6 {{ upvoteCount | shortNum }}
6 {{ upvoteCount | shortNum }}

Affiliate Security Flaw?

by Paul Elliott
5 replies
A friend has an affiliate program set up by her site techs.

When I set up a redirect page with my Aff. ID, the redirect works well; however, the URL that shows up in the browser window is the proper page on her site but with my Aff. ID tagged onto the end of the URL.

Is this a problem that could be exploited to steal an affiliate's commissions?

I am under the impression that the security of the Aff. ID is one of the reasons why a redirect page is used.

Her tech support says, "There's no way anyone can steal commissions from your affiliates!"

I do know of a specific instance where commissions were stolen from an affiliate with Commission Junction.

Am I unnecessarily concerned?

Thank you.
Paul
#affiliate #flaw #security
  • Profile picture of the author rwil02
    It depends.

    If her system says "first affiliate for a visitor wins", then by the time they can get the URL, they've already been tagged (depending on your cloaking system that is).

    If it's "last affiliate for a visitor wins", then yes, they can steal the commission.
    Signature

    Roger Willcocks
    L-Space Design
    Please vote to help me win a 3kW solar array

    {{ DiscussionBoard.errors[332087].message }}
    • Profile picture of the author Paul Elliott
      Originally Posted by rwil02 View Post

      It depends.

      If her system says "first affiliate for a visitor wins", then by the time they can get the URL, they've already been tagged (depending on your cloaking system that is).

      If it's "last affiliate for a visitor wins", then yes, they can steal the commission.
      Thank you, Roger. I'm not sure what the "first" and "last" affiliate means. I guess I don't understand the process well enough.

      Paul
      {{ DiscussionBoard.errors[332623].message }}
      • Profile picture of the author rwil02
        Originally Posted by Paul Elliott View Post

        Thank you, Roger. I'm not sure what the "first" and "last" affiliate means. I guess I don't understand the process well enough.

        Paul
        Consider a single person who arrives on at the site on two different days, via two different affiliate links (say from Google Ads)

        First and last are based on the order of arrival.
        Signature

        Roger Willcocks
        L-Space Design
        Please vote to help me win a 3kW solar array

        {{ DiscussionBoard.errors[332815].message }}
  • Profile picture of the author awesometbn
    Seems like the regular public is becoming more savvy in their casual visits to websites, and if they see something in the URL or in the address bar of their browser that looks like affiliate links, they might try to change it manually to reflect their own affiliate link ID. I don't know why, unless the visitor is also an affiliate and wants cash back on that purchase, or the visitor simply wants to disrupt your tracking method.
    {{ DiscussionBoard.errors[348426].message }}
  • Profile picture of the author Paul Elliott
    Thanks to everyone for the help.

    Paul
    {{ DiscussionBoard.errors[359780].message }}

Trending Topics