Skip to main content
Fraud Detection Reports

How to detect fraud, generate reports, and take action in Swaarm's performance marketing platform.

Updated over a year ago

Fraud Detection Reports

Fraud detection reports will help protect you against fraud attempts on your campaigns. With multiple types of fraud, there are several types of reports you can generate to detect and protect yourself from fraud. You will have filters and thresholds to help narrow down and take action right away on any suspicious activity. To access these reports go to Reports > Fraud Detection Reports.

🚩 Keep in Mind

For each of these fraud detection reports, it's important to note that anomalies or mismatches do not guarantee fraud. They are red flags, that may warrant further investigation. Always consider the broader context and look for patterns when analyzing suspicious activity.


Filters On Every Report

Filter

Definition

Example

Date

Date & time range you want to generate a report

2023-08-01 to 2023-08-31
00:00:00 to 23:59:59

Granularity

The time period the data is displayed

  • All

  • Hour

  • Day

  • Week

  • Month

Level

The entity hierarchy of data displayed

  • Offer

  • Offer-Publisher

  • Offer-Publisher-SubID

Tolerance Range

A range that is considered non-fraudulent. The report will be loaded for the values that don’t fall into this range.

0.01% to 15%

Group By

The cohort that your data will be organized by

  • Country

  • Device Model

  • Operating System

  • User Agent

Minimum Conversions

The amount of conversions needed before shown on the report

10

πŸ’‘ Additional Notes

  • In all reports, only approved conversions are considered.

  • We do not consider discarded traffic.

  • You can find actions logged in Audits with the action type. For example, "Offer Paused" or "Publisher Blocked".

Recommended Action Column

Based on the level and the report you can take immediate action to block fraudulent traffic. For example, on Proxy Detection reports Account Managers can block the traffic from proxy IPs under the Recommended Actions column.


Abnormal Conversion Rate

The report provides details on unusual spikes or inconsistencies in campaign performance, majorly focusing on conversion rates. This can be detected through a deviation of the expected conversion rate, either unusually high or low, indicating potential fraud.

Abnormal Conversion Rate Example

If a campaign or publisher that typically has a conversion rate of 1% suddenly jumps to 20% without any changes to the campaign itself (targeting, budgets, etc.). This could indicate bots or fake users being used to drive the numbers. With this report and the thresholds you put, you will clearly detect any abnormalities and be able to take action.

Unique Filter

Definition

Example

Minimum Clicks

The amount of clicks needed before shown on the report

Generate a report for campaigns having a minimum of 1000 clicks


Abnormal Device Distribution

The report offers insights into suspicious device distribution, highlighting irregularities like excessive conversions from identical devices. When the distribution of users across various device types or models deviates significantly from the expected distribution.

The percentage is the total traffic coming from the respective device model on that offer.

Abnormal Distribution Example

If your app's user base is known to be primarily on iPhones with the latest update, but suddenly there is a spike of installs from outdated iPhones or uncommon devices, this could indicate fraud. In the report, you will clearly see the device distribution and any inconsistencies so that you can take action against abnormal device distribution.

πŸ’‘ Note

Report data is distributed by device model, you can further group by country, OS, and user agent.


Bot Detection

The report provides a concise overview of suspicious bot-related activities by checking user behavior within the app. This helps to detect automated scripts or software that imitates human user behavior of clicking or installing and more.

The percentage is the traffic share that imitates the bot-related activities.

Bot Examples

If your app receives a large number of clicks in a short time span, or there is a repetitive pattern in clicks, then this behavior can indicate bots. Utilizing this report, you can detect odd user behavior to help identify bots and take action to stop them.

πŸ’‘ Bot Tip

While the case mentioned above can be a good indicator; bots can also imitate behaviors within the app. For example, increasing engagement with positive behaviors for fraudulent purposes, such as inflating clicks or gaming reward systems.

Action Steps

Account managers can use bot detection to identify and block fraudulent activities. This is done by identifying clicks and impressions generated by bots. While also assessing traffic quality by filtering out bot-generated traffic to ensure account managers are engaging with real customers. Which eventually leads to saving the budget and improving campaign performance.


Click Spamming

The report highlights any unusual or abnormal patterns in click data based on configured CTIT. This allows you to detect when traffic sources generate large volumes of fake clicks with the idea that some of those fake clicks will be attributed to real conversions.

The percentage is the share of traffic filtered as fraud.

Click Spamming Example

An organic user will install the app normally (without clicking on the ad), however a publisher will generate a fake click just before the install is registered, and try to claim attribution and compensation for that install. This report will help to detect strange traffic patterns, with the use of CTIT, so you can take action against click spammers.

Unique Filter

Definition

Example

CTIT

(Click to install time)

Set the CTIT minimum threshold, in minutes or hours, for the data to be shown

  • 20 minutes (only data over 20 min CTIIT will be shown)

  • 1 hour


Device Mismatch

The report checks the click and conversion device mismatch and discrepancies, identifying fraudulent behaviors. Basically, it detects if there is a discrepancy between the device that clicked on an ad and the device that performed a conversion.

The percentage is the total traffic on the level (offer/offer-publisher/offer-publisher-sub ID) having a device mismatch that does not fall within the tolerance range.

Device Mismatch Example

So if an ad is clicked on a Samsung Galaxy S10, but the app install is recorded from an iPhone 12. This inconsistency can indicate fraud, and you will be able to identify such cases here in this report.


GEO Mismatch

The report examines whether the click and conversion originated from different geographical regions.

The percentage is the total traffic on the level (offer/offer-publisher/offer-publisher-sub ID) having a GEO mismatch that does not fall within the tolerance range.

Geo Mismatch Example

If an ad is clicked in the UK, but the app install occurs in Brazil a few minutes later. This geographical inconsistency can be a red flag. Here you can view any geographical mismatches that may lead to taking action against suspicious activity.


Proxy Detection

The report provides a summary of proxy-server-related details to highlight deceptive activities by identifying conversions from proxy IPs. This helps to detect traffic that comes from proxy servers which can hide a user's true IP address. While proxies can be used for legitimate purposes, they can also be exploited for fraud.

❗️ Required: IP Parameters

To generate a Proxy Detection report effectively, you need to add the parameter ip_address or device_ip in your postback.

Proxy Detection Example

For example, if a significant portion of app installs come from known proxy IP addresses. This can indicate that someone is trying to disguise the true origin of the installs, potentially to commit fraud.

πŸ’‘ Targeting Tip

You can set a tolerance range and then group users by Device Model, User Agent, etc. This segmentation can help your targeting strategies for different groups.


SDK Fraud

The report highlights suspicious Software Development Kit (SDK)-related activities by comparing various discrepancies between the app events and the App Store version. If there is any Fraudulent activity originating from the SDK (eg. generating fake installs, clicks, or events), then you can use this report to detect SDK fraud by utilizing various thresholds and filters like the "Store Version".

❗️ Required: SDK Postback Parameter

To generate an SDK report effectively, you need to add the parameter app_version in your postback to receive a store version.

SDK Fraud Example

For example, if an app integrates a third-party SDK for additional functionalities. Suddenly, there's a spike in app installs, but no actual increase in user engagement or in-app activity. This could be because the SDK is fraudulently inflating install numbers.

Unique Filter

Definition

Example

Store Version

The app's latest version in the app store

1.2

Did this answer your question?