Event Risk Explained
This feature is only accessible to the impact.com Professional and Enterprise plans. Contact us to upgrade your account and get access.
Event Risk helps you protect your metrics and budget from invalid non-human events by monitoring clicks and conversions for suspicious activity. It helps to:
Evaluate partner quality: Understand the quality of users your partners drive clicks from, informing partnership and optimization decisions.
Mitigate financial risk: Protect vulnerable payout events from invalid non-human activity.
Data-driven accuracy: Optimize based on accurate and real human engagement and performance metrics.
What are invalid non-human events?
Invalid non-human events generally fall into two categories:
In today's modern digital world, many innocent bots constantly crawl the web. These include search engine crawlers indexing sites for search results, as well as bots gathering data for AI models or price comparison tools. While these bots have no intention of affecting your metrics or payouts, they frequently click on, and follow, tracking links while crawling websites to find more information. This inadvertently triggers non-human clicks and conversions, affecting your metrics.
In a performance program, there are two categories of malicious intent you may come across:
Invalid events: Invalid events occur when the event itself was carried out by non-human activity. Clicks, Leads, and Installs are more susceptible to invalid traffic than other events because they don't require a completed purchase or form to trigger. impact.com's Click Filtering proactively identifies high-risk signals to protect your performance metrics and prevent unnecessary CPC payouts.
Misattribution: Misattribution refers to a real user completing a legitimate action event, but the credit is falsely claimed by a bad actor. The goal of a bad actor in this case is to take credit for driving real user actions by injecting or stuffing clicks into the user’s browser or device without them knowing.
How does Event Risk help?
Event Risk can help to enhance decision-making and mitigate potential threats by evaluating interactions in a structured way. Event Risk evaluates risks both through scoring and distinct features:
How we evaluate and categorize risk:
Click scoring vs action scoring
Clicks and conversions are both scored for risk signals.
Clicks are scored for risk signals specifically based on data associated with a specific click.
Actions are scored based on conversion-specific data signals as well as referrer-level data. So, if an action’s referrer has a risk signal, that will be inherited by the action.
Reason codes
The different risk signals analyzed by impact.com are categorized into Reason Codes, which represent the different types of observed behavior.
Due to the nature of risk detection, and the different signals and patterns we look at, some signals can be ‘stronger’ indicators of non-human or invalid activity than others. For this reason, the Reason Codes are categorized into Risk Levels, which represent the confidence in the signal.
Risk levels
While determining the intent behind an event exhibiting invalid traffic signals can be challenging, impact.com’s detection system assesses the likelihood each reason code being non-human and categorizes it into a risk level.
Critical
The request has either specifically declared that it is a crawler (e.g. via its user agent), or another signal indicates with almost certainty that it is not a genuine event.For clicks with CRITICAL risk level, strict click filtering is applied. See Filter High-risk Traffic for more information.
Actions with CRITICAL risk signals are automatically reversed and can be reviewed in risk review.
High Risk
These signals often consist of innocent invalid traffic, but can also represent malicious activity. They are highly unlikely to represent human intentional activity, but there are rare cases of false positives.
For clicks with HIGH_RISK signals, choose a click filtering setting to apply. For actions with HIGH_RISK signals, review the Event Risk Reports to help inform next steps like if you agree that these actions should be invalidated.
See Filter High-risk Traffic for more information.
Suspect
Suspect signals are not included in the basic version of Event Risk.The exception to this rule is Conversion Spoofing. These are marked as SUSPECT.
Key features to manage and analyze your traffic:
Click filtering
Clicks are the most vulnerable events to invalid traffic since there is no purchase to complete and no form to fill out. Click Filtering protects the integrity of your performance metrics and from unwanted CPC payouts impact.com
Learn more about the 3 click filtering settings and how to Filter High-risk Traffic.
Action risk review
Any action with a critical risk signal will be required to be reviewed and explicitly approved in order to make it payable to partners.
In addition to any critical action risk signal, any action flagged for Conversion Spoofing by action tracker validation rules will be added to Risk Review. Learn more: Review at Risk Actions.
Only pixel action trackers are vulnerable to conversion spoofing. To set up rules, contact support.
Reporting
Event Risk reports give you an unfiltered view of risk in your program, allowing you to understand the overall quality of events driven by your partners. In addition, specific events identified as a risk or misattribution can be isolated for you to review before taking further action.
The Risk by Partner report gives you an aggregate overview of the total risk for each partner’s clicks and actions, their associated action cost, and other risk indicators like conversion rate. This helps to give you a holistic view of the partner’s risk levels. To dive deeper, more granular data can be found using the show filter.
Use the High Risk Actions report to review actions that have been attributed by high-risk clicks. The report gives you the opportunity to review high-risk actions before paying out to partners
Use the Same Actions IP report to identify actions that have been driven from the same IP address, indicating that the same user is creating multiple lead events possibly using fake information.
You can group by or filter for: Partner, Shared ID, RefDomain and RefGeo(Country) to isolate risks to specific sources of a partner, and apply minimum click and action count filters to help highlight the highest risk areas.
Remember: Not all non-human activity is malicious.
Last updated
Was this helpful?