Skip to main content
All CollectionsHow to run a succesful campaign Launch
Viral Loops' Fraud System and how to protect your Campaign
Viral Loops' Fraud System and how to protect your Campaign

In this article, we will go through our Fraud Detection System and how to protect your campaign with Double-Opt-In and Re-Captcha features

Thanos avatar
Written by Thanos
Updated over 2 months ago

Sometimes our campaigns go viral for the wrong reasons. Maybe a bot or another malware hits the button so many times that gets your campaign exploding.

But you only want the real referrals there.. don't worry we've got you covered!

We offer a sophisticated fraud detection system that protects you against fraud by flagging, not blocking, suspicious participants. We have more than a dozen checks that can increase a participant's fraud risk score, including checking for the same IP address, browser fingerprint, email address similarity and several others.

Fraud Detection System

The risk evaluation can be low, medium or high. In most situations, high-risk participants should be deleted, since our fraud detection tool takes several parameters into account and it is improbable that these participants are legitimate. Before any deletion, export all your participants.

Here is how it looks like:

Then, you can review those marked as high risk in your dashboard and either keep them if you believe they are legitimate (checking the email addresses of their successful referrals) or simply delete them.

Does Viral Loops block sign-ups?

We don't block sign-ups from the same IP, because this causes a problem in many cases (for example, coworkers wouldn't be able to register from their office or people from a coworking space - most probably they will have the same IP), but we do include these users under the "Participants to review for fraud" list, so that you can decide for your campaigns' participants.
​

What about participants marked as "high risk"?

What we suggest in such cases is, before any deletion, is to export all your participants.

Then, you can review those marked as high risk in your dashboard, and either keep them if you believe they are legitimate (checking the email addresses of their successful referrals) or simply delete them.

In case you deleted a legitimate participant, then use the backup export and add them again in the campaign (even add the corresponding referrals manually, if you wish).

In most situations, high risk participants should be deleted, since our fraud detection tool takes several parameters into account and it is improbable that these participants are legitimate. But it is always good to double-check, since our FDS is just a suggestion tool.

Extra Tip

You might want to add this to your campaign terms, landing page or even in an email a note-, saying that you "reserve the right to remove any participant and their referrals without prior notice if fraudulent behavior is detected", and that "rewards will be given only after validating the referrals of participants".

You could also manually contact them and ask them to reply so as to verify them. Warn them than if they do not do so within X days they will be removed from the campaign.

If some of them reply, which is highly unlikely, you can keep them and safely delete the rest.

What if I get banned after testing?

If for any reason you're experiencing the same issue, please contact us, so as to manually un-ban your IP. A screenshot of your browser would be really useful in that case, so we can trace your IP asap!

Advanced Fraud Detection System

We offer for FREE a more advanced fraud detection analysis for our Power clients and above of course!

This automatic identification and deletion analysis, locates all fraudulent activity and goes into depth with a specific algorithm created by us. At the end, we provide you with the results through a CSV file (bad referrals, bad participants, etc.), and we aim to increase the "health" of your participant list to 99%.

You choose what to keep and what to delete and we do the clean-up in your campaigns!

This method is suggested for large campaigns (>5000 participants) and it can be performed at the end of the campaign (for prelaunch campaigns) or every 3months for long-lasting campaigns (referral campaigns).

Methods to Protect Your Campaigns

When running a campaign, you want to make sure you gather as many legitimate email addresses as possible. Additionally to our Fraud Detection system, you can use:

  1. Double Opt-In Feature from Viral Loops

  2. Re-Captcha Feature from Google

  3. Manually Method from your side

Let's check those options now and see how they work...

Double opt-in feature

The Double Opt-In feature is practical the "state" in where users will have to complete an email verification step before becoming participants in your campaign.

When a user submits their details on the Viral Loops signup form, they are not really registered yet. Instead, they will receive a verification email to their inbox and they have to click the CTA.

When they click the CTA, the registration process is completed and they are redirected to the URL you have set in the Verification email (Button URL). This page is, by default, the landing page URL of the campaign (Info step). When the participants are redirected there, they are identified and see the sharing state of the campaign widget.

Check an example:

Please note that verification emails expire after two weeks from the moment the user attempts to sign up for the campaign.

You can enable double opt-in by editing the campaign, in the respective step of the Wizard. There, you can edit the Verification message that the participants see on the campaign page after registration and the Verification email.

Once it is enabled, every new participant (or only invitees) should be verified. That means that if someones enter their email, nothing happens until they verify their email. The user doesn't get a unique link and, thus, cannot invite friends to the campaign to get referrals.

Once, the user verifies their email address, they will also receive the Welcome email notification, if it is enabled for the campaign.
​

Please note that, all the integrations related to the participation event will run after the user verifies their email.

Every new participant will appear on the dashboard after verifying their email. The referrals of their referrers (if applicable) and the referral counters will also be updated after email verification.

The participants that have not verified their email addresses are not counted to the campaign statistics, they do not appear on the dashboard and they are not included in the CSV export file.

Re-Captcha feature

In addition, you can always use the Re-captcha feature from Google!

reCaptcha introduces an invisible challenge that runs on the participant's computer upon registration. The challenge itself performs various checks looking for suspicious activity, a sketchy browsing environment - and more - eventually returning a thread score. We use that thread score, among other parameters, to derive if a participant is fraudulent before they even finish their registration.

Crucially, all of this is invisible, the participant won't have to spend time trying to find the squares containing a fire hydrant or a crosswalk.
​

Here's how to enable it:

0) Read more about the V3 invisible reCaptcha on their site (optional)

1) Login in with your Google account here

2) After you log in, you should see the following screen. If not look for a '+' in the top right to register a new site

3) Fill out your site's information. Make sure to:

  • select the reCaptcha v3 option in the reCAPTCHA type section

  • Add domain in a format like yourdomain.com (no www or https as a prefix )under the Domains section

  • Accept the reCaptcha Terms of Service and click the submit button

4) The next screen will show you the Site Key and Secret Key of your new site. Keep these handy, for step 8.

5) Go on your Viral Loops dashboard

6) Click the 'Edit' button of the campaign you'd like to enable the reCaptcha feature

7) Go to the Widgets step of the Campaign Wizard, and select a widget

8) Find the reCaptcha option in the sidebar, and make sure to:

  • Enable reCaptcha

  • Copy and paste your Site Key and Secret Key from Step 4 into their respective fields

Manually Method

Also you could manually contact them and ask them to reply so as to verify them. Warn them that if they do not do so within X days they will be removed from the campaign. If some of them reply (which is highly unlikely), you can keep them and safely delete the rest.

πŸ€– ..and... that's all for now πŸ€–

Did this article help? Let us know!

If you need more help, please send us a message to support@viral-loops.com! Our team will be happy to assist you further!

Did this answer your question?