3 Steps to Spotting Fraud in E-commerce Apps with Fraud Scanner

Fraud in e-commerce means huge losses and reputational risks. There are at least 10 dangerous e-commerce fraud scenarios that can harm your app, ranging from fake installs and click flooding to carding and DDoS attacks. 

Fortunately, fraud can be detected with the help of special metrics, such as:

  • quick installs
  • deferred installs
  • suspicious devices (mismatched models, OS, screen sizes, etc.)
  • stacking clicks
  • emulated devices
  • low CCR or CVR.

There are 16 such metrics in Fraud Scanner by myTracker. For simplicity, we have divided them into three general groups. 

Fraud Scanner differentiates between strict, confident and soft fraud metrics depending on the accuracy of fraud detection in your application. For more information on fraud detection metrics and how they work, see the article How to Detect Bots in E-commerce Apps Using myTracker.

Let us consider a case of fake traffic detection in an e-commerce app using Fraud Scanner. We'll walk you through 3 easy steps to detecting and preventing fraud in e-commerce apps and provide you with actionable tips on how to communicate with your ad partner once fraud has been detected.

Step 1: Spotting Suspicious Activities

In early 2020, one of our new partners started using our Fraud Scanner to assess its traffic. They noted suspicious activity in one of their apps. A quick check (Reports → Templates → Combined fraud metrics) reveals the following picture (we have hidden the names of the app and marketing partners):

We see a fairly large and stable share of fraud.

  • Partners 3 and 5 are test partners, connected by the developers to look into payments and traffic.
  • Partner 2 generates minimum traffic, which is almost entirely normal, judging by the strict and confident fraud metrics.
  • For Partner 1, the system shows 5–6% fraud, even according to a strict metric. This means that of their 80,000 weekly users, about 5,000 are fraudsters.

There are no benchmarks for combined (strict, confident, and soft) fraud metrics; it’s up to the project manager to decide whether the indicator is high or low. Some businesses don’t mind losing 20% of their traffic to fraud and plan their campaigns accordingly. We, however, believe that 5% in strict and 7% in confident fraud is too much. Based on the table above, we can clearly tell that something is wrong with Partner 1, which is a reason for a more thorough check.

Step 2: Looking Deeper into Fraud Metrics

We need to use those metrics that are included in the combined metric where suspicious activity has been tracked. This helps assess more accurately what exactly is wrong with the app. In this case, we add strict fraud metrics to the Report Constructor. These include Stacking Installs, Hyperactive Installations, High Install Rate, Emulated Devices, Inactive Installs, Stacking Installs (there is also a separate convenient template available).

To see which metrics are included in the combined metric, we clicked on the question mark next to the metric:

Adding more dimensions triggers red in the table for several metrics:

As you can see, Fraud Scanner detected fraudulent activity coming from Partner 1 across several parameters. This means it is sending bad traffic which exceeds the acceptable level (the numbers in the table are highlighted in red).

Note that we could not have accurately identified an influx of bots with the High Install Rate metric alone. But when we add the Inactive Installs and Emulated Devices metrics, our suspicions are confirmed. Almost all of them (and in all periods) are in the red zone. This means that the indicators are so far over myTracker’s benchmarks that the system believes it is not inaccuracy, but fraud.

Such high fraud values are a good reason to leave a bad marketing partner. Take your resources to where quality traffic comes from.

The lower the fraud metrics, the more valuable the traffic source.

Step 3: Taking Care of the Fraudulent Data

After we have detected fraudulent installs in a partner's traffic, we need to start communicating with the partner. In our case, the app simply stopped working with this user source, but there are always several options available for you.

First, you should download and save the report from myTracker. Then send the partner charts showing the suspicious user activity. You can do all of these steps yourself in myTracker’s interface. The report is downloadable for Unity, Android, and iOS apps.

Marketing partners often ask for fraudulent user identifiers to exclude them from the cost of the ad campaign. This is only possible for Android apps, as Apple has stopped sharing IDFAs starting from iOS 14.5. You can use the RAW API to download data. For more details on this, please see our documentation.

After that, there are three things you can ask your partner to do:

  1. Change their behavior and stop the fraud. This is a rather mild option, tantamount to a "first warning". It will work with major partners you have confidence in and when the share of fraud is insignificant.
  2. Abandon the marketing partner. This option could be used for apps with many advertising sources and not dependent on a single important platform. It may also cause the partner to take action to retain the client.
  3. Ask for damages. This is the harshest and most difficult option and will require significant effort, downloaded data, and ability to prove your case. It can be used for apps that have a designated person to communicate with marketing partners. This option takes a lot of time, but, based on our experience, you can have some of your losses reimbursed.

How Often Should You Track Fraud?

There are no timing preferences for combined metrics fraud tracking; it depends on the nature of your project. You can do it once a day or once a week.

You would also be well advised to look for fraud when connecting with new marketing partners to make sure they deliver quality traffic. Fraud Scanner will start detecting fraudulent activity the day after the app is installed, but for best results start tracking on the third day post install to make sure you receive the most complete information about users.

Remember that some fraud metrics might work in one instance, but fail in another. It has to do with the following reasons:

  • There are different types of bots and they can behave differently in various apps.
  • Some fraudsters change the fraud type to deceive simple detection systems.
  • Ad traffic also differs daily, bringing in different kinds of users.
  • In-app user behavior also changes with time.

Therefore, fraudsters may be able to better disguise themselves on some days due to, among other things, the ad traffic “around them”. For that reason, on some days, metrics may be confident of having detected fraud (red numbers = fraud values above benchmarks), and less confident on other days (green numbers). However, a more comprehensive assessment of the data, using several metrics at a time, will easily detect suspicious activity. With dozens of metrics, some will confidently show fraudulent activity.

Is There a Template for Regular Fraud Tracking?

The key is regular tracking. We have created some templates for your convenience. Periodically select the Combined fraud metrics template in myTracker, and review an automatically generated report.


Start protecting your ad budgets from fraud with Fraud Scanner for free! 

Create a free account or request a demo.