Tackling Fraud in CPA Networks with Analytics

This article was contributed by Dmitriy Berezin, Head of Online Sales at Raiffeisen Bank, and Victoriia Pashchenko, Web Analyst at OWOX BI. Read more about them at the bottom of the article.

A couple of months ago we worked with Raiffeisen, a bank in Russia, to help their marketing team tackle a complex challenge related to their online acquisition efforts. Their team noticed that the cost of affiliate traffic increased abnormally, while the revenue remained the same. Moreover, the bank’s customers experienced session breaks while filling out the application form on the website. That’s why Raiffeisen suspected that some of their CPA affiliates might have been using a system to substitute the traffic source value on the bank’s checkout page.

Here’s what they suspected: users were installing a browser extension to get discounts; this extension would display a popup window with a discount offer whenever users started the checkout process. If the user clicked on the link in the pop-up window, the extension would automatically rewrite the traffic source data in the cookie with the affiliates’ traffic source data.

The OWOX BI team helped Raiffeisen collect, process and report the necessary data. Here’s a diagram to demonstrate the data flow.

Data Flow diagram

Step 1. Collecting raw data

Since Raiffeisen is currently using the standard version of Google Analytics, the OWOX BI team suggested collecting the data and sending it to Google BigQuery, which meets the highest security standards. They set up the data import from their website to Google BigQuery via OWOX BI Pipeline. This solution helps standard GA clients to get unsampled data in near real time, as well as collect the actual timestamp of each hit. Thanks to this, Raiffeisen can track any sequence of user actions across sessions in a single report.

Say, for example, you need a report on the users who visited the /promo/ page, then got back to the website via CPC, and, eventually, made a purchase. Moreover, you need the report to display these visits for a selected date. To get such report, you would write a simple query, and get the table below.

Raw data

Step 2. Processing the data

To understand whether the traffic source values were rewritten, the OWOX BI and Raiffeisen analysts determined the values they needed:

  • User ID.
  • Source and medium of the first and the next sessions.
  • The time between sessions.
  • The first and the final URLs of each session.
  • Events in each session.
  • Transaction event in the final session.

To understand whether the traffic source values were rewritten, the analysts filtered the data according to the following conditions:

  • The time period between the two sessions should be up to 60 seconds.
  • The website page should remain the same when the source changes.
  • There should be a transaction in the final session.
  • The traffic medium in the final session should be affiliate.

Step 3. Building reports

For further analysis, the OWOX BI analysts used their add-on to import the selected data from Google BigQuery to Google Sheets. Thanks to the import, Raiffeisen received a table with the IDs of each customer whose session was closed and the new session was opened on the same page, within less than 60 seconds between sessions.

Next, the data was brought together in a pivot table to demonstrate to Raiffeisen’s marketing specialists which affiliate marketers acted in bad faith. The numbers in the screenshot below were changed and are given as an example:

Raw data

For instance, the report above demonstrates the number of transactions with a rewritten source value, as well as which affiliates have replaced the traffic sources with their own ones. The report also shows which channels were robbed of transactions: CPC and organic.

Concluding Thoughts

To summarize, the affiliates in question were rewriting the traffic source data to their benefit. By looking at a group of customers, they found out that a large proportion of them had two sessions recorded on the same page within less than a minute, while the traffic source of the second session was changed to the affiliate’s campaign. The data about these customers helped understand which affiliate partners attribute the traffic from other channels to themselves. Having this information in hand, Raiffeisen could stop cooperating with dishonest webmasters, and reallocate the marketing budget.

Raiffeisen got a report that helps monitor statistics on affiliates and bring to light the cases of fraud in CPA networks. The company managed to optimize the ad budget by ceasing cooperation with two dishonest partners that rewrote the traffic sources and unreasonably overbilled Raiffeisen.

About the Authors

Dmitriy Berezin

Dmitry Berezin, Head of Online Sales at Raiffeisen Bank, has been in Digital Marketing for more than 8 years. He specializes in developing strategies for customer engagement, retention, and development. Dmitry has taken part in creating the Yandex.Market system for personal communication and loyalty management. Learn more about him on LinkedIn or follow him on Facebook.

Victoriia Pashchenko

Victoriia, Web Analyst at OWOX BI, is passionate about web analytics. That’s why she started working in this area some years ago, and joined OWOX as a web analyst in September 2017. Outside her work, Victoriia enjoys board games, foosball and TV series. You can follow Victoriia on Facebook to learn more.

Related Posts