Who is this article for?
This article will be useful to you, if are a company on PartnerStack, looking to understand your Fraud Management tab.
Getting started with Fraud Management
PartnerStack has partnered with Sift, an industry-leading fraud detection network, to provide channel managers and their compliance teams strong protection against fraudulent partner activity.
Sift is trusted by brands like Twitter, Box, Doordash, Zipcar, Zillow, Yelp, and many others to provide robust fraud detection across hundreds of millions of data points.
In this article, you’ll learn:
- The basics of your Fraud Management tab and how fraud is detected
- How to protect your channel from risky activity that can impact your brand and bottom line
- Who to contact if you have questions
Who has access?
All PartnerStack programs have access to the “Fraud Management” tab. The Fraud Management tab is located in your dashboard's left-hand menu in the "Performance and rewards" section.
You must have Admin-level access in your program or have "Fraud" permissions toggled on by an Admin in your program to access the Fraud Management tab.
For more information on how to enable specific permissions for your teammates please see our Configuring teammate permissions support guide.
Your Fraud Management tab will look a little something like this:
*test data used, no relation to real partners or customers
How does Sift detect fraud?
You can think of the Fraud Management tab as an ever-present guardian that watches your partner programs for suspicious activity.
When key events occur in any of your programs, Sift will check the event for indicators of fraud. If an event is flagged for review, you can take the appropriate action within your Fraud Management tab.
Some elements of the fraud system depend on your integration. For example, anonymizing your email records will have an impact on fraud detection performance.
What's happening behind the scenes?
PartnerStack provides Sift data about observable events that occur on PartnerStack and through PartnerStack integrations.
Sift then builds a risk assessment around each user and event, blocking the partner or customer and notifying the PartnerStack fraud team and your program manager when there is a decision to be made. For security reasons, we can't fully detail the threat model.
What happens to rewards?
When a partner is flagged as fraudulent, their reward status automatically changes to "on hold". Every 15 minutes a check is performed to see if any rewards should be placed on hold based on currently flagged partners. If you dispute a fraud decision and the dispute is approved (the partner is reinstated) their rewards will automatically be taken off hold.
How is fraud identified and displayed?
Potentially fraudulent partners are identified in two areas of your dashboard. In your Fraud Management tab and in your Applications > Flagged tab.
In your application tab, you will see the flagged applicant, and the reason they have been flagged as potentially fraudulent.
For more information on reviewing your partner applications see our Using application forms support guide.
Currently, PartnerStack monitors the following events for fraud:
- A partner joins your program (partnership created)
- A referred customer purchases your product (transaction created)
- Ongoing user behaviour across the PartnerStack network (account updates)
Fraud logic by event
| Event | Data Monitored | Incidents that may raise an alert |
| Partnership created |
- User email - User session IP address - User device fingerprint - Partner status in PartnerStack network - User country - User address |
- Email matching or similar to another existing address - Email has a suspicious domain name - User IP address associated with suspicious activity User IP address does not match with the reported country - User device fingerprint matches another user's device fingerprint - User's location is far from the reported address |
| User behaviour |
- Behaviour in Partnerstack Portal - User metadata, historical behaviour |
- Unusual activity - Clustering of lower threat behaviours and metadata - Flagged behaviour on other platforms in the Sift network |
Using the Fraud Management tab
PartnerStack will let you know when we've identified any action suspicious enough to be blocked.
When PartnerStack blocks an event or partner, you will see a notification on your program dashboard under "Security Monitoring".
To review your suspicious cases: click the "suspicious cases" link in the Security Monitoring box on your home page, or click your "Fraud Management" tab in the left-hand menu.
Once you have navigated to the Fraud Management tab, you'll be able to review flagged behaviour, dispute decisions made by Sift, as well as remove fraudulent partners.
Active Cases Tab
After landing on the Fraud Management tab, you will see a list of all active fraud cases by default. The active cases tab includes all new fraud cases (red flag icon) and active fraud cases being disputed (clock icon). Any new fraud cases surfaced by Sift will be added to the active cases tab. In the active cases tab, you can search by partner name or sort by the flagged date/reward hold amount.
The following details are provided per fraud case in the active cases tab:
- Partner name
- Flag reasons as provided by Sift
- Hold amount and number of held rewards
- Flagged date
- Disputed date
When partners are flagged by Sift, their transactions will be automatically placed on hold to prevent any fraudulent rewards from being paid out. Their rewards will be marked with a hold status due to suspicious activity in the "Review rewards" tab within the Rewards & invoices page.
Reviewing cases
In your Fraud Management tab, you are able to view details on a flagged partner including the reasons they were flagged, information on their group, team, keys, revenue, segments, tags, sign-up dates and flagged rewards that are currently on hold.
- Click on a partner's name to open a drawer view
- Review the details on the partner, their flag reason(s) and their held rewards
- If you determine the partner is fraudulent, remove them by clicking "Remove partner"
- This will automatically remove the partner from your program
- When removing the partner you can also block the partner from re-applying to your program
- If you believe the partner was mistakenly marked as fraudulent, click "Dispute"
Disputing a fraud decision
If you believe a partner is legitimate you can dispute the fraud decision by clicking "Dispute decision". This will be sent to our security team for review.
Once a dispute has been opened, each case will be displayed in your "Active cases" Fraud Management tab with the current status of your dispute. Our security team will review fraud disputes on a 30-day cycle to align with the invoicing cycle.
Two outcomes can occur when the PartnerStack security team reviews your dispute:
- Dispute Approved: PartnerStack accepts the dispute and the partnership will no longer be flagged as fraudulent, all rewards will revert to pending for the next invoice cycle. You will see a green check mark on approved cases.
- Dispute Declined: PartnerStack declined the dispute and the partnership will remain flagged. All rewards will remain on hold. You will see a red x on declined cases.
| Flagged Object | Behaviour if no action is taken in the Fraud Management tab | Behaviour if disputed |
| Partner | Rewards created during or after the flagged event will be on hold |
On dispute: Rewards are held unless manually overridden. Dispute approved: Rewards go to pending for your approval. Dispute rejected: Rewards are automatically set to decline. |
| Customer | Transactions and rewards associated with the customer are on hold |
On dispute: Rewards are held unless manually overridden. Dispute approved: Rewards go to pending for your approval. Dispute rejected: Rewards are automatically set to decline. |
Resolved cases
Once a dispute is approved or declined it will automatically be moved from the active cases tab to the resolved cases tab to minimize clutter. In the resolved cases tab, you can search by partner name, filter by status, or sort by the flagged/resolved date.
The following details are provided per fraud case in the resolve cases tab:
- Partner name
- Dispute reason
- Flagged date
- Resolved date
If you remove a partner from your program due to fraud, they will appear in your Removed partners tab.
This tab contains information on Partners that have been removed from the program with the following information:
- Name of the Partner
- Partner Team
- Original Flag Reason
- Date of Flag
- Archived Rewards
- Date of Removal
- User who has removed the Partner
Frequently asked questions
Q: How are rewards created with the API affected?
Rewards created via the API are created with a "new" status. Every 15 minutes a check is performed to see if any rewards should be placed on hold based on current flagged partners. Any rewards created for flagged partners will be put "on hold"
Q: What do I do if I have confirmed a partner is fraudulent?
If you have confirmed in your system that a partner is fraudulent, please remove them from your program by clicking “Remove partner” in your Fraud Management tab. You can select “Block this partner from reapplying” before you remove them from your program.
Q: A partner was incorrectly flagged as fraudulent. How do I ensure they are still rewarded?
Rewards are held until the flagged partners and/or the flagged customers are disputed and the dispute is approved. Once approved, PartnerStack will generate the rewards as if the flag never happened, and rewards will appear on the next invoice.
If the event is flagged near the end of a billing cycle, the fraud review may result in the partner receiving their commissions a month later than they would have otherwise.
If you would like to pay out partners while the dispute is processing you can update their reward status manually from "on hold" to "approved".
Q: Can I control the way the Fraud Management tab behaves? Can I decide when a customer is flagged and when they are not?
Fraud detection is controlled by the PartnerStack fraud team, you cannot configure rules or logic for your individual program. If you have concerns about this, please contact security@partnerstack.com.
Q: The same partner keeps getting flagged by your system. Can I whitelist certain partners?
PartnerStack dynamically monitors all events and behaviours for partners’ activities on an ongoing basis to ensure that rewards are not paid out due to fraudulent activities. For this reason, partners cannot be whitelisted. You may see a partner resurface again after a dispute due to new suspicious activity.
Q: Will the Fraud Management tab catch self-referrals?
Yes. If you’d like to allow self-referrals, flagged referrals can be individually disputed.
Q: What if I am concerned with the legitimacy of one of my referrals, or partners?
Good eye! Please contact security@partnerstack.com and we can ensure our fraud team takes a deeper look.
Q: I have raised a dispute, how long until my dispute is resolved?
Our security team will review fraud disputes on a 30-day cycle to align with the invoicing cycle.
Q: My dispute was declined but I think the partner is legitimate, what can I do?
Please reach out to your CSM or support@partnerstack.com for the next steps. Please include any information you have to verify their legitimacy in your email.