Fraud Analytics

Branch’s Fraud Detection Platform uses an intelligent blocklist to block known bad actors in real time, ensuring customers don’t pay for fraudulent traffic. It includes core metrics that help identify forms of fraud such as install hijacking, click flooding and device reset fraud.

The platform leverages Branch’s persona data to give you RealScore - a model that intelligently scores the likelihood that any given install comes from a real person rather than a bot, malware or false attribution claim. RealScore depends on a variety of web and app signals to establish patterns of normal and fraudulent behavior, making it the first fraud detection product to leverage the full set of signals available on mobile.

In order to view Fraud Analytics, you need to have completed the following:

  1. Enabled Fraud Rules

  2. Have sufficient access/permission rights for your Branch app.

    • View/Edit access to the Fraud Settings & Data permission.

Core Metrics allow you to quickly analyze fraud detection performance.

Metric

Description

% Blocked Installs

The percentage of blocked installs divided by installs.

Click to Install %

The percentage of attributed installs divided by clicks.

Install % Over 1d

The percentage of unblocked installs where the time from click to install was over 1 day - an indicator of click flooding.

Install % Under 10s

The percentage of unblocked installs where the time from click to install was under 10 seconds - an indicator of click injection

In-Depth Fraud & Recommendations

Because Fraud Detection is very complex, visit our guide on understanding fraud and recommendations here.

The Fraud Report will measure the performance of your blocked events for specific fraud indicators. Branch recommends creating fraud rules to block erroneous attribution credit in real time.

Fraud Rule

Description

Conversion Time

The time between the touch and the conversion is short.

Click Injection

Events with suspicious touch to Play Store Install Begin times, indicative of Click Injection.

Device Conflict

The device information on the touch and the conversion are different.

Geo Conflict

The touch and the conversion occur in different countries.

IP

Events coming from known TOR networks.

Once Ever Capped

Events only occurring once per user.

Persona Fraud

Browsers or devices with suspicious behavior based on Branch’s cross-platform Link Graph.

Suspicious Device

Install from fake devices or emulators.

Custom

Events matching your custom selection of fraud parameters.

None

Do not show blocked events based on Fraud Rules. Branch automatically selects None when you filter on Key Fraud Indicators instead.

Fraud Indicator

Description

Fake Devices/Click Farms

Emulators and click farms generate clicks from suspicious IPs, as well as show abnormal behavior after installing. Check blocked clicks and your user value metrics in Ads Analytics to identify this fraud.

Install Hijacking/Click Injection

When a new app is installed, other apps on the phone can sometimes detect the install, even before the first open. Fraudulent publishers may fire off a click when they detect an organic install, just before the app is opened. This can be identified by suspiciously low click to install times.

Click Flooding

Publishers can generate millions of clicks with different device IDs in the hope that one of those users will install later. Generally the click and installs actions are disconnected, so you can expect to see long click to install times and a very low conversion rate.

Ad Stacking

Publishers will sometimes put dozens of ads in one ad placement, causing high numbers of impressions and clicks, with low install rates.

Device Reset

Device reset fraud is characterized by new devices from suspicious IPs. Keep an eye on your user value metrics and suspiciously high click to install rates.

The Click to Install (CTI) Time is a great tool for comparing CTI time for specific ad networks broken out by OS. Here you'll be able to compare CTI time in:

  • seconds

  • minutes

  • hours

  • days