Analysis, design and simulation of fraud and vulnerability management in affiliate marketing : a thesis submitted to the Massey University of Auckland in fulfilment of the requirements for the degree of Master of Philosophy, Massey University of Auckland, New Zealand
Affiliate Marketing (AM) is a popular marketing model in e-commerce, which provides businesses a greater reach for a lesser cost. It is considered a safe way to spend the on-line marketing budget, as commissions are paid to affiliates only on monetary outcomes. However, there are inherent risks and frauds associated with the browser-cookie based tracking process. Cookie stuffing, load-time clicking, typo-squatting, conversion hijacking are some of the fraudulent methods used by rogue affiliates to earn commissions for sales transactions that were never actually promoted by them. Some of the previous researches discuss the prevalence of the above frauds, but technical aspects of these frauds, as to how they are implemented and what are the different ways to implement the same fraud are useful questions when developing solutions, which are addressed in this thesis. Contradicting results in quantifying the prevalence of fraud, carried out in previous research work has prompted us to use empirical data to ascertain how widespread these threats are in affiliate marketing. An affiliate marketing dataset of a practitioner spanning over a period of more than four years were analysed. Some of the above fraud scenarios were discovered and the prevalence of fraud scenarios verified. This thesis also presents new vulnerabilities that were discovered using AMNSTE (Affiliate Marketing Network Simulation and Testing Environment). AMNSTE implements same HTTP cookie tracking technology that is implemented in real-world Affiliate Marketing Networks. This simulation and testing environment enables researchers and affiliate marketing practitioners to examine frauds and risk scenarios and to test the efficacy and utility of solutions that are developed to mitigate those vulnerabilities. The thesis finally proposes technical solutions that can be implemented by advertisers and by affiliate networks, as we continue on our ongoing quest to make systems secure from online frauds.