Fraud Prevention Strategies

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
jack_indigo
Forum Contributor
Posts: 186
Joined: Sun Jun 08, 2008 11:25 pm

Fraud Prevention Strategies

Post by jack_indigo »

I want to do fraud prevention strategies on my site with ad clicks. I'd like to hear your view. But instead of relying on the ad provider (like Google AdWords, or ValueClick CPM banner ads) for the fraud prevention, which would basically drop me instead of dropping the people using the ads on my site, I want to implement yet another layer of fraud prevention.

The scenario is that users sign up on a site, reserve special slots on my site (sometimes multiple times a day), and then give those URLs out to visitors. Visitors arrive and click the ads. With enough valid ad clicks, my registered users get a portion of the ad revenue deposited in their accounts via Amazon.com coupon codes (I'm supposing).

I was thinking of a fraud prevention strategy like this:

1. User registers on my site. I gather their IP address and their UserAgent header. In particular I'm mostly concerned with the first two octets of their IP address, such as 190.201.

2. Registered user does a particular activity on my site (the profitable business niche) that gives them a space on my site just for them. They then offer that space to other visitors who are not registered users. Again, I track UserAgent header and their IP address.

3. A visitor visits the site via the link provided to them via the registered user and see an ad in the space provided. They click the ad.

4. I check the UserAgent and IP address of the visitor:

a. If the UserAgent is an exact match of the items collected in (1) or (2) above, I block the Registered User from getting 50% of their ad click credit on their account for this click. This is just a failsafe and is actually kind of disappointing, but I don't see another way to do it.

b. If the first two octets of the IP address matches items collected in (1) or (2) above, I block the Registered User from getting 100% of their ad click credit for this click. This is a little closer to reality, but as you can see it's kind of a shotgun approach to fraud prevention.

c. If I get more than 20 clicks per hour on an ad for a user, I stop click credits for that reserved space for that Registered User. Since Registered Users will be creating multiple reserved spaces (several a day for instance) on my site, this actually seems a little fair to me.

d. I put a cap of 200 ad clicks giving credit per reserved space for that Registered User.

e. When Registered Users want to create these reserved slots on my site, I'll use 1 in 5 random odds whether to show them a captcha or not.

So, between UserAgent checks, IP octet prefix checks, clicks per hour checks, click max caps, and random captchas -- I'm thinking that might control the hackers who try to game the system at least a little.
Post Reply