Posted by Greg Lems, VP of Information Technology
Remember the good old days, when you could put a personal check in an envelope and leave it in your mailbox with the little red flag up? Nowadays the media is full of reports about identity theft rings, some of which collect bank account information by harvesting checks from mailboxes. Although incidents of this nature have increased in recent years, the overall chances of it happening are actually still quite low. Nevertheless, I won’t leave an outgoing check in my mailbox, because it can’t hurt to be extra safe.
In a somewhat similar manner, it is important for ClickBank publishers and affiliates to protect their Hoplink information. Hoplinks are the key to the ClickBank Marketplace. Affiliates create them to promote publisher products, and publishers rely on them to drive traffic their way.
ClickBank has put a tremendous amount of effort into the reliability and security of its Hoplink system. It is closely monitored and designed to provide every protection possible, so that affiliates get proper credit for their sales. At its heart, however, the Hoplink system relies on URLs to work and as a result information can be exposed about the affiliate for the sale. Luckily there is a way to avoid such exposure.
“Hoplink theft” is a term used to describe the act of changing Hoplinks so that they credit a different affiliate. A hardworking affiliate may place Hoplinks across many sites on the Internet, but a person with their own ClickBank account and bad intentions could, with some manual steps and scheming, create an identical Hoplink to the hardworking affiliate, but with their own nickname substituted in. This typically happens in one of two places: when a Hoplink is placed in an ad by an affiliate, or at payment time when a publisher attempts a quick hop to a different affiliate just before payment. It isn’t a common problem, and when we encounter it we swiftly discipline the dishonest parties. There are steps, however, that can be taken to prevent it from happening in the first place.
To avoid the first form of Hoplink theft, we recommend cloaking your Hoplinks. This involves the creation of redirects that will take users to the intended destination without showing them the exact URL they are being sent to. This can be done either with a bit of HTML that surrounds the Hoplink, or with some server-side scripts for redirects. More information is available on this topic here:
Additionally, there are 3rd party products available to cloak Hoplinks. Although ClickBank does not specifically endorse any of these products, we encourage anyone seeking cloaking functionality to investigate what’s out there and available, as there are a number of different ways to perform this simple redirect.
To avoid the second form of Hoplink theft, we recommend that you examine the order flow of the products you are promoting to ensure that additional Hoplinks have not been added to the ordering process. The most straightforward way to do this is to click your own Hoplink, view the publisher’s pitch page and then click through to the ClickBank order form. At the bottom of the order form you’ll see an indicator that starts with “affiliate=.” If your Hoplink was constructed correctly, your affiliate nickname will appear there. It is a good practice to regularly check this flow to ensure you receive proper credit for sales.
Hoplink theft is not common. If you suspect it is happening, you can report it to firstname.lastname@example.org and our security team will investigate. By cloaking your Hoplink URL and paying attention to the order flow of products you promote, you can ensure protection of your hard-earned ClickBank commission. Just like when mailing a check, the likelihood of something undesirable happening is low, but it doesn’t hurt to be safe.