Merchant affiliates should be aware that the integrity of their affiliate program can be compromised by stealware. Stealware can be used by individuals and corporations to replace cookies and affiliate links on a web site so that commissions are directed to the owner of the stealware instead of the owner of the site. This will result in the wrong person being credited for the sale and getting paid the commission.
Stealware software is often “piggybacked” onto what, at first glance, appears to be a useful piece of software, a toolbar or helpful freeware. The stealware is installed alongside the application during the installation process and is done so without the knowledge of the user. To make it legal, the stealware is mentioned in the End User License Agreement for the program. Seeing as these documents are rarely read in their entirety, the end user doesn’t realize they are installing a program that will effectively steal sales intended for them.
Stealware works in one of two ways. The first way is to write over the affiliate cookie. This cookie is a text file that is placed on potential customer’s computers by the affiliate site. This cookie contains the referring affiliate’s ID information and is the means through which affiliate sales are accredited to the correct affiliate. Since a user often doesn’t make a purchase the 1st time they visit an affiliate site, the cookies are set to last anywhere from a week to 90 days. If the customer returns and makes a purchase anytime during that period, the affiliate credited in the cookie gets the commission.
Once stealware has been installed, the affiliate ID used on the cookie is changed to that of the person that owns the stealware. Some stealware even engages in what is known as “cookie stuffing”. Cookie stuffing is a process through which the stealware not only steals the cookie from an affiliate, it “stuffs” the potential customer’s computer full of hundreds of other cookies. If the web surfer makes a purchase from any of the sites for which cookies have been stuffed, the stealware owner gets the commission.
Non-cookie affiliates aren’t safe either. Stealware can take over pay-per-click programs by overwriting the links on the affected affiliate site. The site owner’s ID is removed and is replaced by the ID of the owner of the stealware. Whenever one of the site owner’s ads is clicked on, the click is credited to the owner of the stealware.
Combating stealware is the responsibility of the site owner. The best defense is to do a little research and avoid installing software that contains stealware onto your computer. It’s also a good idea to investigate affiliate programs before signing up with them to see if they allow affiliates that use stealware to participate. Finding an affiliate network you can trust is key to avoiding being taken advantage of by stealware.
Good affiliate networks will discourage the use of stealware and will terminate the account of anyone caught using it to generate sales. Look for a network that only allows sales from sites that are preregistered to the profile of the affiliate and don’t associate yourself with sites that look the other way when it comes to stealware. The time to protect yourself against stealware is before you start losing sales to an unscrupulous affiliate.