.svg){kind=icon}
Overview
If you run an e-commerce brand on Everflow, your fraud risks look different from mobile app campaigns or lead generation. The most common issues — coupon poaching, proxy-masked traffic, and low-quality sources — require a specific set of tools and a measured approach.
This guide walks through the native Everflow features that matter most for e-commerce fraud detection. You don't need third-party tools to get started — everything below is built into the platform.
For general fraud prevention covering mobile and network traffic, see our Fraud Prevention & Detection guide.
Know Your Baseline: Click to Conversion Time
The Click to Conversion Time report is your first line of defense. It shows how long it takes for a click to become a purchase — and once you know your normal range, outliers become obvious.
What to Look For
In e-commerce, most legitimate purchases happen within a predictable window. If your average customer takes 10–30 minutes to browse and buy, that's your baseline.
Watch for two red flags:
- Conversions under 5 seconds: Likely coupon poaching — a partner injects their tracking click right before checkout to claim credit for a sale they didn't drive.
- Conversions after 24+ hours: May indicate click stuffing — a partner fires clicks in the background, hoping one eventually matches a natural purchase.
Access the Report & Set Rejection Rules
Once you've established your baseline, you can automatically reject conversions that fall outside your expected window. Go to
Conversions outside this range will be rejected automatically — protecting your payouts without manual review.
Event Tracking & The Funnel Report
Conversion counts alone don't tell you whether traffic is real. What matters is engagement depth — are users adding items to cart, starting checkout, and completing purchases at reasonable rates? Or are conversions appearing with no upstream activity?
By tracking events at each stage of the buying journey, you can use the Funnel Report to compare traffic quality across partners down to the source level.
Recommended Events for E-Commerce
Add to Cart
Tracks product interest. Healthy sources show add-to-cart rates proportional to clicks.
Checkout Started
Signals purchase intent. High add-to-cart but zero checkouts may indicate bot traffic.
Purchase
Your primary conversion event. Already tracked by default.
Upsell / Cross-Sell
Measures post-purchase engagement. Quality traffic converts on upsells at consistent rates.
Proxy Traffic: The Pass-Through Approach
Proxy traffic — where a user's IP is masked or spoofed — is common in affiliate marketing. But blocking it immediately is a mistake. Everflow's proxy detection flags any click from a private browser, VPN, or corporate network — not just suspicious VPNs. Many legitimate customers use these tools, especially in e-commerce where privacy-conscious shoppers are the norm.
Instead of blocking outright, use Everflow's pass-through approach to investigate first:
Before changing any settings, check how much proxy traffic you actually have. Go to
If proxy clicks are a tiny fraction of total traffic, you may not have a problem worth solving yet.
If you see significant proxy traffic, resist the urge to block immediately. Go to
This allows proxy clicks to proceed to your landing page and convert, but marks them as failed — protecting you from paying partners for potentially fraudulent traffic while still collecting data.
A large email partner had more than half their traffic flagged as proxy — but the purchases were legitimate. The proxy flags came from private browsers and corporate email clients, not VPNs. Blocking would have wiped out real revenue. Always check the click report and use pass-through before taking action.
This approach is especially important for brands working with Meta, email, and influencer traffic — where users often browse through in-app browsers or privacy-enabled environments that trigger proxy flags.
After running in pass-through mode for a week or two, review the data. Check whether proxy-flagged conversions have normal engagement patterns (add to cart, checkout, purchase) or look suspicious.
Some will be legitimate customers using VPNs or corporate networks. Others may be clearly fraudulent.
Once you have enough data to confirm proxy traffic from specific sources is fraudulent, switch from Fail Traffic to Block in the Offer Targeting settings.
You can also address it at the partner level — talk to the partner about their traffic sources before cutting them off entirely.
Alerts That Matter for E-Commerce
Everflow's alert system notifies you when traffic patterns deviate from normal. Rather than monitoring everything, focus on the alerts that catch the most common e-commerce fraud signals.
Conversion Rate (CVR) Spike Critical
Alert when CVR exceeds your normal range. An unusually high conversion rate from a single partner often indicates fraud rather than great performance. Important: Set different thresholds per traffic type — Meta and social traffic typically shows lower CVR than influencer or email traffic. A 5% CVR might be normal for an influencer partner but suspicious for a display source.
Click to Conversion Time High
Alert on conversions happening faster than your established baseline. Catches coupon poaching in real time.
Invalid Click Rate Medium
Monitor the ratio of invalid to total clicks. A sudden increase may indicate bot activity or click stuffing.
Total Conversions Spike Standard
Alert on sudden volume increases from individual partners. Legitimate traffic growth is usually gradual.
Event Rate (EVR) Drop Monitor
If a partner's event rate drops significantly (purchases with no add-to-cart events), traffic quality may have changed.
Refund rates aren't available as an automated alert. Make it a weekly habit to check
E-commerce brands typically work with a mix of traffic channels that each have distinct normal behaviors:
- Meta / Social ads: Lower CVR (1–3%), higher click volume, shorter sessions
- Influencer / Coupon: Higher CVR (5–15%), lower volume, often clickless conversions
- Email / Retargeting: Highest CVR (10–25%), warm audiences, longer time to convert
- Search / SEO: Moderate CVR (3–8%), intent-driven, predictable patterns
Don't apply the same fraud thresholds across all channels. What looks fraudulent for one source may be perfectly normal for another.
Monitor Your Refunds
High refund rates tied to specific partners or sources can signal fraud — especially if refunds spike after a promotional push. Make it a habit to check the Refunds Report weekly and compare refund patterns across your top partners.
If one partner consistently drives orders that get refunded at a higher rate, investigate their traffic sources before adjusting payouts.
Learn more about the Refunds Report →
Third-Party Fraud Scoring
For additional protection, Everflow integrates with fraud scoring platforms that evaluate IP addresses, device data, email addresses, and billing details in real time.
- IPQualityScore — Scores clicks and conversions based on IP, device, and user data
- Anura — Real-time fraud detection for clicks and conversions
- 24metrics & Clickshield — Click-level fraud prevention
These integrations are optional but valuable for high-volume campaigns. See our integration comparison guide for help choosing the right fit.
Need Help?
Our Customer Success team works with e-commerce brands daily and can help you configure the right combination of tools for your specific setup. Reach out with your requirements and we'll help you build a fraud detection strategy tailored to your campaigns.
