Security Management System Details
This guide provides details about the workings of Referral SaaSquatch's Security Management System and how it protects you from unwanted referral activity.
For a high-level look at the features available with Security Management System please check out the companion article in the Success Center.
This document includes an in-depth explanation of the moderation process referrals go through, how the Security Management System will interact with new and existing programs, and ways you can build additional functionality on top of this system. Information on each of these core components, how they interact, and the settings for referral moderation that can be adjusted, are provided below.
Referral Moderation Flow
The included flowchart illustrates how an incoming referral will move through the three core components of the referral moderation process, and how different settings will affect the outcome of this process for the referral.
A core concept in our referral moderation process is the moderation status of the referral. There are three possible values for the moderation status of a referral: Approved, Pending, or Denied. This status represents the intended end-action to be applied on the referral by our Security Management System. Throughout the moderation process (explained below) the moderation status can be changed by various components of the Security Management System.
Setting the default status of the incoming referral is the first stage of the referral moderation flow.
These settings apply an initial moderation status to all incoming referrals.
- Approved -- This will leave the status of all incoming referrals as Approved.
- Pending -- Selecting Pending for the default status provides more granular setting options for incoming referrals based on what type of program you are running:
- Selecting this option on a Payment Provider program will set the moderation status of an incoming referrals to Pending.
- On an API-only program there are options to set the default status for the referrer and referred user rewards independently. It is recommended that if you plan to select Pending as the default status, that you do so only for the referrer while leaving the default status for referred user rewards as Approved. Please see our note in the Referral Moderation Outcome section which explains how these settings will affect the referral.
All incoming referrals, regardless of their default status, will be analyzed against a list of criteria to determine whether they should be considered potentially fraudulent. These criteria currently include Name, Email, IP Address, and Rate.
Each of the Fraud Criteria can be individually turned off in the Security Options. Criteria that are turned off will not be checked as part of the referral moderation process.
The name of the referrer and the referred user will be compared for similarities. This step checks whether the referrer and referred user share a First and Last name, and if the First and Last names have been reversed (John Doe vs. Doe John). If the two names meet either of these criteria the referral will be flagged.
The email address of the referrer and referred user will be compared for similarities using the following criteria:
Common username but different domain name
- Email variations
If the Referrer's and Referred User's email addresses meet any of these criteria the referral will be flagged.
Same IP Address
The First Seen and Last Seen IP address value for the referrer and referred user will be compared (this parameter is also available using the User Lookup API call). If the two users share the same IP address info then the referral will be flagged.
High Rate of Referrals
This option will check the frequency of referral signups made by the referrer. This is given as referrals/time period. The default rate limit for referral signups is 3 referrals per half hour. This means the rate limit will be triggered on the 4th referral signup in a 30 minute period. When the rate limit is reached all 4 of the referrals that were counted towards that limit will also be flagged. The limit can be changed both in volume and frequency (e.g. 3/30min vs. 5/1hour) to meet your program's requirements. Please contact our support team to make this change.
Note: If rewards for the first three flagged referrals have already been redeemed, this cannot be undone.
Suspicious Email Address Domains
The Suspicious Email Address Domain Fraud Criteria compares the domain of the Referred User's email address against an extensive list of known disposable and temporary email address domains. This list is updated frequently and is a powerful tool for reducing self-referrals. Additional domains can also be added to the list of blocked email domains from the Security tab in the SaaSquatch portal.
If the Referred User's Email domain is on the list of known temporary email address domains the referral will be flagged.
Further details about Suspicious Email Address Domain Fraud Criteria can be found in our article on Blocked Email Domains.
Daily Reward Limit
The SaaSquatch Daily Reward Limit can be configured to limit the maximum number of rewards that your program will automatically provide within a rolling 24 hour period.
Referrals that would generate rewards above that limit are placed in pending, for manual review, before the rewards are handed out.
Individual participants in your Referral SaaSquatch referral program can be blocked from making successful referrals.
Blocking of an individual user is accomplished primarily by:
- Invalidatng their referral code so that API lookup attempts to validate the referral code will return an
HTTP 404 Not Founderror.
- Not adding the tracking cookie to the browser of, or any of the URL UTM parameters in the landing page URL of, anyone who clicks on their share link (both of which typically facilitate connecting a referral)
Enabling or Disabling the blocking of a specific user can be done from the referral participant's page in the SaaSquatch Admin Portal.
Should someone already have access to the blocked user's referral code, or cookie in their browser, the referral connection will still automatically be blocked when it is processed by the SaaSquatch Security Management System.
Note: Referrals processed through the SaaSquatch Security Management System where the Referrer is Blocked will be automatically denied irrespective of any other referral moderation settings.
IP Address Blacklisting
The Referral SaaSquatch System supports the ability to blacklist both individual, or ranges of, public IPv4 and IPv6 addresses.
IP addressses can be added to the blacklist from the Security Options menu on the Security page in the SaaSquatch Admin Portal.
It is also possible to block an IP used by a referral participant directly from the Manage User menu on that referral participant's profile in the SaaSquatch Admin Portal.
Note: Referrals processed through the SaaSquatch Security Management System where the Referred User's IP address is blacklisted will be automatically denied irrespective of any other referral moderation settings.
Fraud Criteria Handling
The settings for Fraud Criteria Handling determine what action will be performed on a referral based on whether the referral was flagged as potentially being fraudulent.
Settings in this section are able to downgrade the existing moderation status of a referral (i.e. from Approved --> Pending, and Pending --> Denied).
The settings options for Fraud Criteria Handling include:
Set to Pending -- A referral that has been flagged will have its status automatically set as pending. This allows for manual moderation of the pending referrals in the Security section of the portal. Here you can choose to approve or deny the referral based on the information provided about what triggered the referral to be flagged. This is the recommended setting for Fraud Criteria Handling.
Set to Deny -- A referral that is suspected of being fraudulent will be automatically denied. Referrals that have been denied are listed as such in the Referral History. The denial of this referral can be reversed at a later point by selecting the referral from the Referral History and changing the status from Denied to Approved.
Take no action -- This setting will take no action based on fraud criteria, and all referrals will be left with the Default Status. (This is the default setting for all programs)
Referral Moderation Outcome
After passing through all three core components of the moderation process each referral is moved into one of three "pools" based on its moderation status.
Referrals that made it to the end of the process with an approved moderation status will pass out of the Security Management System and have their respective rewards created.
Referrals that had their status changed to Pending during the moderation process will be placed under Pending Referrals in the Program Security page. A decision can then be made about whether to approve or deny the referral based on the provided Fraud Criteria information.
Referrals that have had their status changed to Denied during the moderation process will be listed in the Referral History section of the Program Security page. If you would like to Approve these referrals at a later date simply select the referral and change the status toggle from Denied to Approved.
Note for API Programs:
If you are using an API program and have set Default Status differently for referrers and referred users the outcome of the referral moderation process will be slightly different.
If the referral is not flagged for being potentially fraudulent, or your Fraud Criteria Handling settings are configured to "Take no action" on flagged referrals, then the referral will be left (as it was set in the default status step) with the referral’s referred user moderation status as Approved, the referral’s referrer moderation status as Pending, and the referral moderation status as Pending.
If the referral is flagged for being potentially fraudulent, and your Fraud Criteria Handling setting are configured to set flagged referrals as pending, then the referral as a whole will be set to Pending.
If the referral is flagged for being potentially fraudulent, and your Fraud Criteria Handling setting are configured to set flagged referrals as Denied, then the referral as a whole will be set to Denied.
Note for Payment Provider Programs:
The reward for the referred user is not handled by our system as it is fulfilled as part of their checkout experience inside your product or website which our system does not control. As such, while the moderation status of the referral might indicate that the referral has been set to Pending or Denied, the status of the referred user reward will always stay as Approved. For more information on the mechanics of Payment Provider Programs please take a look at our Stripe and Recurly Guides.
Frequently Asked Questions
Does this change my existing program?
No, existing programs will have their Security Management settings default to take no action. Referrals will still be flagged as part of the referral moderation process so that you can still see any potentially fraudulent activity. These criteria, which are visible when viewing an individual referral, can help you better understand the impact of turning on the Security Management system for your program.
If you have any questions about the advantages that turning on the Security Management System will have for your program, as well as any concerns about conflicts it might bring up, please feel free to contact our support team.
What happens if a referral gets accidentally flagged as fraudulent?
This referral will be held for moderation and you can still approve these referrals.
The program owner will be notified about pending referrals so any referrals that do get flagged can be looked into.
How can I add my own Security Management System?
The Referral SaaSquatch platform enables you to extend our referral moderation process through your own referral moderation logic if you so choose.
Please contact our support team to find out more about how to go about your referral program even more powerful.