Fraud Detection Setup

Fraud detection is disabled by default to avoid false positives during initial setup. Once you have baseline traffic data, enable it.

Turn On Detection

1. Go to Settings → Fraud Detection
2. Toggle "Enable Fraud Detection" to On
3. Select sensitivity level
4. Save configuration

Sensitivity Levels

• Low - Only flags obvious fraud (recommended for new programs)
• Medium - Balanced detection (recommended after 1-2 months)
• High - Aggressive detection (may have false positives)

What Gets Checked

When enabled, Attro analyzes every click and conversion for:

• IP address reputation and behavior
• Click velocity (too many too fast)
• Geographic consistency
• Device fingerprint patterns
• Conversion timing anomalies
• Referrer legitimacy

Recommendation: Start with Low sensitivity for 2-4 weeks. Review flagged items to understand your baseline, then increase to Medium.

Velocity limits prevent rapid-fire clicking from bots or click farms.

Set Limits

1. Go to Settings → Fraud Detection → Velocity Rules
2. Configure per-IP limits
3. Configure per-affiliate limits
4. Choose enforcement action
5. Save

Recommended Settings

| Metric                        | Limit    |
|-------------------------------|----------|
| Clicks per IP per hour        | 10       |
| Clicks per IP per day         | 50       |
| Clicks per affiliate per minute| 100     |
| Clicks per affiliate per hour | 1,000    |

Enforcement Actions

• Log Only - Record but don't block (for monitoring)
• Flag - Mark for manual review
• Block - Reject the click and don't count it
• Alert - Send notification to admins

Tuning Your Limits

Start conservative and adjust based on data:

// Review your click patterns
// Analytics → Clicks → Group by Hour

// If legitimate affiliate peaks at 500 clicks/hour during promotion:
// Set limit to 750-1000 (1.5-2x normal peak)

// If typical IP has 3-5 clicks/day:
// Set IP daily limit to 20-30

IP analysis is one of the most effective fraud prevention tools. Attro maintains databases of known bad IPs and can analyze IP behavior in real-time.

Automatic IP Blocking

Enable automatic blocking of suspicious IP categories:

• Known VPN/Proxy IPs - Hide user's real location
• Datacenter IPs - Servers, not real users
• Known Bot Networks - Previously flagged IPs
• Tor Exit Nodes - Anonymous browsing network

Configure IP Rules

1. Go to Settings → Fraud Detection → IP Rules
2. Enable/disable each category
3. Choose action (block, flag, or log)
4. Save

IP Whitelist

Add trusted IPs that should never be blocked:

• Your office IP addresses
• Partner company IPs
• Known legitimate affiliates

// Example whitelist entries
192.168.1.1       // Your office
203.0.113.0/24    // Partner network (CIDR notation)
198.51.100.50     // Trusted affiliate

IP Blacklist

Manually block specific IPs that you've identified as fraudulent:

1. Go to IP Rules → Blacklist
2. Add IP address or CIDR range
3. Optionally add expiration date
4. Add note explaining why
5. Save

Beyond simple velocity, Attro analyzes behavior patterns that indicate fraud.

Suspicious Patterns

• Fast Conversions - Purchase within 30 seconds of click
• Device Reuse - Same device, multiple "unique" conversions
• Geo Mismatch - Click in US, conversion in different country
• Referer Anomalies - Missing or suspicious referrer headers

Configure Thresholds

1. Go to Settings → Fraud Detection → Behavioral Rules
2. Adjust thresholds for each pattern
3. Set enforcement actions
4. Save

Time-Based Detection

// Suspicious conversion timing:

// Too fast (< 30 seconds)
// Likely: Cookie stuffing, bot conversion
// Action: Flag for review

// Very fast (30s - 2 minutes)
// Might be: Returning customer who knows what they want
// Action: Log, don't flag unless other signals

// Normal (2+ minutes)
// Expected: Genuine browsing and purchase
// Action: Normal processing

Device Fingerprinting

Attro creates anonymous fingerprints based on:

• Screen resolution
• Browser and version
• Installed fonts
• Timezone
• Language settings

Multiple conversions from the same fingerprint suggest fraud, especially if different customer emails are used.

Get notified when potential fraud is detected so you can investigate quickly.

Create Alert Rules

1. Go to Settings → Alerts → Add Rule
2. Name your alert
3. Set trigger conditions
4. Choose notification method
5. Save

Recommended Alerts

| Alert Name              | Trigger                          |
|-------------------------|----------------------------------|
| High Fraud Score        | Fraud score > 70                 |
| Velocity Breach         | Any velocity limit exceeded      |
| Datacenter Traffic      | > 10 clicks from datacenter IPs  |
| Conversion Spike        | > 3x normal conversion rate      |
| Refund Rate             | Affiliate refund rate > 15%      |

Notification Options

• Email - Immediate email to specified addresses
• Slack - Post to Slack channel via webhook
• Webhook - Call your custom endpoint
• In-App - Dashboard notification

Example: Slack Alert

// Alert configuration
{
  "name": "High Fraud Score Alert",
  "trigger": {
    "type": "fraud_score",
    "operator": "greater_than",
    "value": 70
  },
  "action": {
    "type": "slack_webhook",
    "url": "https://hooks.slack.com/services/xxx/yyy/zzz",
    "message": "🚨 High fraud score detected for affiliate {affiliate_name}"
  }
}

Regularly review flagged items to approve legitimate conversions and reject fraud.

Access Review Queue

1. Go to Dashboard → Conversions
2. Filter by Status: "Flagged"
3. Click on a conversion to see details

Review Information

For each flagged conversion, you'll see:

• Fraud Score - 0-100 risk rating
• Risk Factors - Why it was flagged
• IP Details - Location, type, reputation
• Click Timeline - Time from click to conversion
• Device Info - Browser, OS, fingerprint
• Affiliate History - Their fraud rate, conversion rate

Take Action

• Approve - Mark as legitimate, pay commission
• Reject - Mark as fraud, no commission
• Hold - Keep pending for more investigation

Bulk Actions

For efficiency, you can:

• Select multiple conversions
• Apply bulk approve/reject
• Export flagged items for external review

Tip: Document your decisions. If an affiliate disputes a rejection, you'll need records of why.

Attro automatically scores affiliates based on traffic quality, helping you identify problem partners early.

Score Components

| Factor              | Weight | Description                    |
|---------------------|--------|--------------------------------|
| Conversion Rate     | 25%    | Too high = suspicious          |
| Refund Rate         | 25%    | Chargebacks and refunds        |
| Click Quality       | 20%    | Real browsers vs bots          |
| Fraud Flags         | 20%    | Historical fraud detections    |
| Velocity Compliance | 10%    | Staying within limits          |

Score Interpretation

• 80-100 - Excellent quality, priority partner
• 60-79 - Good quality, normal operations
• 40-59 - Needs attention, some concerns
• Below 40 - Serious issues, consider suspension

Automatic Actions

Configure automatic responses based on quality scores:

• Score drops below 50 - Require manual conversion approval
• Score drops below 30 - Suspend affiliate automatically
• Score improves above 70 - Restore automatic approvals

View Affiliate Scores

1. Go to Admin → Affiliates
2. Sort by "Quality Score"
3. Click affiliate to see score breakdown