Sven Hezel

Similar documents
ADVANCED FRAUD TOOLS TRIGGERED RULES

HOW DOES GOOGLE ANALYTICS HELP ME?


PRIVACY POLICY. I. Introduction. II. Information We Collect

GOOGLE ANALYTICS 101

SharePoint Intranet and Internet Spaces

First Steps. QUALITYCLICK.COM c/o NetSlave GmbH Simon-Dach-Straße 12 D Berlin

If you have any questions about our privacy practices, please refer to the end of this privacy policy for information on how to contact us.

Web Tracking for You. Gregory Fleischer

HW9 WordPress & Google Analytics

STOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect

How To Prevent Fraud Through Ad Verification

Tracking True & False Demystifying Recruitment Marketing Analytics

Law Enforcement Recommendations Regarding Amendments to the Registrar Accreditation Agreement

graphical Systems for Website Design

Privacy Policy Last Updated September 10, 2015

Privacy Policy. What is Covered in This Privacy Policy. What Information Do We Collect, and How is it Used?

Configuring an External Domain

F-Secure Internet Security 2014 Data Transfer Declaration

Google AdWords customers can see their Analytics data from inside their AdWords account

A Guide to New Features in Propalms OneGate 4.0

Additional information >>> HERE <<< Free Download buy website traffic. Click Here =>

PARTNER GUIDELINES

BRIEFING PAPER - Rogue Affiliates Distributing CSAM using Disguised Websites (Public version)

CYBERCRIMINAL IN BRAZIL SHARES MOBILE CREDIT CARD STORE APP

Privacy Policy. When you create an account or use our Service, we collect the following types of information from you:

Google Analytics Guide

1. The information we collect and how we collect it.

Urchin Demo (12/14/05)

1 Which of the following questions can be answered using the goal flow report?

Rogue DNS servers a case study

Running the Tor client on Mac OS X

Technical Brief: Dynamic Number Insertion

Measurabl, Inc. Attn: Measurabl Support 1014 W Washington St, San Diego CA,

Controlling Risk, Conserving Bandwidth, and Monitoring Productivity with Websense Web Security and Websense Content Gateway

Device Fingerprinting and Fraud Protection Whitepaper

AUDIT REPORT AUTOMOTIVE TRAINING & DEVELOPMENT. 08 Jan Report Content Last Updated. Local Visibility. Local Reviews. Off-Page Optimization

PRIVACY POLICY. 1. Definitions and Interpretation In this Policy the following terms shall have the following meanings:

web analytics ...and beyond Not just for beginners, We are interested in your thoughts:

Is Your Google Analytics Data Accurate?

Debugging With Netalyzr

Security Task Manager User Guide

Quick Installation Guide

A guide to affilinet s tracking technology

Estée Lauder Companies Global Jobs Website Privacy Policy

Additional information >>> HERE <<< Best Way to Get Website Traffic Real User Experience

Moreketing. With great ease you can end up wasting a lot of time and money with online marketing. Causing

Webtrends for SharePoint 2010 A Microsoft Preferred Analytics Solution for SharePoint

Website analytics / statistics Monitoring and analysing the impact of web marketing

APPLICATION PROGRAMMING INTERFACE

Online Certificate March 2012

NATIONAL CREDIT UNION ADMINISTRATION 1775 Duke Street, Alexandria, VA 22314

How using Google Analytics can improve your website performance and social campaigns

Online Payment Fraud. IP Intelligence is one of the top five techniques used to detect and prevent online fraud

Privacy Policy Version 1.0, 1 st of May 2016

Who will win the battle - Spammers or Service Providers?

Evaluating the impact of research online with Google Analytics

How To Filter From A Spam Filter

FitCause Privacy Policy

Resilient Botnet Command and Control with Tor

19 LCD / 8 CHANNEL DVR COMBO WITH 160GB HDD & 4 CAMERAS

Pass Through Proxy. How-to. Overview:..1 Why PTP?...1

Technical Brief: Google Analytics Integration

Working With Your FTP Site

Pick and Mix Services

TP-LINK TD-W8901G. Wireless Modem Router. Advanced Troubleshooting Guide

AUDIT REPORT NO MORE PHONE TAG. 10 Jun Report Content Last Updated. On-Page Optimization. Off-Page Optimization. Keywords Report.

Unified Security, ATP and more

Mobile Casino Marketing Guide. The Time for Mobile is Now!

Ethical Hacking Course Layout

How To Use Windows Live Family Safety On Windows 7 (32 Bit) And Windows Live Safety (64 Bit) On A Pc Or Mac Or Ipad (32)

Impressive Analytics

VIRUS TRACKER CHALLENGES OF RUNNING A LARGE SCALE SINKHOLE OPERATION

Without prejudice to the generality of the foregoing paragraph, The Gallery Tattoo Studio does not warrant that:

FLASH DELIVERY SERVICE

Transcription:

Sven Hezel sven@24metrics.com

Uncovering Pattern using BigData and AI Identifying Relationships to high and low paying users (e.g.) - Screen Resolution - OS Detection (Win vs. Mac) - Order Value Analysis - Referral URL Checks - Conversion Rate Analysis Fraud Detection and Predictive Analytics

IS YOUR TRAFFIC HIGH-QUALITY? Our research suggests that 18% of all Paid Web Traffic is Fraudulent. It goes further than that with Mobile where Fraud can be as high as 40%.

COMMON BEST PRACTICES Order Value Analysis Affiliate Screening Conversion Rate Analysis Referer URL Checks IP Address Checks ROI Checks

ISSUES WITH FRAUD SCREENING Only sample checks Analysis is possible Precious time is wasted Affiliates sign up under multiple fake accounts Reliably Identifying Cookie Dropping Networks exchange offers between them Analytics takes a minimum of 2 weeks No permanent exclusion possible Not possible to analyze mixed traffic No Abusive User Exclusion Difficult to detect Adware / Bad Promotion (Order + Bonus Voucher that does not exist)

THE NETWORK DIAGRAM Your traffic presumably comes from a limited number of affiliate ID s. ADVERTISER Only a careful and complex analysis can bring your business back on the right track. Network 1 Network 2 Affiliate 1 Affiliate 2 FRAUDSTER Affiliate 3

BUT IN REALITY Networks are very often signed up as affiliates to other networks. ADVERTISER Network 1 Network 2 Fraudsters can only be driven away for a limited time. Affiliate 1 Affiliate 2 Network 3 Affiliate 3 Sub-affiliate 1 FRAUDSTER

POSSIBLITIES TO TACKLE PROFILE FRAUD Check your affiliate s IP on signup, as it might be a proxy. Limit countries that can join in. Fingerprinting to identify duplicate accounts Minimize Fraud already on signup Blacklisted Email Domains (mailinator.com)

Suspicious Spikes Plot Graphs to check Conversion Volume. Spiking Affiliate Traffic (especially from unknown affiliates are very often fraudulent) 70 60 50 40 30 20! Check with Affiliate Clicks Convs 10 Hours 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 Affiliate 1 Affiliate 2 Affiliate 3

CONVERSION RATE ANALYSIS Gain new insights by checking daily and hourly conversion rates. You can easily plot similar graphs in Excel or Google Sheets. Clicks Convs Hours

REFERER URL CHECKS Shows the source the traffic came from - Does the product match with site? (e.g. a Healthcare site delivering lots of Game Leads) - Banner Promotions should contain a Referer URL. - Blocking of Category (P2P / Adult etc) - Screenshot of Promotion Page at Conversion Time - Filtration of Sub URL / Keywords

DETECTION OF ABUSIVE USERS Automatic Detection of previously marked abuse Users (e.g. high return rate) Possible to check across brands

TOOLBAR DETECTION Detection of Traffic generated through Toolbars / Adware Checking on Fraud related Browser Extensions or Plugins to generate Fake Traffic

PROXY / VPN Proxies are very often identifiable just by their name. There are a variety of free resources on the web to check IP info such as whoer.net or freegeoip.net.

CLEAN IP vs TOR IP 91.109.247.173 My IP address formats tor-exit2-readme.puckey.org Hostname 91.109.247.173 Mail server epistle.puckey.org IP range 91.109.246.0-91.110.63.255 ISP UK2 - Ltd Organization UK2 - Ltd Yes (Illegal 3rd party exploits, including proxies, Black list worms and trojan) Proxy headers No ports check TOR Yes Anonymizer No My IP address 93.205.98.43 formats Hostname p5dcd622b.dip0.t-ipconnect.de 93.205.98.43 Mail server rx.t-online.de IP range 93.205.98.0-93.205.99.255 ISP Deutsche Telekom AG Organization Deutsche Telekom AG No Black list Proxy headers ports TOR Anonymizer No check No No Tor IP German Telekom DSL

TimeZone Offset When many conversions show a difference between the TimeZone of the IP-Address / Local Computer Time it can be an indication to fraud. www.whoer.net/extended Germany Country (DE) more Continent Europe Region Bayern City Munich ZIP code N/A Latitude 48.15 Longitude 11.5833 Map show Time zone local system UTC GMT DST Europe/Berlin Sun Mar 22 2015 17:03:52 GMT+0100 (CET) Sun Mar 22 2015 23:03:52 GMT+0700 (KRAT) Sun Mar 22 2015 16:03:52 UTC Sun Mar 22 2015 16:03:52 GMT No

USER AGENT ANALYSIS Real traffic comes from a balanced mix of browsers and operating systems.

SESSION TIME Time between a click and a conversion (Registration / Install etc.) - Below-average session times indicate automation/ bots. - Above-average session in combination with a low CR (<0.1%) indicates Cookie Dropping

THANK YOU! Subtitle Sven Hezel List item List item List item E-mail: sven@24metrics.com Tel: +49 8941613283 List item Slide has a You can Download this presentation here: http://www.24metrics.com/downloads/ QUESTIONS? CONCLUSION

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information