Cookie Stuffing: What you need to know about fraud in CPA platforms


Cookie stuffing is one of the most popular types of fraud that E-merchants face in their work with CPA platforms. Cookie Stuffing – also known as Cookie Dropping – accounts for nearly 60% of CPA affiliates’ total fraud.

The method used is as follows: the fraudulent affiliate forces the installation of an affiliate tracking cookie on as many computers as possible. Then, if the user buys on one of the shops concerned, tracked by the cookie, the CPA platform will claim a commission for the fraudulent affiliate.

To do this, the fraudulent affiliate can use different means: Popup, JavaScript, iFrame, Image, PHP Script.

The Cookie Stuffing process is detailed in the diagram below.

The user cannot see the installation of cookies. And as is clear from the previous diagram, after making a purchase on the site, the order ID is sent to the CPA partner platform and the commission is paid to the fraudulent affiliate. And this while the user comes from another marketing channel, paid (SEA, SMA, …) or free (organic, type-in, …).

This type of fraud is the most common, because the technical implementation of the cookie deposit only takes a few minutes, and it is very difficult for an E-commerce site to identify it.


How to identify the installation of cookies

A first method consists in reconciling the orders recorded by the E-commerce site with those collected by the partner CPA platforms by checking their source, for example using a standard analytical solution such as Google Analytics or Omniture. But these tools only deduplicate orders on the last click – or last non-direct click. When the E-commerce site works with a CPA platform with a post-click deduplication model, the reconciliation of orders with analytical solutions will be inefficient.

Therefore, to identify and protect against CPA affiliates’ fraud, it is necessary to use a specialized anti-fraud tool. The latter must be able to identify the presence of the CPA platform in the conversion path.

And in order to have a good arbitration, the specialized anti-fraud tool must also allow:

  • to identify the most recent interaction if several CPA platforms are present in the same conversion path
  • to validate that the winning click has been made within the pre-order period set with the CPA platform (cookie time)

In addition, it is recommended to have a detailed analysis of the quality of each affiliate’s traffic, an automatic arbitration tool and a solution to block fraudulent affiliates.

Based on our experience with many large E-commerce sites, they lose between 10% and 50% of the marketing budget spent on the Affiliate channel due to Cookie Stuffing.


MediaMarkt – a striking case of Cookie Stuffing

MediaMarkt (Media-Saturn Holding) is the European leader in the sale of household appliances and consumer electronics with more than 800 stores in 14 countries and a turnover of 22 billion euros.

At the time of integration with TrackAd – our anti-fraud tool – MediaMarkt was working with two major affiliate platforms. The objectives of the integration with TrackAd were:

  • to have a better depth of analysis by benefiting from performance at the affiliate level
  • to detect possible fraud

MediaMarkt used Google Analytics Premium, plus an internal anti-fraud solution and the support of a team of analysts.

At the end of the first month of data collection, 48% of the orders from the affiliate channel were identified as Cookie Stuffing.

All fraudulent affiliates were blocked, saving 53% of the affiliate marketing budget without losing orders across all channels.

Let’s hope that this case will inspire other E-commerce sites to equip themselves with a powerful anti-fraud solution.

Let’s get in touch!

Let’s have a first discussion to understand your current online acquisition challenges.