There are hundreds of sites offering robots to cheat CPC programs, organizations of cheaters ranging from kids clicking on each other's banners (click clubs) to criminal organizations. Affiliates are cheating with hotline servers, warez servers, ftp servers, form-fill robots, lead clubs - you name it. What you don't know can hurt you. It is highly advised that you refer to the following anti-fraud best practices.

Know your affiliates
Do your affiliates have an e-mail newsletter, or is all of their promotion of your program on the Web? Have they supplied you with every URL where they are promoting you? Did they ramp up quickly and then have a sharp decline in productivity? In some cases, a site with no relevance to your program will do well. It's up to you to find out how that happened.

If an affiliate has a newsletter, they may produce what appears to be questionable activity, such as big spikes every week or two. That's because they mention you in their newsletter every once in a while. Keep an eye on the referring URLs from your affiliates - you should mandate that they supply them all to you, and if there is traffic coming from an unknown URL, take a deeper look at this red flag.

IP addresses can help, but...
One way to identify possible click and lead fraud is to track IP addresses. If you see multiple registrations or many clicks from the same IP address, this can be indicative of questionable activity. However, proxy servers can throw a monkey wrench into this technique. Services that use proxy servers, such as AOL, send large volumes of clicks from the same IP address.

Daily inspections
Make it a habit to conduct a daily check of your top affiliates. After all, five percent of your affiliates will account for 95 percent of your activity, so you should know that five percent. Just a meer scan of the list of top performers each day will help to spot anomalies or new entrants into that top five percent. When new sites break in, investigate their site, and drop them an e-mail to let them know that they are on your radar.

Work together
When sites cheat your affiliate program, they are often cheating other programs. If you see other merchants on the page of a questionable affiliate, drop an e-mail to the managers of the other programs. After a short time, you will be able to assemble a list of fraudulent sites to check against your roster of affiliates.

Manually approve your affiliates
There's no question about it, affiliates prefer automatic approval. However, if you open the flood gates and let every interested site join your program, you are also making your program a target for the fraud sites. If you are diligent about keeping out questionable sites on the front end, you will not have as many headaches later on.

But be sure to maintain a frequent schedule of approving and rejecting sites. If affiliates have to wait days or weeks to hear back from you about their approval, the liklihood of them becoming active affiliates in your program is low.

Build probability models
Look at conversion rates, activity rates, and retention rates through your affiliate channel. What percentage of these people convert? What percentage of conversion are active? How long does your site retain the visitor?

Break down your various types of referring sites and get granular - what are the conversion, activity, and retention rates for each? Once you have these metrics, you can look at probability distributions and figure out which specific sites are sending you traffic that exceeds these norms.

For example, let's say a typical Geocities site has:

• 5% conversion rate.
• 10% of people are active.
• The visitor is considered active for seven weeks.

You can then build up basic probability models to determine where the potential fraud lies. If a typical Geocities site gets a 5% conversion rate, but only 10% of people are active, and the stay for seven weeks - it may not be fraudulent. But if there is a 20% conversion rate, 1% of people are active, and they stay for one week - it could be.

Is your form logical?
Logic checks can add a checks and balances process to your registration form. For instance, when someone enters an e-mail addreess, have your CGI script validate that the e-mail address includes an ampersand. This is a minor deterrent, but it will help to screen out those people that manually enter gibberish in order to generate commission from your program.

Things to do with e-mail addresses
Incorporate functionality into your registration forms where a confirmation e-mail is sent out to the person signing up. And only pay affiliates when registrations have been confirmed.

While this extra step will reduce the conversion percentage on your legitimate conversions, the confirmation e-mail is a great low-tech barrier to discourage people from manually completing multiple fake registrations.

Another step to consider is to be discriminating about the types of e-mail addresses that you deem acceptable. While you will inevitably turn away some quality registrants, it will reduce the degree of pay per lead fraud if you do not accept free e-mail services (i.e. Hotmail, Yahoo, etc.).