OPINION27 April 2020

Fraud alert: ghost completes

Opinion Technology

Redirect link fraud persists across the market research ecosystem, so immediate attention is required, says JD Deitch.

In the second quarter of 2019, the industry experienced a massive uptick in redirect fraud, more commonly known as ‘ghost completes’. This arises when a malevolent user discovers the redirect link from a data collection platform which communicates that the user has completed the survey and is entitled to a reward.

When these links are not encrypted, it is a simple matter for the malevolent user to modify the link to credit points back to his or her panel account and bypass the survey entirely. Typically, the user controls multiple accounts and may be working with others or using automation to increase the scale of his or her efforts.  

That fraud exists should come as a surprise to no one. The research industry sources participants from the broader marketing and advertising ecosystem, where fraud is rampant. We can lament that it exists, but the proper way to think about fraud is that it will neither go away nor diminish in frequency. It is thus unhelpful to envisage this purely as a supplier problem (‘you are sending me fraudulent respondents’), not least because automation and technology on the buyer/data collection side also contribute to the issue. ‘Ghost completes’ are just such a case.

Causes and effects
Ghost completes arise when a user qualifies for an incentive as if he or she completed a study, yet there is no data collected. It is worth explaining this in greater detail to understand the mechanics.

The most prevalent way by which a user commits redirect link fraud is when the redirect link from a survey data collection platform to the sample supplier is (a) visible to the user and (b) unencrypted. The fraudulent user can then identify and manipulate key parameters like survey status and respondent and survey IDs. Once these parameters are manipulated, it is a simple matter of repeating them to see if they pay out.

Suppliers are highly motivated to stop ghost completes because they bear the full hard costs. Suppliers typically credit respondents with their incentives in real-time, yet it may be weeks after the last complete is registered that the buyer reconciles its list of valid and invalid respondents. (Delaying payment to users is a draconian solution, as it penalises the majority of good respondents and creates a terrible user experience that inevitably results in permanently depressed feasibility.) It is at this point the supplier discovers it is only getting paid for a fraction of people on its own list, by which point the fraudsters have likely made off with their gains.

While each supplier takes measures to harden registration, surveil activity, and encrypt links or make them invisible altogether, their approaches vary in sophistication and effectiveness. There are also practical implications of increasing the stringency of verification. Everyone tries to minimise ‘friction’ in any online registration process – fewer obstacles lead to more registrations and higher conversion. The converse is equally true: the greater the obstacles, the fewer who surmount them. Every supplier monitors reversals and seeks to find the right balance of defensive measures that allow enough good people to pass while stopping the bad.

In any case, the more frequent and most easily remediated cause lies with the links that pass respondents from the data collection system back to the supplier. The way in which respondents are redirected from the survey data collection platform is a technology decision made by the owners of the collection platform, not the supplier. The trouble is that, while buyers and platform owners find ghost completes disturbing, they lack an economic incentive to care, even when they understand the issue and know their links are not secure. And so, ghost completes continue. (Our experience is exactly this.)

Whether buyers recognise it, there are consequences that make it essential for them to care. Insecure links on the front-end of the survey can enable fraudulent entry to studies, facilitating other undesirable behaviour that leads to bogus data.

Solutions
As the cause of ghost completes is visible insecure links, we recommend the following actions, in order of effectiveness: 

  1. Server-to-server callbacks: Callbacks are communications between machines, invisible to users, that very effectively mitigate the problem 
  2. Link encryption: Sophisticated link hashing to encrypt links makes it practically impossible to identify the parameters being passed and thus manipulate those links.

There are other techniques that some may feel are acceptable, including adding tokens or using third-party services. Some suppliers may try to use third-party token-based services, which they believe secures links, yet there is a Google Chrome browser add-on that is able to detect redirects and show them in plain text. For this reason, implementing the two above techniques is the most effective approach.

This approach was recently put into action when Cint worked with Confirmit to put server-to-server redirects in place, involving a short development effort on the Confirmit Horizons platform. Bringing this kind of functionality to all major data collection platforms can benefit the entire industry.

Fraud is a shared problem in our industry, yet one that is insufficiently discussed for fear of business risks. We believe it is important to talk about these things and share best practices. Everyone in the industry should understand that monitoring, detection, and abatement are a shared responsibility. There remain significant weaknesses that can start to be addressed head-on through partnerships and sharing information. Development team work on this issue should be prioritised. Transparency and decisive action are good for the ecosystem and will ultimately convince buyers that the industry takes the issue seriously.

Jonathan Deitch is chief operations officer at Cint 

1 Comment

7 months ago

JD - This was a very informative and Interesting article on Ghost Completes and the insights on solutions very helpful. Thank you for sharing your expertise and view.

Like Report