Fraud Management

  • Updated

Who is this article for?
This article will be useful to you, if are a company on PartnerStack, looking to understand your Fraud Management tab.

Getting started with Fraud Management

PartnerStack has partnered with Sift, an industry-leading fraud detection network, to provide channel managers and their compliance teams strong protection against fraudulent partner activity.

Sift is trusted by brands like Twitter, Box, Doordash, Zipcar, Zillow, Yelp, and many others to provide robust fraud detection across hundreds of millions of data points.

In this article, you’ll learn:

  • The basics of your Fraud Management tab and how fraud is detected
  • How to protect your channel from risky activity that can impact your brand and bottom line
  • Who to contact if you have questions

Who has access?

All PartnerStack programs have access to the “Fraud Management” tab. The Fraud Management tab is located in your dashboard's left-hand menu in the "Performance and rewards" section

You must have Admin level access in your program or have "Fraud" permissions toggled on by an Admin in your program to access the Fraud Management tab.

For more information on how to enable specific permissions for your teammates please see our Configuring teammate permissions support guide.

Your Fraud Management tab will look a little something like this: 

Fraud_Management.png

*test data used, no relation to real partners or customers

How does Sift detect fraud?

You can think of the Fraud Management tab as an ever-present guardian that watches your partner programs for suspicious activity.

When key events occur in any of your programs, Sift will check the event for indicators of fraud. If an event is flagged for review, you can take the appropriate action within your Fraud Management tab.

Some elements of the fraud system depend on your integration. For example, anonymizing your email records will have an impact on fraud detection performance.

What's happening behind the scenes?

PartnerStack provides Sift data about observable events that occur on PartnerStack and through PartnerStack integrations.

Sift then builds a risk assessment around each user and event, blocking the partner or customer and notifying the PartnerStack fraud team and your program manager when there is a decision to be made. For security reasons, we can't fully detail the threat model.

How is fraud identified and displayed?

Currently, PartnerStack monitors the following events for fraud:

  • A partner joins your program (partnership created)
  • A referred customer purchases your product (transaction created)
  • Ongoing user behaviour across the PartnerStack network (account updates)

Fraud logic by event

Event Data Monitored Incidents that may raise an alert
Partnership created

- User email

- User session IP address

- User device fingerprint

- Partner status in PartnerStack network

- User country

- User address

- Email matching or similar to another existing address

- Email has a suspicious domain name

- User IP address associated with suspicious activity User IP address does not match with the reported country

- User device fingerprint matches another user's device fingerprint

- User's location is far from the reported address

Transaction created

- Customer email

- Customer session IP address*

- Customer Device Fingerprint*

- Transaction source information

- Customer email matching or similar to another existing address

- Customer email has a suspicious domain name

- Customer IP address associated with suspicious activity

- Customer IP address does not match the reported country

- Customer device fingerprint matches another customer's device fingerprint

- Transaction source information is flagged as suspicious

User behaviour

- Behaviour in Partnerstack Portal

- User metadata, historical behaviour

- Unusual activity

- Clustering of lower threat behaviours and metadata

- Flagged behaviour on other platforms in the Sift network

Using the Fraud Management tab

PartnerStack will let you know when we've identified any action suspicious enough to be blocked.

When PartnerStack blocks an event or partner, you will see a notification on your program dashboard under "Security Monitoring".

To review your suspicious cases: click the "suspicious cases" link in the Security Monitoring box on your home page, or click your "Fraud Management" tab in the left-hand menu.

security_monitoring.png

Once you have navigated to the Fraud Management tab, you'll be able to review flagged behaviour, dispute decisions made by Sift, as well as remove fraudulent partners. 

Reviewing cases, default behaviour, and disputing decisions:

Each fraud case opened by Sift is easily filterable and searchable by name and the type of flagged object (partner, customer). New fraud cases will be displayed in your "Active cases" tab.

Each case will provide you with the following details:

  • Partner or customer's name and the transaction that was flagged
  • Date flagged
  • Signals identified by Sift to cause the flag

The fraud system will put flagged partners and/or transactions on “hold” to prevent any fraudulent rewards from being paid.

Program managers must take one of the two actions below to resolve a fraud case:

  1. Remove the partner from the program 
  2. Dispute the decision for the PartnerStack fraud team to review

_5__Fraud_Management__Fraud_v2__2022-04-06_15-36-47.png*test data used, no relation to real partners or customers

Disputing a fraud decision

If you believe a partner is legitimate you can dispute the fraud decision by clicking "Dispute decision". This will be sent to our security team for review. 

Once a dispute has been opened, each case will be displayed in your "Active cases" Fraud Management tab with the current status of your dispute. Our security team will review fraud disputes on a 30-day cycle to align with the invoicing cycle. 

The three dispute statuses are:

  1. Dispute Pending: the security team is investigating the partner or customer.
    Slack__Composer__PartnerStack__1_new_item_2022-07-07_11-12-43.png
  2. Dispute Approved: the security team has approved your dispute. The partner or customer has been approved; any rewards on hold will be pulled onto the next invoice for your approval.
    Slack__Composer__PartnerStack__2_new_items_2022-07-07_11-14-47.png
  3. Dispute Declined: the security team determined the partner to be fraudulent and a risk. They have been removed from the PartnerStack platform and rewards have been declined. 
    Slack__Composer__PartnerStack__2_new_items_2022-07-07_11-14-05.png
Flagged Object Behavior if no action is taken in the Fraud Management tab Behaviour if disputed
Partner Rewards created during or after the flagged event will be on hold

On dispute: Rewards are held unless manually overridden.

Dispute approved: Rewards go to pending for your approval.

Dispute rejected: Rewards are automatically set to decline.

Customer Transactions and rewards associated with the customer are on hold

On dispute: Rewards are held unless manually overridden.

Dispute approved: Rewards go to pending for your approval.

Dispute rejected: Rewards are automatically set to decline.

Resolved cases

Once a dispute has been approved or rejected by the security team, it will move to your "Resolved cases" tab to keep your "Active cases" uncluttered.

Fraud_Suite_2022-06-15_10-17-35.png

Frequently asked questions

Q: A partner was incorrectly flagged as fraudulent. How do I ensure they are still rewarded?

Rewards are held until the flagged partners and/or the flagged customers are disputed and the dispute is approved. Once approved, PartnerStack will generate the rewards as if the flag never happened, and rewards will appear on the next invoice.

If the event is flagged near the end of a billing cycle, the fraud review may result in the partner receiving their commissions a month later than they would have otherwise.

Q: Can I control the way the Fraud Management tab behaves? Can I decide when a customer is flagged and when they are not?

Fraud detection is controlled by the PartnerStack fraud team, you cannot configure rules or logic for your individual program. If you have concerns about this, please contact security@partnerstack.com.

Q: The same partner keeps getting flagged by your system. Can I whitelist certain partners?

PartnerStack dynamically monitors all events and behaviours for partner’s activities on an ongoing basis to ensure that rewards are not paid out due to fraudulent activities. For this reason, partners cannot be whitelisted. You may see a partner resurface again after a dispute due to new suspicious activity.

Q: Will the Fraud Management tab catch self-referrals?

Yes. If you’d like to allow self-referrals, flagged referrals can be individually disputed.

Q: What if I am concerned with the legitimacy of one of my referrals, or partners?

Good eye! Please contact security@partnerstack.com and we can ensure our fraud team takes a deeper look.

Q: I have raised a dispute, how long until my dispute is resolved?

Our security team will review fraud disputes on a 30-day cycle to align with the invoicing cycle. 

Q: My dispute was declined but I think the partner is legitimate, what can I do?

Please reach out to  for next steps. Please include any information you have to verify their legitimacy in your email. 

Was this article helpful?

0 out of 0 found this helpful