As a concept, the Cashback mechanism is based on a rebate system, whereby money is returned to the customer for each sale. This all happens because of tracking.
When a user clicks through to a retailer, we append an identifier to the URL that links the click to them. This URL is routed through a middleman - the affiliate network - who manage the tracking before passing the user on to the retailer. If the customer completes a purchase, the relevant information is passed back to the affiliate network. We then import all transactions from the networks on an hourly basis and put the money into employee Cashback accounts.
How: When you visit a Cashback link, a small value is stored on your computer in a file called a ‘cookie’. This value is set with an expiry typically 30-60 days after you visited the link. This expiry is controlled by the retailer and the Cashback tracking partner, and is based on the idea that - if you see an advert - it is fair to still pay a commission back for people who don’t buy immediately. This can result in someone on a shared computer using a Cashback link, then getting the amount for someone who uses it after and makes a purchase.
Some Cashback tracking partners use other signals rather than the cookie, like your computer’s IP address. This can be less accurate in a corporate environment, where many computers share the same external IP address. This is used less frequently though (because of a higher error rate). This results in a small possibility of misattribution back to the wrong user. However, this is just the order amount and commission and does not allow the user who receives it in error to identify who placed the order, what the order was for.
In such cases, users are advised to submit a Cashback query through their accounts for our Support team to rectify the transaction.
Let's look at how this works in a bit more detail
A transaction begins with a customer viewing a Cashback offer on the merchant/retailer page. If they intend to purchase from the retailer (or not), by clicking through to the offer they are transferred to an interstitial page. This page generates a Tracking Event, the reference of which is passed into a URL directing the customer to the affiliate network. This tracking reference remains constant throughout the lifetime of the order. The affiliate network will log the click, and forward the user to the retailer website.
Using various tracking methods, the affiliate network will track any successful purchases from the user for up to 45 days. Most retailers will achieve this by issuing a callback to the network, confirming an order has occurred. Reward Gateway polls all affiliate networks hourly for transaction data. Offer engagement tracking data is lined up so the transaction can be attributed to the correct customer account.
During the period after initial import, we continue to monitor changes to a transaction. These are usually things like a change of the order value (corrections, partial returns) or status updates (confirmation period passed or order returned).
Payment of commission follows the reverse path, from a retailer back to the user.
This diagram illustrates the process flow:
Is it secure?
Yes, absolutely. There are several reasons for this:
Each of the retailers is hand-picked by our Retail Partnerships Team
Affiliate marketing is different to traditional advertising models. With affiliate marketing, the affiliate network acts as an intermediary allowing affiliates and merchants to form relationships. Without these relationships, it is not possible for a publisher to promote a merchant - the network will not allow the transfer.
This is in contrast to traditional advertising models where the advertising network promotes merchants to everyone, irrespective of the affiliate having any relationship in place.
When we decide to work with a merchant and promote them, it is because our Retail Partnership Manager is happy with their reputability.
The affiliate networks never access employee details
We only provide the affiliate network with a Tracking Reference. This means nothing to them, but we can use it with the other information we hold to link the details back to the individual employee making the purchase. They don't pass anything on to the merchant either.
When a user places an order, they are then dealing directly with the retailer. This happens in exactly the same way as if they made the purchase themselves as a result of, e.g. a Google search. The reporting back to the affiliate network then happens in the background and again, consists of just summary order information on the purchase.
The retailers will have their own compliance programs
Whilst we do not formally audit the retailers ourselves, we know that all of the retailers who offer Cashback will need to be PCI DSS compliant to process credit card transactions. This means they will be conducting their own security checks and vulnerability scans against themselves.
In the rare event where we do hear of anything suspicious with a particular retailer, we are able to immediately delist them from all programs we operate until the matter can be investigated.