Cookie Stuffing: What Will Advertisers Face Next in a Post-Cookie World?
Cookie stuffing. The term may sound like it describes chocolate chips or marshmallows. In the world of affiliate advertising, though, it’s a devious way for fraudsters to siphon away unearned money behind an advertiser’s back.
Affiliate marketing is a marketing channel where publishers earn a commission by promoting another brand’s product or service. Affiliate marketing fraud, or affiliate fraud, is a process where criminals circumvent the system in order to claim unearned sales commissions.
Done correctly, affiliate marketing can be a robust tool for driving traffic to your website. However, fraud from illegitimate schemes means you could be paying commissions on bogus sales. If you work with affiliates, you need to get the scoop on cookie stuffing… before you get burned.
Recommended reading
- The Top 10 Prepaid Card Scams to Watch Out For in 2025
- Credit Card Shimmers: Are You Prepared for “Skimming 2.0?”
- How do Banks Conduct Credit Card Fraud Investigations?
- How New Account Fraud Works: Red Flags & How to Prevent it
- Review Fraud: How it Works & How to Get Rid of Fake Reviews
- What are Straw Purchasers? Are They Legal? What Can You Do?
Affiliate Marketing & Cookies
Let’s start by clarifying the role of cookies in affiliate marketing.
In affiliate marketing, a third-party website promotes your products, earning a commission if users actually end up buying. As an example, let’s take a major appliance seller (the advertiser) who may place ads connecting their store to the website of an appliance repair outlet (the affiliate or publisher). If a user clicks through the ad on the affiliate’s site and then later makes a purchase from the advertiser, the affiliate will get a commission.
Affiliate marketers use cookies to promote brands by embedding a unique tracking code within marketing links. When a user clicks on an affiliate link, a cookie is placed on their browser, which allows the advertiser to attribute sales or actions to the referring affiliate.
Cookies let brands measure an affiliate's performance, while affiliates can earn commissions based on the traffic or conversions they bring to the brand's website. It’s a good deal for both parties; the advertiser only pays out when they make a sale, while the affiliate can earn passive income through their online presence.
How Does Cookie Stuffing Work?
- Cookie Stuffing
Cookie stuffing is a practice by which a fraudster uses web cookies to collect affiliate commissions on goods they did not sell.
[noun]/kʊ ● kē ● stu ● fiNG/In contrast to the legitimate use of cookies by affiliate marketers, cookie stuffing — or cookie dropping, as it is sometimes known — is considered a blackhat online marketing technique. It’s a practice by which fraudsters use cookies to collect commissions on goods they did not sell.
The fraudster begins by joining an online affiliate community or developing independent relationships with advertisers. Then, every time someone lands on the fraudster’s site, they attach a number of third-party cookies to the user’s web browser, mostly tied to major retailers like eBay, Amazon, Walmart, etc. Later, if that user happens to visit one of these sites and make a purchase, the cookie would make it appear to the advertiser that the lead was driven by the affiliate.
Some affiliates might unintentionally engage in cookie stuffing. External tools or features on their platform could be the inadvertent cause.
Common methods fraudsters use to sneak cookies onto a site include:
Consumers have to click through from the affiliate’s site to the advertiser’s site and make a purchase to legitimize a commission. With cookie stuffing, though, the advertiser pays a commission, even though the fraudster didn’t earn it. The fraudulent cookie might even override another cookie placed by a legitimate affiliate, meaning they don’t get the commission they earned.
How Can I Identify Cookie Stuffing?
Concerned that some of your affiliates may be engaged in cookie stuffing? Here are a few signs to look for that might suggest your partners are up to no good:
Placing cookies without user engagement does not align with affiliate guidelines and data protection standards, such as the EU's General Data Protection Regulation (GDPR).
Is Cookie Stuffing a Thing of the Past?
Cookie stuffing remains a concern. That said, the digital marketing world is dynamic and changes quickly. By the end of 2024, this threat may be much less of a concern.
With over 64% of the global market share, Google has been at the forefront of the movement to phase out third-party cookies in favor of more privacy-centric alternatives. The primary reason is to address growing concerns about user privacy and data security. Here's a brief overview of the situation:
Deprecation of Third-Party Cookies
In 2020, Google announced its intention to phase out third-party cookies in its Chrome browser by the end of 2023. This decision was made in response to growing privacy concerns and regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). While other browsers like Safari and Firefox had already taken steps to block third-party cookies, Chrome's dominance in the browser market made this a significant development.
Impact on Affiliate Marketing & Tracking
Cookies, especially third-party ones, have been the backbone of online advertising and affiliate marketing efforts for years. They allowed advertisers to track users across the web and gather data about their online behaviors. With their phase-out, affiliate marketers and advertisers need to find new ways to accurately attribute sales to the correct sources and track user behavior without infringing on privacy.
Google Privacy Sandbox & FLoC
As a replacement for third-party cookies, Google introduced the "Privacy Sandbox" initiative, a set of open standards to enhance privacy on the web. One of the key technologies under this initiative is the Federated Learning of Cohorts (FLoC). Instead of tracking individual browsing behavior, FLoC groups users with similar browsing patterns into “cohorts.” Advertisers can then target these cohorts without directly accessing individual user data. This provides a level of user privacy while still enabling targeted advertising.
Uncertainty Will Continue
The success and acceptance of technologies like FLoC are not guaranteed. As a result, there's an ongoing debate within the industry about the best paths forward. The overarching trend is clear: a move towards greater user privacy and less invasive tracking. That said, scammers are resourceful. While they may not be able to engage in conventional cookie stuffing, they will likely find ways to manipulate FLoC cohorts.
As technologies advance and detection mechanisms become more sophisticated, newer, more intricate threats may emerge, replacing old tactics like cookie stuffing. It's imperative to always stay updated and be vigilant, ensuring your affiliate program remains genuine and beneficial for all parties involved.
Know Your Affiliates
Implementing manual approval is one of the best methods to ensure that your affiliates are honest. Each applicant to your affiliate program should be screened and reviewed to ensure that it is a reputable and trusted lead source. You can also look into each applicant’s customer service skills to know that they will represent your brand well.
Of course, affiliate cookie stuffing is only one of many potential threats to your next ad campaign. Other malicious forms of affiliate fraud are out there waiting to drain your campaign and flood your business with costly chargebacks.
Chargebacks911® offers products specifically designed to detect, identify, and prevent fraud and chargebacks. Regardless of the size of your affiliate marketing campaign, we can help optimize your advertising, reduce risk, and turn potential liabilities into profit opportunities. Contact us today to learn more.
FAQs
Is cookie stuffing illegal?
Kinda. Cookie stuffing is considered a deceptive practice and can violate terms of service agreements with affiliate networks and merchants. Additionally, it may breach certain data protection regulations, making it illegal in some jurisdictions.
What is the cookie stuffing technique?
Cookie stuffing involves placing unauthorized affiliate tracking cookies on a user's browser without their knowledge or explicit action. When the user makes a purchase or takes a desired action on a merchant's site, the fraudster receives credit and potentially a commission, even if they played no genuine role in driving that user's decision. This deceptive tactic can lead to unfair profit distribution among affiliates and inflated costs for merchants.
Are cookies legal in the US?
Yes. Cookies are legal in the US, but websites are often required to disclose their use of cookies and obtain user consent, especially if collecting personal data, to comply with various privacy laws and regulations. Transparency and user control are key components of compliant cookie use.
Are all cookies going away in 2023?
In 2020, Google announced its intention to phase out third-party cookies in its Chrome browser by 2023. This decision was made in response to growing privacy concerns and regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). While other browsers like Safari and Firefox had already taken steps to block third-party cookies, Chrome's dominance in the browser market made this a significant development.
What will replace cookies in the future?
Third-party cookies will be replaced by technologies like Google's Federated Learning of Cohorts (FLoC), which groups users into cohorts based on browsing patterns, Unified ID solutions that offer a common tracking framework without cookies, and an increased reliance on first-party data collected directly by websites from their users.
