Preventing Referral Fraud

Referral fraud is structurally different from affiliate fraud. Affiliates manipulate traffic and clicks at scale. Referral fraudsters manipulate accounts and identities at smaller but more targeted scale. The common pattern: a single person creates multiple accounts, refers themselves, collects rewards on both sides, and withdraws. If your program pays $25 per successful referral and someone creates 20 fake accounts, that is $500 in fraudulent payouts -- small per incident but devastating at volume.

Common Referral Fraud Patterns

Device and Identity Checks

The first line of defense is verifying that the referrer and the referred user are genuinely different people. Device fingerprinting collects browser, screen resolution, timezone, installed fonts, and other signals to create a unique device identifier. If two accounts share the same device fingerprint, flag them for review before releasing any referral reward.

• Device fingerprint matching: Flag when referrer and referred user share the same fingerprint or closely similar fingerprints.
• IP address analysis: Flag when multiple referred accounts register from the same IP within 72 hours. Residential IPs shared by family are common -- use IP as a signal, not a block.
• Payment method overlap: If the referrer and referred user deposit with the same card number, bank account, or crypto wallet, flag immediately.
• Phone/email pattern detection: Sequential email addresses (john1@, john2@, john3@) or phone numbers from the same range suggest bulk account creation.
• KYC document comparison: In regulated verticals, cross-reference identity documents to catch the same person submitting under different names.

Velocity and Pattern Controls

Velocity checks limit how fast referral rewards can accumulate. A legitimate user might refer 2-5 friends in a burst when they first discover the program, then slow down. A fraudster creates 10-20 accounts in a single day. Set velocity limits that match realistic sharing behavior.

• Daily referral cap: Limit to 3-5 successful referrals per day per referrer. Legitimate users rarely exceed this.
• Weekly/monthly cap: Set a total cap of 10-20 successful referrals per month. Top referrers who exceed this may be affiliate candidates.
• Minimum account age: Require referrers to have an active account for 7+ days before they can participate in the referral program.
• Qualification delay: Hold referral rewards for 24-48 hours after qualification event to allow fraud checks to run.
• Post-qualification activity check: Before releasing the reward, verify the referred user has activity beyond the minimum qualification threshold.

Collusion Ring Detection

Collusion rings are harder to detect because each individual account looks legitimate. The fraud only becomes visible when you map the referral graph. Build a referral network graph and look for closed loops: if A refers B, B refers C, and C refers A, that is a collusion ring. Also flag dense clusters where a small group of users all refer each other within a short time window.

Enforcement and Communication

When fraud is detected, the response should be proportional. For first-time self-referral attempts, void the reward and send a warning. For repeat offenders or organized farming, void all pending rewards and suspend referral access. Document your fraud policy in the referral program terms so enforcement is defensible. Clear terms also deter casual fraud -- users who read that device fingerprinting is in place are less likely to try.