RISK

Risks of commercial fraud and closed APIs

14 Dec 2021 I 12 min read

Online companies are constantly searching for the new methods of customer acquisition as well as new ways of services provision on the financial market. However, speaking about online business in general and online lending in particular, it is more important to find the balance between business volume which you can acquire via particular channel as well as its quality and the risks related to it.

Taking into consideration that the marketing expenses is one of the most significant shares of any online business budget, this also implies that such expenses are the most sensible for P&L. So we would like to tell you about the various client acquisition approaches and risks, related to them.

In general all the fundamental ways of traffic attraction can be divided into two large groups. The firs group is related to independent acquisition (the so-called organic traffic) and the second group consists of the partners' resources usage (partner or affiliate marketing).

  • Organic traffic is one of the most common and easily implemented methods, when a company uses various marketing instruments in order to attract traffic to its web sites, lending pages as well as mobile applications, for example, using seo tools, search advertising etc. Potential client directly links to company's web site and gets the access to either a product or a service. The advantages of such approach is transparency as well as direct access to the potential audience and the opportunity to implant all the tools available for analysis and decision making. The main difficulties are rather high cost and high standarts set on team's technological expertise - a company constantly needs to work on the targeting and advertising mechanisms improvement, test various scenarios, copywriting and ad creative. Basically we can say that such way should be described as "business into business" model with it's own P&L and KPIs.
  • Partner or affiliate marketing is a way to acquire new customers by means of partner's resources, who get access to the traffic using a model when an affiliate earns a commission for marketing company's product, for example, issued loan. The main advantage of such model is gaining rather quick and relatively budget-friendly access to the large volume of targeted traffic in comparison with the various tools used for organic traffic growth on the web site of a company, also scaling and automatization become much more easier. Besides there is no need in far-reaching expertise from online business behalf, in general, all the acquisition comes down to the necessary APIs connection of those lead generators or brokers, which are going to provide a company with the relevant traffic.

In this article we are going to consider in details all the advantages and risks of such customer acquisition approach.

What approaches can be pointed out within the frames of affiliate marketing?

  • Redirect - when a broker, lead generator or online seller within the frames of loan selection services or product/service realization redirects the client to financial institute's online platform (for example, via iFrame). Often it happens seamlessly for a client and financial institute acquires the direct access to potential client and can use all the tools for underwriting, risk assessment and verification.
  • Closed API - is this case the source of an external partner is used also, for example, aggregators, financial platforms or loan selection services, but, contrary to the previous redirect approach, the mechanism of work with financial institutes is different. A client fills in a form or an application on a broker's or aggregator's platform and this application is sent to potential creditors via closed API (back-end systems of a broker or an aggregator is integrated directly to back-end systems of financial institutions), the number of potential creditors can be significant. Every creditor gets rather limited data set on the applicant.

This method is widely used in many countries. For example, it is rather illustrative example in EU countries, where using such method a company can generate from 50 to 90 % of traffic (before the pandemic this number was closer to the upper limit, however during the pandemic and due to all the restrictions related to it, in the midst of economic hard times, this rate was slightly declining but after that increased back again).

What are the main risks of this approach?

  1. Applications flow quality and risk level - in comparison to the "organic" method, risk level in this situation is much higher and it also affects greatly portfolio P&L in general and also within the terms of attracting of new clients. Creditors often find it difficult to assess the loan applications due to the limitations implied by a narrow personal data vector fields on a volume of data transferred. Also any alternative ways of data assessment are usually out of reach. This situation leads to a higher risk level on such traffic or lower conversion level, or, sometimes, both.
  2. Commercial fraud is the most widespread and complicated problem, as within the frames of detection, but also within the frames of financial effect and, at the same time, due to great amount of typologies and patterns, the share of such fraud is increasing. In commercial fraud several patterns can be distinguished.
  • Repeat leads

In a model, when an online company pays commission for an application, it can get a lead which has already been sent to the other companies with a higher rate and also, most likely, with higher expected risk level (since this application has not been approved several times, obviously, there were some reasons for that).

In a model when an online company pays for a loan issue, a broker or an aggregator get the commission as a percent of the sum of a loan or a credit, however the situation has not changed much either, - the higher application flow risk leads to a reduced conversion, increased operational costs, losses and decreased LTV, as selling of repeating loans and other cross sales usually get complicated in this case.

  • Early repayment

Another risk is related to the situations when a loan is repaid in advance, for example, the very next day it was issued. From the perspective of credit risk such borrower is clearly reliable, mostly because the creditor does not sustain losses, but speaking about P&L such situation is not preferable for any financial institute, since the creditor bears expenses for lead acquisition, financial product issue and won't get any profit currently or in the future, as such loan or a credit can not be used for cross sales or repeat loans. If a share of such applications in broker's or lead generator's channel is too high, there is a chance that such applications are generated artificially in order to gain the commission for clients acquisition and its reselling to some other creditor.

  • Multiple leads sent to an unlimited number of users

It seems that such model must increase the conversion by means of larger offer, however, in fact, it can lead only to customer frustration and dissatisfaction, since there is a false evidence of credit availability for high risk clients, however their application will most probably be rejected, or it may also imply a lot of unnecessary communication for low risk clients, while they only wanted to get the best proposal rather than interact with different financial institutions.

Advertising fraud - main types and trends

Now we would like to discuss the most common types of advertising fraud aimed at organic traffic manipulation;ations as well as related to affiliate marketing. Also we are gong to talk about the ways to detect and prevent them. Many of this types are connected with the artificial generation of unproductive traffic, which actually is no surprise, because, according to the latest researches, less that 60% of all the internet traffic is human. Depending on a budget for internet promotion of a company, ad fraud depends on the campaigns results and outcomes and also on ROI.

--------------2021-12-20---11.52.54 One of the most primitive strategies of unfair competition, which usually prevents the company from estimating the real volume of organic traffic, coming to company's website, - is related to context advertising invalid clicks. Competing company employees or some special stuff which were hired by a rival competitor, click on a context advertising link, video, advertising in social media or browser search result. Sometimes those who click the links use anonymous VPN in order to bypass the filters of advertising systems. Of course, such source of traffic does not lead to income in any way, a lot of companies even refuse to use such promotions channels and come to a conclusion that it just does not work. Click bots are also often used for it - specific programs or scripts configured to click on a context advertisements. Speaking of the percentage ratio, the number of such clicks may be from 20 to 60%, which has a significant impact on ROI - every click either does harm to a company's budget, or takes away the potential client.

--------------2021-12-20---11.53.28 SDK-spoofing or preset is relatively new type of mobile fraud, which implies the situation as if mobile application is been downloaded by means of malicious code in SDK-file.

--------------2021-12-20---11.53.58 As for the main types of fraud related to affiliate marketing, click injection slightly resembles click-bots fraud, however during the installation performed by an application user to Android operating system, malicious program installed on a device initiates a click on an application attributing this action to it's advertising account. Thus, for every such click a company pays commission to an affiliate, which practically did not anything in order to attract a client.

--------------2021-12-20---11.54.30 Cookie stuffing is also one of the most popular types of fraud related to affiliate marketing. Using the cookie files stuffing in a browser, a fraudster can easily add up to several dozens of partners resources undistinguishable. By clicking the link a user practically does a targeted action and a company Pais the commission for a lead which was attracted independently from any partners. Such fraud scheme also leads to the situation when a traffic has initially no chance to be converted into a sale of a product or service.

One of the main evidences of this type of fraud is a sudden increase of partner marketing costs without the relevant or noticeable ROI.

--------------2021-12-20---11.55.05 Ad stacking - rather popular type of mobile fraud which can usually be found in payment-for-clicks advertisement. A few advertisement are stacked one upon another and an end user only can see the last one. So an advertiser pays for the clicks and impressions, though a user does not see his advertisement.

--------------2021-12-20---11.55.47 Pixel stuffing is advertising sized 1X1 pixel. A user obviously can not see it and, at the same time, a company has to pay for advertisement shows and impressions.

Which channels are exposed to ad fraud most?

In the first six months of 2021 because of fraud related to mobile applications a lot on online companies lost about 1,6 billion dollars. Most part of it accuses to APAC. At the same time financial sector is the most vulnerable, it accounts for more that 40% of total losses from fraud risk. Bots are the most common threat within the frames of application downloading globally.

According to analytical report of Advertising Fraud statistics, by 2022 the total damage from thee most common types of fraud in online business mobile channels is going to reach 65 billion USD.

https://www.businessofapps.com/ads/ad-fraud/research/ad-fraud-statistics/#1

To sum up all the above mentioned, affiliate marketing model has an upward tend and prevails in many markets all over the globe, since it lets to boost the volumes of traffic steam. On the other hand, such approach leads to the maximum risk level as regarding the fraud-patterns variety and the difficulty of detection and prevention of those patterns, but, which is more important, regarding the level of negative impact on financial institute P&L breakdown, and the excessive enthusiasm in using closed APIs makes financial institute even more vulnerable. Moreover, the risks are not unique for one particular country, and in some proportions exist in many regions, including Russian Federation.

What methods of risk reduction do exist?

The core and basically the only way to decrease such risk is to increase the transparency dealing with aggregators, brokers and financial platforms. In real case scenario it may be achieved by the increase of initial flow accessibility for the alternative instruments of risk assessment applications, received from lead generators. It may be done in different ways - for example, via providing the access for the alternative risk assessment technologies directly to the brokers or aggregators platforms, in credit organizations' widgets - either on a web site or SDK in mobile apps (a method, which is constantly used in installment credit selling) with the following transfer of a safe token to the financial institution's side, which, by means of such token, gets the access to alternative risk assessment instruments online, for example, with JuicyScore solution.

In such case JuicyScore lets to achieve a number of goals:

  • Device authentication when a user enters aggregator's web site, which means, in particular moment when an intention of obtaining financial product is being converted to an action;
  • User behaviour patterns identification, including various anomalies, risk-markers, stop-markers related to the device and internet connection in the very moment of filling the application form for credit product obtaining;
  • The increase of information value due to the data different from traditional sources. In a wide range of markets such solutions may be unique and more effective in terms of decision making ability.

JuicyScore lets to filter out applications with the evidence of high fraud risks as well as commercial fraud risk, the number of which has increased recently.

Apart from JuicyScore solution we also propose our clients to use Juicy ID, which has the same device authentication technological stack as JuicyScore, but also allows to strengthen the exterior client's personal account perimeter on a web portal or mobile application of financial institute, to verify the great number of dangerous anomalies on the device, to highlight all the connected devices of the same user, and, as a result, to decrease the number of losses connecter with repeat loans.

The combination of various alternative risk assessment methods will allow to preserve all the advantages and technological effectiveness of integration via API, and also will increase the transparency and effectiveness of this channel, this also lets to decrease risk level and increase the conversion rate, as well as to provide the additional information value in those segments, where the level of loan rejections is related to the lack of sufficient data volume in order to access the application.

Juicyscore experts believe that all the online-based companies need to adjust their technologies of fraud prevention and protection in accordance with the constantly developing online fraud technics as well as to prevent new types of fraud. The access provision of alternative assessment instruments on online companies' resources will give those brokers and aggregators competitive advantage and also will create a high level of confidence to financial institutes by means of the transparency increasing in all affiliate marketing in general and closed APIs in particular, and, as a result, will lead to better financial results for all the perticipant of this process - the increase of convertion into sales, risk level decrease and customer loyalty increase.