WTF is cookie stuffing?

This article is a WTF explainer, in which we break down media and marketing’s most confusing terms. More from the series →

Originally published on Mar. 24, 2015, this article has been updated to include an explainer video that covers a cookie-stuffing scheme exposed by cybersecurity firm Confiant in January 2023.

If there’s money changing hands online fraudsters are going to try to find a way to skim a percentage from the transaction. Fraud is a well-documented pox on digital advertising, but it’s also an issue for publishers and marketers working together on affiliate marketing deals, too. One of the more tried-and-true techniques is cookie stuffing. Let us explain.

First: explain what a cookie is?
A cookie is a tiny bit of code that  a website drops in a user’s browser. Sites use cookies to store user data such as login details, shopping carts, or user preferences. Various advertising companies also use “tracking” cookies to collect data and keep tabs on people’s browsing history, which they use to serve targeted ads. It’s also used by publishers to tell retailers user when users click one of their affiliate marketing links

Affiliate marketing?
There’s a lot of jargon here. Affiliate marketing is a process through which one business pays another for either bringing in clicks or, for retailers, sales on their sites. So if publisher X sends some visitors to Amazon to buy toothpaste, publisher X gets a small percentage of those sales, usually pennies on the dollar.

So WTF is cookie stuffing?
With cookie stuffing, while publisher X sends visitors to Amazon, a separate publisher actually gets credit — and hence money — for the sale. They do this by dropping multiple cookies after someone views a page or clicks on a single link. The hope is that dropping multiple cookies increases the chance that the person will go on to visit and buy from one of the commerce sites in question.

“Cookie stuffing creates wrongful attribution,” said Forensiq CEO David Sendroff. “It’s essentially stealing the credit for someone else’s attribution.” He said surreptitiously dropped cookies often replace those from legitimate publishers.

Where do these fake cookies come from?
The fake cookies come from a variety of sources — including pop-ups, scripts, toolbars and images embedded in message boards. Cookie stuffing is also common on online coupon sites, which fraudsters uses to drop handfuls affiliate cookies.

Why does it matter?
It matters because many more publishers are getting into affiliate linking. Gawker, for example, compiles a long list of affiliate link each days via its Kinja Deals series, and takes a cut whenever readers make a purchase. More affiliate linking fraud means less revenue for legitimate publishers.

It seems like a small problem.
It isn’t. Marketer Shawn Hogan helped scam eBay out of $28 million in online marketing fees from eBay before the company worked with the FBI to catch him in a sting operation. Hogan got sentenced to 5 months in prison, three years probation, and a $25,000 fine.

So why hasn’t cookie stuffing been stamped out?
The problem is that people like Hogan are the exception: Affiliate linking scammers are pretty hard to catch. For advertisers, hallmarks of cookie stuffing can include abnormally high or low conversation rates, depending on the techniques scammers use.

“With cookie stuffing, you’re committing a crime against another affiliate or the advertisers who is paying commissions on sales that would have happened anyway,” Sendroff said. “It’s not as eye-opening and it’s harder to catch because the advertiser has still made money.”

Photo: Rajiv Patel/Flickr

https://digiday.com/?p=111748

More in Media

Media Briefing: Publishers search for new ways to grow (and authenticate) audiences, overheard at the Digiday Publishing Summit

“[Advertisers] already pay data providers for data. So why not pay the publisher?”

Research Briefing: Publishers’ revenue sources are top of mind at Digiday Publishing Summit

In this week’s Digiday+ Research Briefing, we examine which revenue streams were top of mind for publishers at the Digiday Publishing Summit, how TikTok is getting even more marketing spend from brands and retailers despite facing a potential U.S. ban, and how Disney is rolling out DRAX Direct, a direct integration with the industry’s largest DSPs, as seen in recent data from Digiday+ Research.

How Forbes is testing its SSPs to improve programmatic ad revenue

Forbes has been running tests with its SSPs to improve the ad tech firms’ contributions to the publisher’s revenue.