Using identifiable information stored in a user’s local computer, such as an HTTP cookie to identify a visitor’s computer uniquely on the internet.
Published in Chapter:
Crookies: Tampering With Cookies to Defraud E-Marketing
Bede Ravindra Amarasekara (Massey University, New Zealand), Anuradha Mathrani (Massey University, New Zealand), and Chris Scogings (Massey University, New Zealand)
Copyright: © 2020
|Pages: 15
DOI: 10.4018/978-1-5225-9715-5.ch073
Abstract
HTTP cookies provide stateful and reliable cross-domain tracking capability to web technologies including e-commerce. Affiliate marketing (AM) enables businesses to generate visitor traffic at a relatively low cost, but some advertising models of AM are prone to large-scale fraud, such as “click-fraud,” which can allow rogue affiliates to earn commissions fraudulently. Cost-per-acquisition (CPA) appeared as the silver bullet against AM fraud, as the e-commerce site does not pay for “clicks,” but only for monetary outcomes. The discovery of “cookie stuffing” fraud shows that CPA is not the silver bullet that it was thought to be. The researchers designed and developed AMNSTE, a simulation platform to discover new vulnerabilities such as load-time click, conversion hijacking, conversion stealing, conversion faking, which are presented in detail in this article. It also presents technical solutions to mitigate some of the vulnerabilities, which will help practitioners to implement new solutions or re-examine their existing security strategies.