# Understanding & Interpreting Event Risk Data

The [Risk by Partner](/brand/what-would-you-like-to-learn-about/platform-features/protect-and-monitor-your-performance-program/event-risk/risk-by-partner-report.md) report analyzes conversion events for indicators of invalid traffic (IVT), specifically events with no real end user (e.g., bots) or genuine intent behind them. By surfacing these early indicators of risk, the report allows you to take swift action before conversion actions lock.

As a best practice, review this report at a regular cadence (daily or weekly) to stay on top of changing risk percentages. Use these percentages as early indicators to prioritize your investigations. If high risk is detected at the click level, you can take proactive action by refining your click filtering settings to prevent low-quality traffic from impacting your performance downstream.

### Risk threshold guidance

The table below provides initial recommendations for interpreting risk percentages and gauging where your attention is most valuable. However, we encourage you to develop your own internal guidelines based on your unique business goals and risk tolerance. Use these risk segments as a foundation to evaluate performance and incorporate these insights into your own decision-making process when validating traffic quality.

<table><thead><tr><th width="142.7578125">Risk %</th><th width="176.12890625">Suggested focus</th><th>Definition</th></tr></thead><tbody><tr><td>0-5%</td><td>Monitor</td><td>Risk levels remain low, often stemming from false positives or minor anomalies. Pull in reason codes to uncover the elevated risk. Certain high-severity flags, such as conversion spoofing, are a concern even at very low volumes and should be investigated immediately.</td></tr><tr><td>5-10%</td><td>Look more closely</td><td>Risk at this level may warrant a closer look. View the reason codes in the Risk By Partner report first and consult the Reason Code guide to understand which reason codes are being triggered and whether the risk is concentrated in specific sub-sources. Consider reaching out to the partner to understand how they're driving traffic.</td></tr><tr><td>10-20%</td><td>Investigate</td><td>A notable level of risk. It's worth having a conversation with the partner about their traffic sources and promotion methods. Review internal data to determine whether a few sources are responsible for most of the flagged events. For example, if leads are converting, or if sales items are being returned, or if order values are suspicious.</td></tr><tr><td>20-30%</td><td>Take it seriously</td><td>Risk at this level suggests a meaningful portion of the partner's traffic may be problematic. You may want to consider options such as adjusting contract terms or reversing payment for flagged events, depending on your program policies.</td></tr><tr><td>30%+</td><td>Evaluate the relationship</td><td>Consistently high risk at this level signals a significant quality concern. Consider whether the partnership is delivering the value your program needs and whether further investment is warranted.</td></tr></tbody></table>

{% hint style="warning" %}
**For levels 10% and higher**: Consult the reason codes, understand the promotional methods, corroborate evidence with internal signals, reversal rates, and any other suspicious activity.

These thresholds are directional. The right course of action depends on your specific program goals, tolerance for risk, and the context of the partner relationship.
{% endhint %}

#### Volume matters

A high-risk percentage from a partner with very low volume may not be statistically meaningful. To draw firm conclusions, ensure that event counts are statistically relevant to avoid being misled by outliers.

For example, a partner with 15 events and a 33% risk score (5 flags) may simply be experiencing a minor anomaly. Conversely, a partner with 5,000 events and a 95% risk score indicates a severe, systemic issue that requires immediate intervention.

{% hint style="info" %}
**Tip**: Use the `Actions >=` filter in the report to remove partners whose event counts fall below the threshold of significance for your program. As a baseline recommendation, consider filtering for partners with at least 10 actions before evaluating their risk levels.
{% endhint %}

#### Look at reason codes

Before acting, review the [reason codes](/brand/what-would-you-like-to-learn-about/platform-features/protect-and-monitor-your-performance-program/event-risk/reason-codes-reference.md) associated with flagged events. They provide context about why events were flagged. Understanding the reason code helps you determine whether the flags point to a genuine concern or a legitimate explanation.

**Example**:

* **High-severity patterns**: If a partner has a substantial volume of flagged events (e.g., >100 actions) attributed to critical codes like conversion spoofing, this warrants immediate investigation regardless of the overall percentage.
* **Layered risk**: When a single event is flagged with more than one reason code (e.g., both "Proxy" and "Abnormal Activity"), the likelihood of a false positive is significantly lower. These multi-flagged segments should be prioritized for review.
* **Volume and validity**: Remember that as the volume of flagged traffic increases, so does the likelihood of performance issues or "garbage" conversions down the road. Use these codes to determine if a partner’s traffic is worth the long-term risk to your conversion data.

### Investigating a partner

When risk levels warrant a closer look, consider the following:

* **How long have you worked with this partner?** Established partners with a track record deserve a conversation before drastic action.
* **Have you been in touch recently?** There may be context you're missing, such as a new traffic source they're testing.
* **Is there a legitimate reason for the flagged reason codes?** Some business models naturally generate higher rates of certain flags (e.g., VPN usage in certain verticals).
* **What are your internal fraud or compliance teams seeing?** Cross-reference Event Risk data with your own internal signals.

Should any further fraud concerns arise, [contact support](https://impact.com/contact/support/) and include as many details as possible (Partner ID, date range, data set, reason for risk concern).

#### Tips for long-term program health

* **Encourage sub-source transparency**: To address risk more precisely, work with your partners to ensure they are passing sub-source identifiers (often through parameters like Shared ID). While this is an open field that can be used for various reporting metrics, having granular data allows you to isolate specific problematic sources without needing to penalize the partner’s entire traffic stream.
* **Review regularly**: Incorporate Risk by Partner insights into your internal fraud checks by reviewing the report weekly at a minimum. Rather than treating risk management as a reactive exercise, [schedule the report](/brand/what-would-you-like-to-learn-about/platform-features/multi-program-reports/report-management/schedule-reports.md) to automate notifications directly to your inbox.
* **Use contractual safeguards**: Consider including language in your contracts that addresses how flagged events will be handled. Consult with your legal team to [draft terms](https://app.gitbook.com/o/0mbgBjArWXoMupyWdFkH/s/wMLlMoFBtKJa8ptd3zaw/~/edit/~/changes/682/what-would-you-like-to-learn-about/platform-features/protect-and-monitor-your-performance-program/event-risk/understanding-and-interpreting-event-risk-data/~/comments/f3EAPG9o1jk3ZO6t70Us) appropriate for your business.
* Create a [custom fraud notification](/brand/what-would-you-like-to-learn-about/account-administration/account-settings/notifications/manage-your-brand-notification-settings.md), above and beyond what this report offers.&#x20;

  [Reverse actions](/brand/what-would-you-like-to-learn-about/platform-features/submit-and-modify-conversion-data/batch-modify-conversion-data/batch-modifications-and-reversals-reference.md) associated with high-risk levels using the `CONS_FRAUD` reason code.

Learn more about [fraud prevention](https://impact.com/affiliate/preventing-affiliate-fraud/#:~:text=Implement%20multi%2Dlayered%20vetting%20that%20includes,acceptance%20criteria%20to%20slip%20through.).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.impact.com/brand/what-would-you-like-to-learn-about/platform-features/protect-and-monitor-your-performance-program/event-risk/understanding-and-interpreting-event-risk-data.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.