Sources & Methods

Every applicant gets the same question: are you who you say you are?

A single bad affiliate costs you chargebacks, brand damage, wasted commission, and regulatory exposure. The Scorecard answers that question against the same data infrastructure used by banks, fraud teams, and KYB providers — so your team doesn't have to build any of it.

Request Scorecard Beta Access See the agent marketplace →

The cost of getting this wrong

Up to 38%

of affiliate traffic in some programs is flagged as fraudulent or non-human in industry studies.

Six figures

is the typical recovery cost of a single brand-safety incident tied to a bad affiliate partner.

Mandatory

sanctions screening (OFAC, UN, EU, UK) applies to anyone you pay — affiliates included.

Days → seconds

is the difference between manual vetting and an automated Scorecard verdict.

Directional figures synthesized from publicly reported affiliate-fraud and chargeback studies; your mileage will vary.

Pain 01

They look like a real company. They aren't.

Shell LLCs, fabricated entities, and recycled corporate identities are trivial to spin up and devastating to pay out to. By the time a chargeback or a regulator surfaces them, the money is gone and your compliance team is the one explaining it.

What changes for you: You stop onboarding shell entities registered last Tuesday — without slowing down legitimate applicants.

Signals we draw from

Secretary of StateCompanies HouseOpenCorporatesDun & Bradstreet (D-U-N-S)IRS TIN MatchingVIES (EU VAT)HMRC (UK VAT)MiddeskBaselayerAlloyPersonaStripe IdentityOnfidoJumioVeriffSocureLexisNexisEkataPipl

Pain 02

The website is a storefront, not a business.

A polished homepage hides a lot. Parked domains, throwaway infrastructure, missing mail records, and sites already flagged for malware or phishing routinely apply to programs run by teams that only look at the landing page.

What changes for you: Domains that fail basic operational hygiene or sit on known-bad lists never reach your approval queue.

Signals we draw from

WHOIS / RDAPDNS records (MX, SPF, DKIM)Certificate TransparencyBuiltWithWappalyzerGoogle Safe BrowsingVirusTotalURLhausPhishTankSucuri SiteCheckQuttera

Pain 03

The traffic numbers don't match reality.

Inflated reach, purchased followers, and bot-driven sessions look impressive on an application form. They convert badly, charge back aggressively, and quietly drain commission budgets that should be flowing to real partners.

What changes for you: Self-reported audience claims get reconciled against independent measurement before a single payout is approved.

Signals we draw from

SimilarwebSemrushAhrefsMozSpyFuSerpStatSocialBladeHypeAuditorModashUpfluenceYouTube Data APITikTok Research APIInstagram Graph APIX APIGoogle Analytics OAuthGoogle Search Console OAuth

Pain 04

The domain is older than the business behind it.

Aged domains carry trust signals — and a market of brokers sells them precisely so bad actors can borrow that trust. A 12-year-old domain that was parked for 11 of those years is not the legitimate operator it appears to be.

What changes for you: Dormant flips, parked-and-resurrected domains, and recycled authority surface before they get paid.

Signals we draw from

WHOIS creation historyWayback Machine (CDX API)DomainToolsExpiredDomains.netAhrefs first-seen index

Pain 05

Something changed — and they didn't tell you.

Approval is not a one-time event. Ownership flips, content rewrites, sudden backlink manipulation, and freshly spun-up subdomains all happen after onboarding — and none of them trigger a notification email to the affiliate manager.

What changes for you: Material post-approval changes get flagged so an approved partner doesn't quietly become a liability.

Signals we draw from

Wayback Machine diffsVisualpingHexowatchChangeTowerWHOIS historyAhrefs backlink velocitySemrush backlink velocityCertificate Transparency

Pain 06

They're already on someone's list — just not yours.

Sanctioned parties, prior FTC and state-AG actions, chargeback-ring participants, and spam-ecosystem operators leave fingerprints across dozens of public and private registries. Most affiliate programs check none of them. Regulators assume you checked all of them.

What changes for you: Known-bad actors get caught at the application step — and you have the audit trail to prove you looked.

Signals we draw from

OFAC SDNUN SanctionsEU Consolidated ListUK HMTComplyAdvantageRefinitiv World-CheckDow JonesSayariSardineBBBTrustpilotSitejabberReseller RatingsFTC actionsState AG actionsFMTCScamAdviserNetwork blacklistsSpamhausSURBLURIBLPACERCourtListenerEthocaVerifiKountSiftForterSEONMaxMind minFraudEmailAgeIPQualityScoreHunter.ioTwilio LookupTelesign

Why this matters to your P&L

Vetting isn't an academic exercise — it's a line item. Every pain above maps directly to a number your finance team already tracks.

Lower chargeback exposure

Fewer payouts to traffic that was never going to convert cleanly.

Fewer brand-safety incidents

Partners whose sites or histories would embarrass you don't get in.

Faster onboarding for good partners

Legitimate applicants clear in seconds instead of waiting on a manual queue.

Audit-ready compliance trail

Sanctions, KYB, and reputation checks are documented per applicant, by default.

We publish the sources we draw from because credibility matters. We don't publish how we weight, sequence, or threshold them — that's the product, and publishing it would only help the people we're built to catch.

Stop guessing who your next affiliate really is.

The Scorecard is in private beta. Tell us about your program and we'll get you set up.

Request Scorecard Beta Access See the full agent marketplace →