The True Cost of Fraud and How to Reduce Your Risk
Companies using online lead generation campaigns face substantial litigation risk, often without knowing it. Even when they think they’re doing everything right, these businesses may be facing costly penalties. Why? Did you know that sweatshops and bots complete lead generation forms using purchased or stolen contact details just to get the affiliate commissions?
We’re going to show you how to reduce the cost and risk of the leads your business get. To make our point, let’s look at the problem from an old-school point of view:
Imagine that one day a shopper comes into your store. Walking around looking bored, he or she picks up a few random items before putting them back on the shelf. This goes on for a few minutes and then they leave. Does that sound like a good lead to you? And would you pay $20 for that shopper just because they have a unique lead ID with the name of the campaign that sent them to you?
Probably not, right? But this is exactly what happens online all the time. What’s more, online you can’t see them, so you can’t read their body language for intent or even ask them a question. Maybe you think that’s okay because it’s all about the numbers, and you win when you maximize your visitors.
Now let’s elaborate on this old-school analogy. Imagine that the shopper was interested, and that they left contact details, and even signed express written consent, allowing you to contact them. You’d be thinking that all you have to do is call them to complete the sale. But, do you know if they really, truly filled out the form with their own information?
Fraud could have cost a company over $40,000 last week
Now let’s look at a recent week’s data. This is real data from January 12 – 19, 2020. If you’re a pro, you can calculate the average price per lead in your head.
To break this down for you, human leads are actual, verified human beings. A clickbot is a program that clicks on an advertisement, is redirected to a landing page, and leaves almost immediately without any interaction. An advanced bot clicks on an advertisement, is redirected to the landing page, interacts with the page via scrolling or clicking, for example, to get a quotation, or whatever, but does not submit a form or leave any contact details. The last category, “Advanced bots submitting form,” are the most sophisticated: they go through the whole process and leave their contact details and/or payment details.
Armed with fraud detection technology, the company behind this campaign does not pay their affiliates for bot traffic, but only for human interaction. So based on this data, they save 14.6% of the money they would have otherwise paid for their leads.
But, their real problem is the advanced bots submitting forms.
Only 0.056% of all leads and only 0.44% of the bots submit forms. That sounds small, but each of those leads has been filled in with stolen contact data, without the actual person knowing that his/her contact data has been used. That means the actual person has not given their express written consent. I they know about the Telephone Consumer Protection Act (TCPA), you can be sure they’ll be suing you for their $500 as fast as they can.
When you’re calculating your risk, do you use real numbers like these or just “guesstimates”?
With costs like these, you can’t scale, can’t optimize and can’t grow. Fraudsters, on the other hand, will keep right on raking in the money. You thought it was a numbers game, remember? That if you maximized your leads, you’d win? Actually the fraudsters win.
But I Use an IP address Blacklist!
We hear this one a lot, too – a company uses an IP address blacklist and think they’re fine. If a bot can fake being a human, don’t you think it can fake its location, too? Take a look at this map of the 877 form submitting bots from our data. You can see that those aren’t a couple of massive data centers – those bots are scattered around. That means the bots and sweatshops use VPNs/private proxies with endpoints on residential IP addresses so they can match the telephone area code and the geo-location of the IP address.
The 877 form submitting originate from 862 different IP addresses and the ones who have shared an IP address are the ones using a gateway from/to mobile networks.
To make a long story short, fraudsters know you try to block IP addresses, so they work around that before they even approach your form. And they’ll keep rotating IP addresses, using each one once, to avoid detection by companies that think they have an effective tool.
Using IP black lists is like trying to sweep back the ocean – it just moves in around you, ignoring your efforts completely.
So what CAN you do about it?
You know you don’t want to run the risk of spending thousands per week on fraud. You know simplistic tools can’t save you. So what CAN you do? Don’t worry, there is plenty you can do, now that you know you need to take this more seriously:
- Enable bot detection on your landing pages and forms.
- Ensure that each lead arriving on your landing page gets reported back to you in real-time.
- Actively filter fraudulent data.
- Sample within the group of fraudulent leads to verify that fraudulent flagged leads are really fraud.
- Refuse to pay affiliates for fraudulent leads.
- Create proof of consent for each submitted form as evidence.
In our experience, you don’t have to pay affiliates for fraudulent leads – and that saves you much more than the costs of detection, not to mention litigation. Creating proof of consent also protects you from people who submit their contact details and then claim you violated TCPA when your call center contacts them. There are plenty of people out there who make that a game, where they win if you pay them a few hundred dollars. But with indisputable proof of consent, you can strike back and address these fake TCPA bounty hunters.