Six controversial affiliate tricks to watch out for

Posted on 08. Aug, 2011 by in Digital Marketing

In last year’s affiliate survey (warning, PDF link) 72% of respondents thought UK networks had a problem with fraudulent traffic. That’s a high figure considering the UK is, arguably, the most advanced affiliate market in the world.

The issue of dirty tactics is the limelight again following on from the New Scientist’s report that some US internet service providers are dealing with certain affiliate networks, some of whom are big names, in ways that brands would be unlikely to condone.

So, let’s take a look at search hijacking and five other tricks that brands should be on the watch for.

Search Hijacking

Search hijacking, or searchjacking,  involves ISPs – those companies that provide internet access to businesses and households – intercepting searches. The ISPs are in this position because they deliver the web pages over the internet to their customers, can see the address of the web page being requested and rather than delivering the correct page can wilfully choose to deliver the wrong page.

The hijack starts when a shopper is on a well known search engine and searches for a well known brand. Let’s pick  Google and Argos. In response the ISP doesn’t allow the usual search engine results to show. The ISP redirects the user, via an affiliate network to collect the tracking cookie, straight to Argos’ homepage.

This technique is controversial because brands end up paying commission for sales they had coming to them anyway. The technique surprises many because it does not fall into the stereotypical (and often unfair) view of dodgy affiliate marketing being carried out in some dimly lit backroom by a gaggle of black hats. Search hijacking is deployed by brands, on brands, with the affiliate networks cooperating.

Infinite Window

Retargeting is a big deal for a reason; it can work very well. Retargeting uses display networks to show carefully crafted banner ads designed to persuade a shopper to return to the brand’s website and complete a transaction or extend it with accessories and enhancements.

For example, a brand may be aware that a shopper is looking for a large flat screen TV, looked at a few models on their site, but did not purchase. Retargeting through display involves showing that same shopper a few more TV options, perhaps highlighting some additional benefits, in an attempt to lure them back to the site and complete the purchase.

There are some successful third party operators in this space who present a CPA solution to their branded clients. In other words, these operators only get paid on sales and that’s an enticing deal for brands – especially if they’ve no retargeting experience of their own.

Typically, agents offering a CPA deal on retargeting look to prove that they were responsible for the sell by dropping their tracking cookie whenever someone sees their carefully crafted retargeting ad. It makes sense. It proves that that lead came in after the initial site visit and after one or more retargeting banners had been viewed.

The catch comes when we start to work out which cookie tracking system has precedence over the others. Third party operators using a CPA system for retargeting have a strong reason to insist that their cookies have precedence over the others. After all, they are often spending a significant amount of their own money to generate banner impressions, need to track post impression, are encouraging people to return to their clients sites and being paid for that.

It is usually the case that the retargeting system is given a “window” of a number of days, anyway between 3 to 30 days in which any sales generated by shoppers who have seen a retargeting banner are credited to the retargeting campaign. Normally the system works well and everyone is happy.

The infinite window is a technique deployed only by a sub-set of retargeting companies. It starts with the premise that their tracking cookie is dropped on each and every banner impression and refreshes with a new timeline, starting with the latest impression counting as day 1. It is possible to ensure that shoppers are shown a banner just before the original window was due to expire to refresh the cookies. The infinite window technique is designed to ensure that this always happens.

The infinite window becomes especially controversial if the “cookie refresh” banner was delivered via poor inventory, in a small ad form and below the fold.

The Black Box

The problems with search hijacking and the infinite window tend to occur when there is no specialist digital agency involved in the checking process. It is usually the agency’s role to ensure that their clients are always getting value for money without being exposed to brand risk. With the “black box” technique, though, performance agencies are doing something entirely different.

There are a lot of valid reasons why performance specialist agencies offer “black box” options to their clients. The premise is that the client is paying for results and just results; they’re not paying the agency to provide detailed reports, customer service, coordinated brand activity or anything else that comes with typical agency fees. The black box is simply a way of agreeing that there will be no transparency. The client simply pays on results and that’s that. After all, the performance agency needs to make certain that their IP, they keyword forecasting, all remain secure. A nightmare scenario for them is that they’re used to flesh out a strategy for a brand, only to lose the contract to the brand’s in-house team who recreate the techniques pioneered by the agency.

Although the black box option makes some sense there are inherent dangers with it. Brands must remain in control of their own destiny and at one level the black box challenges that.

A particularly controversial black box technique mixes affiliates with paid search. The performance agency is typically brought on to offer a paid search campaign. The client is imaging Google and Bing with keyword targeting. However, the performance agency extends to affiliate marketing; paying third parties for leads at a lower CPA rate than they are getting paid by the brand and therefore making a margin.

This type of set up may see adverts for the brand on low quality ad networks , in association with incentivised clicks in causal games on social networks or even with these partners engaged in brand bidding on primary or second tier search engines.


The role of software in stealing tracking cookie and replacing them with others is well known in its desktop form. Users are tempted with free software; it might offer to speed up your PC, let you have comets for cursors, add a social network widget to your desktop or trade files and music. In the background the software is looking for tracking cookies and replacing them with CPA cookies of their own.

Scumware is disliked by affiliates and by brands. It associates with brand with an unpleasant digital hijack and often shoddy software. The parasitic technique works by stealing the hard earned cookies of other affiliates.

A newer and less well known form of the scumware technique is mobile scumware. Mobile scumware is usually nothing more than app that offers a convenient but basic functionality but looks to swap cookies once installed.

Fortunately, there are some environmental checks in place against mobile scumware making it less of a threat than desktop scumware. Providers like Apple vet apps before making them available to AppStore and Android is pretty good at being explicit about the permissions the app will have before it is installed.

Local jacking

The atomisation of local may present brand hijacking challenges. This month Foursquare opened up branded pages for self-serve. Anyone with a Twitter account could claim as a URL – that’s not the same as verifying a business but do users know that? Equally, it is possible for anyone to create pages for places on Facebook, Google Local or on many of the local or location networking sites.

It is a challenge to monitor all of these sites for improper use. In some cases specific mobile apps need to be downloaded and the user must be in the right geographic location before an effect materialises – imagine an augmented reality display super imposed by a phone’s camera, for example.

Where there is a challenge on brand monitoring there is a risk of brand miss use. Local jacking may occur as part of black box CPA activity too. In those instances brands may even be providing details that enable the practise – such as supplying the performance agency with details of new hotel openings, etc, which help ensure the black box agency is able to “jack” the location with a credible looking profile but CPA tracking links back to the official site.

Cookie Laws

The future of the cookie and data store tracking techniques is not without doubt. In some parts of Europe opt-in permission is required before a brand can place a cookie on a user’s computer.

The final controversial technique in this post simply highlights what happens should marketers fail to follow those laws.

There’s the additional challenge of brands and their agencies who follow the local cookie laws but who work with partners and providers who are less careful about their cookie drops. If the opt-in message is more forceful – such as requiring visitors to accept cookies before accessing the site – then partners may be able to drop a far higher ratio of cookies compared to the brands they work with.

The result will be an increase in the number of sales tracked as CPA activity without any increase in the number of sales over all. At least, though, they will be traceable sales.

Picture credits: various Flickr.

Tags: , , , , , ,

  • Keith Griffiths

    What a great post!