Viewing Fraud Data Permissions
The ability to view data related to Fraud in reporting and exports requires the user to have
VIEWaccess to the Fraud Settings & Data permission. Learn more about Branch's Access Levels & Permissions.
Branch’s Fraud Detection Platform uses an intelligent blacklist to block known bad actors in real time, ensuring customers don’t pay for fraudulent traffic. It includes core metrics that help identify forms of fraud such as install hijacking, click flooding and device reset fraud.
The platform leverages Branch’s persona data to give you RealScore - a model that intelligently scores the likelihood that any given install comes from a real person rather than a bot, malware or false attribution claim. RealScore depends on a variety of web and app signals to establish patterns of normal and fraudulent behavior, making it the first fraud detection product to leverage the full set of signals available on mobile.
Branch recommends creating fraud rules to block erroneous attribution credit in real-time. If you have Fraud rules enabled in your Branch dashboard, you can view the blocked events on a per fraud rule basis.
- Geo Conflict: The touch and the conversion occur in different countries
- Device Conflict: The device information on the touch and the conversion are different
- IP: Events coming from known TOR networks
- Conversion Time: The time between the touch and the conversion is short
- Persona Fraud: Browsers or devices with suspicious behavior based on Branch’s cross-platform link graph
- Once Ever Capped: Events only occurring once per user
- Custom: Events matching your custom selection of fraud parameters.
- None: Do not show blocked events based on Fraud Rules. Branch automatically selects
Nonewhen you filter on Key Fraud Indicators instead.
Fraud Rules vs Fraud Indicators
Fraud Rules are enabled by you based on your business criteria for what constitutes fraud. Fraud Indicators are built into Branch and are auto-enabled to protect you from generic fraud methods. NOTE: You cannot view blocked events based on both of these types of fraud simultaneously; please select one at a time.
When a new app is installed, other apps on the phone can sometimes detect the install, even before the first open. Fraudulent publishers may fire off a click when they detect an organic install, just before the app is opened. This can be identified by suspiciously low click to install times.
Emulators and click farms generate clicks from suspicious IPs, as well as show abnormal behavior after installing. Check blocked clicks and your user value metrics in Ads Analytics to identify this fraud.
Publishers can generate millions of clicks with different device IDs in the hope that one of those users will install later. Generally the click and installs actions are disconnected, so you can expect to see long click to install times and a very low conversion rate.
Publishers will sometimes put dozens of ads in one ad placement, causing high numbers of impressions and clicks, with low install rates.
Device reset fraud is characterized by new devices from suspicious IPs. Keep an eye on your user value metrics and suspiciously high click to install rates.
The percentage of blocked installs divided by total installs.
The percentage of attributed installs divided by clicks.
The percentage of unblocked installs where the time from click to install was over 1 day - an indicator of click flooding.
The percentage of unblocked installs where the time from click to install was under 10 seconds - an indicator of click injection.
The percentage of unblocked installs where the time from click to install was between 10 and 30 seconds.
The percentage of unblocked installs where the time from click to install was over 30 seconds.
Updated about a year ago