# Event Risk Explained

<a href="https://pxa.impact.com/student/activity/1117601?sid=0c0e3e5c-54c9-4435-9bee-ebcdccb7f292&#x26;sid_i=0?utm_source=app.impact.com&#x26;utm_medium=owned-platform&#x26;utm_content=pro-350&#x26;utm_campaign=help-center" class="button primary">Take the PXA course</a>

Event Risk helps you protect your metrics and budget from invalid non-human events by monitoring clicks and conversions for suspicious activity. It helps to:

* **Evaluate partner quality:** Understand the quality of users your partners drive clicks from, informing partnership and optimization decisions.
* **Mitigate financial risk:** Protect vulnerable payout events from invalid non-human activity.
* **Data-driven accuracy:** Optimize based on accurate and real *human* engagement and performance metrics.

#### What are invalid non-human events?

Invalid non-human events generally fall into two categories:

{% tabs %}
{% tab title="Innocent & Unintentional" %}
In today's modern digital world, many innocent bots constantly crawl the web. These include search engine crawlers indexing sites for search results, as well as bots gathering data for AI models or price comparison tools. While these bots have no intention of affecting your metrics or payouts, they frequently click on, and follow, tracking links while crawling websites to find more information. This inadvertently triggers non-human clicks and conversions, affecting your metrics.
{% endtab %}

{% tab title="Intentional & Malicious" %}
In a performance program, there are two categories of malicious intent you may come across:

* **Invalid events:** Invalid events occur when the event itself was carried out by non-human activity. *Clicks*, *Leads*, and *Installs* are more susceptible to invalid traffic than other events because they don't require a completed purchase or form to trigger. impact.com's [*Click Filtering*](#click-filtering) proactively identifies high-risk signals to protect your performance metrics and prevent unnecessary CPC payouts.
* **Misattribution:** Misattribution refers to a real user completing a legitimate action event, but the credit is falsely claimed by a bad actor. The goal of a bad actor in this case is to take credit for driving real user actions by injecting or stuffing clicks into the user’s browser or device without them knowing.
  {% endtab %}
  {% endtabs %}

How does Event Risk help?

Event Risk can help to enhance decision-making and mitigate potential threats by evaluating interactions in a structured way. Event Risk evaluates risks both through scoring and distinct features:

How we evaluate and categorize risk:&#x20;

<details>

<summary>Click scoring vs action scoring</summary>

Clicks and conversions are both scored for risk signals.

*Clicks* are scored for risk signals specifically based on data associated with a specific click.

*Actions* are scored based on conversion-specific data signals as well as referrer-level data. So, if an action’s referrer has a risk signal, that will be inherited by the action.

</details>

<details>

<summary>Reason codes</summary>

The different risk signals analyzed by impact.com are categorized into [*Reason Codes*](https://help.impact.com/brand/what-would-you-like-to-learn-about/platform-features/protect-and-monitor-your-performance-program/event-risk/reason-codes-reference), which represent the different types of observed behavior.

Due to the nature of risk detection, and the different signals and patterns we look at, some signals can be ‘stronger’ indicators of non-human or invalid activity than others. For this reason, the Reason Codes are categorized into *Risk Levels*, which represent the confidence in the signal.

</details>

<details>

<summary>Risk levels</summary>

While determining the intent behind an event exhibiting invalid traffic signals can be challenging, impact.com’s detection system assesses the likelihood each [reason code](https://help.impact.com/brand/what-would-you-like-to-learn-about/platform-features/protect-and-monitor-your-performance-program/event-risk/reason-codes-reference) being non-human and categorizes it into a risk level.

<mark style="color:$danger;">**Critical**</mark>

The request has either specifically declared that it is a crawler (e.g. via its user agent), or another signal indicates with almost certainty that it is not a genuine event.For clicks with `CRITICAL` risk level, strict click filtering is applied. See [Filter High-risk Traffic](https://help.impact.com/brand/what-would-you-like-to-learn-about/platform-features/protect-and-monitor-your-performance-program/event-risk/filter-high-risk-traffic) for more information.

Actions with `CRITICAL` risk signals are automatically reversed and can be reviewed in [risk review](#action-risk-review).

<mark style="color:$danger;">**High Risk**</mark>

These signals often consist of innocent invalid traffic, but can also represent malicious activity. They are highly unlikely to represent human intentional activity, but there are rare cases of false positives.

For clicks with `HIGH_RISK` signals, choose a click filtering setting to apply. For actions with `HIGH_RISK` signals, review the [Event Risk Reports](https://help.impact.com/brand/what-would-you-like-to-learn-about/platform-features/protect-and-monitor-your-performance-program/event-risk) to help inform next steps like if you agree that these actions should be invalidated.

See [Filter High-risk Traffic](https://help.impact.com/brand/what-would-you-like-to-learn-about/platform-features/protect-and-monitor-your-performance-program/event-risk/filter-high-risk-traffic) for more information.

<mark style="color:$warning;">**Suspect**</mark>

Suspect signals are not included in the basic version of Event Risk.The exception to this rule is Conversion Spoofing. These are marked as `SUSPECT`.

</details>

Key features to manage and analyze your traffic:

<details>

<summary>Click filtering</summary>

Clicks are the most vulnerable events to invalid traffic since there is no purchase to complete and no form to fill out. *Click Filtering* protects the integrity of your performance metrics and from unwanted CPC payouts impact.com

Learn more about the 3 click filtering settings and how to [Filter High-risk Traffic](https://help.impact.com/brand/what-would-you-like-to-learn-about/platform-features/protect-and-monitor-your-performance-program/event-risk/filter-high-risk-traffic).

</details>

<details>

<summary>Action risk review</summary>

Any action with a critical risk signal will be required to be reviewed and explicitly approved in order to make it payable to partners.

In addition to any critical action risk signal, any action flagged for Conversion Spoofing by action tracker validation rules will be added to Risk Review. Learn more: [Review at Risk Actions](https://help.impact.com/brand/what-would-you-like-to-learn-about/platform-features/protect-and-monitor-your-performance-program/event-risk/review-at-risk-actions).

Only pixel action trackers are vulnerable to conversion spoofing. To set up rules, [contact support](https://app.impact.com/support/portal.ihtml?createTicket=true).

</details>

<details>

<summary>Reporting</summary>

Event Risk reports give you an unfiltered view of risk in your program, allowing you to understand the overall quality of events driven by your partners. In addition, specific events identified as a risk or misattribution can be isolated for you to review before taking further action.

* The [Risk by Partner](https://app.impact.com/secure/advertiser/protect/event_monitoring/report/viewReport.report?handle=16555) report gives you an aggregate overview of the total risk for each partner’s clicks and actions, their associated action cost, and other risk indicators like conversion rate. This helps to give you a holistic view of the partner’s risk levels. To dive deeper, more granular data can be found using the *show* filter.
* Use the [High Risk Actions](https://help.impact.com/brand/what-would-you-like-to-learn-about/platform-features/protect-and-monitor-your-performance-program/event-risk/action-risk-listing) report to review actions that have been attributed by high-risk clicks. The report gives you the opportunity to review high-risk actions before paying out to partners
* Use the [Same Actions IP report](https://help.impact.com/brand/what-would-you-like-to-learn-about/platform-features/protect-and-monitor-your-performance-program/event-risk/same-ip-actions-report) to identify actions that have been driven from the same IP address, indicating that the same user is creating multiple lead events possibly using fake information.

You can group by or filter for: `Partner`, `Shared ID`, `RefDomain` and `RefGeo`(Country) to isolate risks to specific sources of a partner, and apply minimum click and action count filters to help highlight the highest risk areas.

</details>

{% hint style="success" %}
**Remember**: Not all non-human activity is malicious.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.impact.com/brand/what-would-you-like-to-learn-about/platform-features/protect-and-monitor-your-performance-program/event-risk/event-risk-explained.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.