Key takeaways
- Velocity rules limit how many events one device or IP can produce in a time window before being flagged.
- Bots and self-referral rings betray themselves through volume no real audience matches.
- Device velocity catches abuse from a single machine; IP velocity catches click farms and shared-exit fraud.
- Set thresholds against your real traffic baseline, not arbitrary numbers, to avoid false positives.
- Afflio lets you define device and IP-velocity fraud rules that flag or hold outlier traffic automatically.
Most affiliate fraud is, underneath, a volume problem. A human buys once, maybe twice; a bot signs up a hundred times; a self-referral ring cycles the same device through dozens of purchases. Velocity rules are how you turn that volume signature into an automatic defense — they watch the rate of events per device and per IP, and act when the rate exceeds anything a genuine audience would produce.
What are velocity fraud rules?
Velocity fraud rules are thresholds on how many clicks, signups, or conversions a single device or IP address can generate within a time window before the traffic is flagged or held. They measure rate, not just total volume — the speed at which events arrive from one source is what separates a real user from automation.
Why do device and IP velocity expose fraud?
They expose fraud because fraud concentrates volume on few sources while real traffic spreads across many. A legitimate campaign reaches thousands of distinct devices and IPs, each producing a handful of events. Fraud collapses that distribution: one device behind dozens of conversions, or one IP behind a wall of signups. That concentration is the tell.
- Device velocity catches a single machine driving repeated conversions — the hallmark of self-referral and manual fraud.
- IP velocity catches click farms, server-side bots, and many fake accounts sharing one network exit.
- Together they cover both the 'one person many times' and the 'one network many identities' patterns.
- Spikes that breach a velocity threshold are exactly the outliers worth a human's attention.
Watch the rate, not just the count
A device producing 30 conversions over six months may be a power user; the same 30 in an hour is fraud. Velocity rules work because they bound events per unit of time — the dimension that distinguishes a real, paced human from automated bursts.
How do you set thresholds without blocking real partners?
You set thresholds by measuring your real traffic first, then drawing the line above the busiest legitimate behavior. Arbitrary numbers either let fraud through or punish your best partners; calibrated numbers separate the two cleanly.
- Baseline your normal traffic: how many events does a busy-but-legitimate device or IP produce in your typical window?
- Set the threshold comfortably above that baseline so honest power users don't trip it.
- Prefer flag-and-hold over hard-block at first, so you can review borderline cases instead of losing real conversions.
- Tune over time as you learn which patterns were fraud and which were false positives.
Remember shared networks exist: offices, universities, and mobile carriers can put many real users behind one IP. That's why device velocity and identity correlation matter alongside IP velocity — so a busy corporate network doesn't get mistaken for a click farm.
A good velocity rule is invisible to every honest partner and unmissable to every fraudster. If real partners are tripping it, the threshold is wrong — not the partner.
Afflio lets you define device and IP-velocity fraud rules directly on your program. Traffic that breaches a threshold is flagged or held automatically and routed for review, so high-velocity abuse is caught at ingestion rather than discovered in a payout report weeks later. Paired with clawbacks, anything that slips past the rule and is later confirmed as fraud can still be reversed.
What is an IP-velocity fraud rule?
An IP-velocity rule limits how many clicks, signups, or conversions a single IP address can generate within a time window before the traffic is flagged or held. It catches click farms, bots, and many fake accounts sharing one network exit, because real campaigns spread across many distinct IPs.
Won't velocity rules block legitimate high-traffic partners?
Not if you calibrate them. Baseline your real traffic first and set thresholds comfortably above the busiest legitimate behavior, and prefer flag-and-hold over hard-block so borderline cases get reviewed. The goal is a rule invisible to honest partners and unmissable to fraudsters.
What's the difference between device and IP velocity?
Device velocity counts events from a single machine and catches one person converting repeatedly, such as self-referrals. IP velocity counts events from a single network exit and catches click farms and many fake identities behind one connection. Using both covers both fraud patterns.