enterprise scale eventually need the tooling too. That’s where Uber and eBay ended up, and it’s where the big networks end up. The strategies in this post still apply once a program gets there. They just shift from being the whole job to being a sampling strategy on top of automated scoring.

For programs below that tier, the three patterns plus manual review plus pending status for new affiliates covers almost all of it. Don’t pay for software the program doesn’t need yet.

The practical checklist

1. Configure new affiliate approval workflows to match your program’s risk profile. Siren’s conversion approval settings let you hold conversions in pending for new collaborators until they’ve built a track record, then switch to auto-approval once trust is established. Set the threshold that makes sense for your program, 30 days, 10 conversions, first payout cleared.
2. Don’t cut payouts until your refund window has closed. Waiting out the refund period before creating a fulfillment means the refund pipeline has time to catch anything that needs reversing before money leaves the business. How refunds work covers the mechanics.
3. Watch for coupon activity without referral traffic. Activity feeds make this pattern visible without manual scanning. If a collaborator’s coupon conversions spike but their click activity stays flat, that’s the signal to rate-limit the coupon (cookie duration covers how) or move them to tracking links only.
4. In lead-gen programs, check the activity feed on high-volume collaborators before first payout. Fake leads cluster, same IP, throwaway email domains, suspiciously fast form completion times. Siren’s feed surfaces the pattern when you need it. After the first clean payout, auto-approval handles the rest.

When a collaborator disputes a rejected conversion, open the feed and walk them through it. Let the timeline do the talking. The collaborator disputes guide has the full workflow.

Most affiliates are honest. The ones who aren’t almost always get caught in the first month if someone is paying attention, and the small number who slip through show themselves in patterns that become obvious over time. Running an affiliate program is a trust game, not a fraud game. You’re building relationships with people who want to promote your product, and the vast majority of them are acting in good faith. Protect against the small minority who aren’t, but don’t let the fear of that minority keep the program from getting built in the first place.

Swim fast, dream big!