Copyright is owned by the Author of the thesis.  Permission is given for 
a copy to be downloaded by an individual for the purpose of research and 
private study only.  The thesis may not be reproduced elsewhere without 
the permission of the Author. 
 



 

 

Analysis, Design and Simulation of 
Fraud and Vulnerability 

Management 
in 

Affiliate Marketing 
 

by 

 

Bede Amarasekara 

 
 

A thesis 

submitted to the Massey University of Auckland 

In fulfilment of the  

requirements for the degree of 

Master of Philosophy. 

 

Massey University of Auckland, New Zealand 

2016 



 

ii 
 

Abstract 

Affiliate Marketing (AM) is a popular marketing model in e-commerce, which 

provides businesses a greater reach for a lesser cost. It is considered a safe way to 

spend the on-line marketing budget, as commissions are paid to affiliates only on 

monetary outcomes. However, there are inherent risks and frauds associated with 

the browser-cookie based tracking process. Cookie stuffing, load-time clicking, 

typo-squatting, conversion hijacking are some of the fraudulent methods used by 

rogue affiliates to earn commissions for sales transactions that were never actually 

promoted by them. Some of the previous researches discuss the prevalence of the 

above frauds, but technical aspects of these frauds, as to how they are 

implemented and what are the different ways to implement the same fraud are 

useful questions when developing solutions, which are addressed in this thesis. 

Contradicting results in quantifying the prevalence of fraud, carried out in 

previous research work has prompted us to use empirical data to ascertain how 

widespread these threats are in affiliate marketing. An affiliate marketing dataset 

of a practitioner spanning over a period of more than four years were analysed. 

Some of the above fraud scenarios were discovered and the prevalence of fraud 

scenarios verified.  This thesis also presents new vulnerabilities that were 

discovered using AMNSTE (Affiliate Marketing Network Simulation and Testing 

Environment). AMNSTE implements same HTTP cookie tracking technology that is 

implemented in real-world Affiliate Marketing Networks. This simulation and 

testing environment enables researchers and affiliate marketing practitioners to 

examine frauds and risk scenarios and to test the efficacy and utility of solutions 

that are developed to mitigate those vulnerabilities.  The thesis finally proposes 

technical solutions that can be implemented by advertisers and by affiliate 

networks, as we continue on our ongoing quest to make systems secure from 

online frauds.  

 

 



 

iii 
 

Dedication 

To my parents, in appreciation of their love, commitment and dedication, for never 

giving up the hope that this token of academic achievement, though long overdue, 

would one day be true.  



 

iv 
 

 

Publications produced 

1. Bede Ravindra Amarasekara & Anuradha Mathrani (2015).  “Exploring Risk 

and Fraud Scenarios in Affiliate Marketing Technologies from the 

Advertiser’s perspective”, Australasian Conference in Information Systems 

(ACIS 2015). Adelaide, Australia, Dec 2-4, 2015. 

 

2. Bede Amarasekara & Anuradha Mathrani (2016). “Controlling Risks and 

Fraud in Affiliate Marketing: A simulation and testing environment”, 

Research paper accepted for IEEE 14th International Conference on Privacy, 

Security and Trust, Auckland, New Zealand, Dec 12-14, 2016. 

 

3. Bede Amarasekara & Anuradha Mathrani (2017 - in-press). “Revenue Fraud 

in E-Commerce Platforms: Challenges and Solutions for Affiliate Marketing”, 

Cyber Security and Policy, Auckland, New Zealand: Massey University 

Press. 

 

  



 

v 
 

Acknowledgements 

I would like to thank my research supervisor Dr. Anuradha Mathrani, for her 

guidance, support and mentoring throughout my research degree and for inspiring 

me to reach higher goals. 

I thank Associate Professor Chris Scogings for having faith in me and guiding me 

towards my success. 

 I also wish to thank my sincere friend Owen Ormsby, for providing me help and 

support, throughout my study. 

Finally, I wish to thank all my family, for being there for me and supporting 

through all my endeavours. 

  



 

vi 
 

TTable of Contents 
 

Abstract ......................................................................................................................................... ii 

Dedication .................................................................................................................................... iii 

Publications produced ................................................................................................................. iv 

Acknowledgements ....................................................................................................................... v 

Table of Contents ......................................................................................................................... vi 

List of Figures .............................................................................................................................. vii 

1 Introduction .......................................................................................................................... 1 

1.1 Research purpose .......................................................................................................... 2 

1.2 Research goals ............................................................................................................... 3 

1.3 Thesis structure ............................................................................................................. 3 

2 Background and related work ............................................................................................... 5 

2.1 Technical Overview of an Affiliate Marketing Platform ................................................ 7 

2.1.1 Affiliate Management and Tracking by the Advertiser ......................................... 9 

2.1.2 Affiliate Management and Tracking by an Affiliate Management Platform ......... 9 

2.2 Case Scenario .............................................................................................................. 10 

2.3 Tracking Process .......................................................................................................... 11 

2.3.1 Click-tracking ....................................................................................................... 12 

2.3.2 Conversion-tracking ............................................................................................ 12 

2.4 Findings: Risks and Vulnerabilities .............................................................................. 13 

2.5 Tracking failures .......................................................................................................... 17 

2.6 Information security .................................................................................................... 18 

2.7 Summary ..................................................................................................................... 19 

2.8 Acknowledgements ..................................................................................................... 20 

3 A simulation and testing environment ............................................................................... 21 

3.1 Design Objectives and specifications .......................................................................... 21 

3.2 Description of the Prototype ...................................................................................... 24 

3.3 System Architecture .................................................................................................... 26 

3.3.1 Affiliate Network platform .................................................................................. 27 

3.3.2 Advertiser’s e-commerce site ............................................................................. 32 

3.3.3 Affiliate’s Website ............................................................................................... 33 

3.4 Using the prototype system ........................................................................................ 34 

3.4.1 Using AMNSTE to discover frauds and risks ........................................................ 35 

3.4.2 Using AMNSTE to find solutions and test efficacy & utility ................................ 37 



 

vii 
 

3.5 Conclusion and Future Research ................................................................................. 37 

3.6 Summary ..................................................................................................................... 38 

3.7 Acknowledgements ..................................................................................................... 38 

4 Analysing the Data .............................................................................................................. 39 

4.1 Use of two Affiliate Networks ..................................................................................... 39 

4.2 Tracking failures .......................................................................................................... 40 

4.3 Duplicate Cookies ........................................................................................................ 40 

4.4 Duplicate IP addresses ................................................................................................ 41 

4.5 Summary ..................................................................................................................... 45 

4.6 Acknowledgements ..................................................................................................... 45 

5 Conclusion ........................................................................................................................... 46 

5.1 Summary of Thesis ...................................................................................................... 46 

5.2 Recommendations for controlling mechanism against frauds and risks .................... 47 

5.3 Future Directions ......................................................................................................... 51 

6 References ........................................................................................................................... 53 

 

  

List of Figures 
 

Figure 1: How to find an Affiliate program to join? (Source: Collins, S. 2011b) ........................... 6 

Figure 2: A logical view of the Tracking process ......................................................................... 11 

Figure 3: Layered n-tier architecture .......................................................................................... 25 

Figure 4: Sequence diagram of the tracking process .................................................................. 28 

Figure 5. Class diagram of Affiliate Network application ............................................................ 29