Fraud, Security and Fake Referrals
Rewards that are offered in your referral programs can be the target of fraud and faked referrals. This is why SaaSquatch has a number of security features to help you prevent, detect and respond to these attempts at defrauding.
Some examples of fraud are:
- Self-Referral: Existing users creating fake referrals to take advantage of referral prizes
- Exploitation: Anonymous internet users creating referrals for personal financial gain
- Account Cycling: Existing users signing up for and cancelling subsequent accounts
- Broadcasting: Posting referral links on coupon sites or other locations your company does not approve of
There are three parts to a complete fraud management strategy:
- Prevention: The best strategy for fraud management is in the structure of your referral program and identity systems to make fraud financially and/or logically infeasible.
- Detection: In some cases, not all types of fraud can be prevented, leaving additional cases to be detected through automated algorithms and human oversight.
- Response: Every business has their own practices on how best to respond to fraud cases. This could include removing rewards, suspending accounts or even seeking legal recompense.
🔗 Fraud Prevention
The best strategy for fraud management is to prevent fraud before it happens. This can usually be accomplished by choosing the right structure for the referral incentives and the goalpost required to earn a referral credit:
- Conversion goalposts should be meaningful to customer acquisition. Typical examples include making a purchase or fully experiencing a product such as setting up a website, verifying a phone number or making your first post. This makes exploiting the referral program harder, while still achieving your business goals.
- Incentives should be profitable to the company immediately or shortly after the conversion goal post is passed by the Referred User. This reduces the financial risk of any potential fraud, and in some cases can ensure a positive ROI from every possible referral.
SaaSquatch fraud prevention also takes advantage of a company's existing account and identity systems and leverages them to simplify referral program integration and the fraud preventions systems involved.
All SaaSquatch programs come with several built-in fraud prevention features:
IP Address Blacklisting: The SaaSquatch System provides the ability to blacklist both individual and ranges of IPv4 and IPv6 addresses. This can be done either from the Security Options menu or directly from the Manage User menu on a participant's profile page.
User Blocking: Individual participants in your SaaSquatch program can be blocked from making successful referrals. This is done by invalidating their referral code so that attempts to use it result in a
404 Not Founderror, or by not adding the tracking cookie to anyone who clicks on the sharelink.
Suspicious Email Address Domains: The SaaSquatch System automatically compares the domain of the Referred User's email address against an extensive and maintained list of known disposable and temporary email address domains. Furthermore, additional domains can be manually added to your specific list of blocked domains from the Security tab in the SaaSquatch portal.
Existing User Detection: SaaSquatch offers a flag that can be applied to current paying customers and prevent them from being referred. This protects against paying users referring themselves or paying users finding a referral link in the wild (i.e. social media or coupon sites) and using it to get a false discount.
Two-step Referral Tracking: The process for how SaaSquatch tracks a referral for new users is separated into the two steps of Attribution and Conversion. This lets your referral program be structured so that referral rewards are only triggered for conversion goalpost events like purchases even though referrals are fully tracked for free accounts, un-verified accounts or partial carts.
Consolidated identity: SaaSquatch is designed to easily connect with your user database and other identity systems. Users in SaaSquatch are tracked by account and user identities, which means that your existing systems for account de-duplication, email address verification, credit card authorization, social log-in, and account lockdown are automatically tied into your referral program.
Explicit Double-sided Incentive Management: SaaSquatch manages all rewards associated with a referral program; both the rewards earned from making referrals as well as the rewards given to new users in a double-sided incentive program. SaaSquatch also ties these rewards tightly to your users identities. This lets companies have complete control over what rewards users have access to, revoke rewards, track payout and avoid the potential headaches of leaked global-use coupon codes or secret landing pages.
Other fraud prevention measures that involve other systems:
- The Threat of Cancellation: Existing users that are looking to game the referral system can often be deterred by the threat of losing access to their account. This is particularly effective for SaaS, games, or marketplace companies because users often have vested value in keeping their accounts active, and fear losing access to a service they regularly use.
Example 1 -- Bad Incentive, Shallow Goalpost, No Implicit Prevention: For example, imagine a referral program that gives people $100 in cash for each email address that they provide to an anonymous web form. It is easy to exploit this type of program by providing fake email addresses, especially with unidentified users making referrals. While it would still be possible to create systems for fraud detection and response within SaaSquatch, it would be a routine exercise to get around those systems with access to fake email addresses and proxy servers. Even if someone was caught repeatedly abusing the system, they would have already received their cash payout and the company would have no viable tracking means to pursue response from potentially untraceable individuals.
Example 2 -- Good Incentive, Rewards for payment, Implicit Prevention Constraints: The referral program structure gives people a credit towards a future purchase when a friend makes a purchase. The credit can only be applied against future purchases, preventing people from exploiting the system for cash benefit. The credit is associated with an account, so if someone is caught, the credit could be revoked, and the account cancelled. The friends are required to make a purchase, creating a paper trail of purchase information (such as credit card) that can be used to de-duplicate accounts, and for fraud detection and response.
🔗 Fraud Response
The best strategy for fraud management is preventing fraud before it happens, but sometimes you may need to respond to fraud cases regardless either on a one-off basis, or as a general strategy.
The first step of responding to a potential fraud case is investigation. Not all cases are worth a formal action. In some cases, for example, multiple people may genuinely share the same name, and the potential case can be ignored.
If the names do not match but you are still suspicious of a referral, perhaps one user has made a large number of referrals in rapid succession, you are able to investigate the referral further and review:
- The IP address of the referrer and referred user
- The email address of the referrer and referred user
Alternatively, if you are suspicious of a specific user you can view their referral history from their profile, which will show you the name and email address of each person they referred. You can then further investigate each referral to verify IP address.
SaaSquatch allows you to revoke historical credit that has not yet been used. There is no timeline by when rewards can be cancelled, but some reward types by their very nature are uncancellable, like for example a coupon that has already been redeemed.
Fraud response strategies may also involve other external systems, like your account, ecommerce or CRM systems. Other types of fraud action may not explicitly rely on using SaaSquatch.
- Account Cancellation: If someone has been found to be repeatedly abusing the referral system, a logical avenue of recourse would be to cancel their account and blacklist them. In most cases the threat of this is sufficient to stop the activity in question.
🔗 Fraud Services
Fraud management is not one size fits all. SaaSquatch provides a number of professional services to help design, manage and maintain your referral program and the fraud, gaming and fake referral considerations therein.
Fraud Management Strategy Consultation Services: SaaSquatch has implemented fraud management solutions across industries such eCommerce, SaaS, mobile and POS situations for private and publicly traded companies, startups and fortune 500 companies alike. Companies that subscribe to our Pro and Enterprise plans are eligible for limited complimentary consultation as part of the onboarding package. Further consultations are available on a per hour or per diem basis.
Fraud Investigation Services: SaaSquatch investigates all reported patterns of fraud as a service to our customers. We continuously monitor for new types of fraud, gaming and fake referrals to stay on top of the new development in social network sharing, privacy blocking systems, proxy networks and anonymous systems. All Referral SaaSquatch customers are urged to report any patterns of suspicious activity directly to SaaSquatch support.