Data breaches seem to be making headlines on a daily basis lately. The recent Equifax and Capital One hacks alone exposed the personal, financial, and contact information of more than 250 million Americans. Thousands of gigabytes of personal data are now exposed to the dark reaches of the internet. So what becomes of stolen data? Sometimes nothing, but in other cases hacked data is sold like a commodity on the dark web. It was recently revealed that one hacker was selling the data of 10 million Evite users on the dark web and had also breached, stolen, and put up for sale the details of over one billion users of online services, including, Canva, 500px, UnderArmor, and ShareThis.

Now turning to affiliate marketing, which is a legitimate tool in an advertisers mix of tactics. Advertisers pay an affiliate marketer a commission for every action that gets generated—it may be it a lead, sale, app install or click. The problem occurs when fraudulent affiliates fake these actions to steal the commission, and to do so, they sometimes need a real person’s information for their schemes. Therein lies the unsettling link between massive data breaches and fraud within the affiliate marketing world. Here’s how some of these affiliate schemes play out with the use of hacked data:

Use Stolen Credit Card Info to Fake E-Commerce Sales

In these situations, an affiliate signs up for an e-commerce deal where they get a commission for every sale or subscription that they generate online. This is where stolen credit card info comes into play. The fraudulent affiliate will use the credit card to make as many purchases as possible, generating revenue for themselves through the commissions offered by the advertiser. For the affiliate, they often don’t care what they’re buying or subscribing to, as long as there’s a commission involved. The credit card charges will eventually be flagged as fraud and the card shut down, but often not before the sales are recorded and the commission dispensed. The card holder’s bank issues a charge back to the merchant, who has to return the funds, but the commission cannot be recovered. More sophisticated fraudsters use personal information to open new credit card accounts and then max out the cards, purchasing items and services that they receive a commission on.

Use Stolen Personal Information to Complete Online Lead Forms

An easier affiliate fraud scheme involves lead fraud, where affiliates get a commission for every lead they generate online. Some pay-per-lead affiliate programs can be very lucrative—advertisers with high-value transactions such as universities, mortgage companies and franchise companies will pay big  commissions for each lead. The problem for a fraudster is that these programs verify the information submitted on the forms, so they can’t just make it up. This is where stolen personal information comes into play. Names, addresses, email addresses, and phone numbers of real people can be used to fill out online forms, generating commissions for the affiliate. Sometimes the information is submitted with the help of bots and sometimes it’s manually generated (human-generated fraud). In the end, advertisers end up wasting time following up on leads that have no interest in their product or service and consumers are left frustrated by advertisers contacting them for services they don’t want.

Spamming and Phishing Attempts

In other instances of affiliate fraud, an affiliate may use stolen email addresses and personal information to send out massive email SPAM campaigns, urging the recipients to purchase a product or sign up for a service. The affiliate earns a commission from any sales created from their SPAM campaigns and consumers are left with an email box full of unsolicited messages.

These three examples illustrate the need for advertisers to look closely at their affiliate programs and partners, and to some extent answers questions involving what might happen to data and personal information after it gets stolen. For more information on affiliate fraud solutions offered by Fraudlogix, visit .