Event Risk Explained | Affiliate Marketing Express

Quick Answer Event Risk is impact.com's built-in fraud and quality scoring system. It looks at each affiliate conversion — the click pattern behind it, the partner, the device, the timing — and flags the ones that look suspicious so you can review or reject them before paying out. You lean on it whenever you want a safety net against bot traffic, coupon abuse, and other forms of commission leakage.

What it is

Event Risk is a scoring layer that sits between a conversion landing in your account and you actually paying commission on it. Every time a sale or lead is tracked, impact.com assesses how "trustworthy" that event looks — based on signals like the click that preceded it, the partner's history, repeated patterns, and other behavioural fingerprints — and assigns it a risk level. High-risk events get surfaced so a human can take a look before money changes hands.

Think of it like the fraud team at your bank. When you tap your card for a coffee on your usual street, nothing happens — the transaction sails through. But when that same card suddenly buys electronics in another country at 3am, the bank freezes it and asks "was this really you?" Event Risk does the same thing for affiliate conversions: routine, normal-looking sales pass quietly, while the odd-looking ones get held up at the gate for a second opinion. It isn't deciding guilt — it's raising a hand and saying "this one's worth a closer look."

Why it matters

Affiliate fraud is rarely dramatic. It's not usually one giant fake order — it's a slow drip of small, plausible-looking conversions that quietly siphon budget month after month. A partner stuffing cookies, a bot farm clicking links, a "coupon" partner intercepting checkout traffic they never earned: each individual event looks fine, but in aggregate they can eat a meaningful chunk of your payout before anyone notices the numbers don't add up.

The reason Event Risk matters is timing. Catching a bad conversion after you've paid is a clawback nightmare — awkward partner conversations, disputed invoices, money you may never recover. Catching it before you pay is just a click in a review queue. Every flagged event you reject is budget that goes back into rewarding partners who actually drive incremental sales, instead of subsidising the ones gaming the system. For a programme manager, that's the difference between defending your budget and watching it leak.

How it works

From your side as the advertiser (the brand running the programme), the flow looks like this:

A conversion is tracked. A partner drives a sale or lead, and impact.com records the event along with the click trail, partner, device, and timing data behind it.
The event is scored. Before the conversion is locked in for payment, the platform evaluates its risk signals and assigns it a level — low, medium, or high — reflecting how likely it is to be fraudulent or low quality.
Risky events are flagged. Conversions that cross your risk threshold are held back from automatic approval and routed into a review state instead of sliding straight toward payout.
You set the rules. Decide what should happen at each risk level — auto-approve the clean ones, hold the borderline ones for manual review, and optionally auto-reject the worst offenders.
You review the queue. Open the flagged conversions and look at the detail: what triggered the flag, which partner it came from, and whether the pattern matches a known issue or is just an unusual-but-legitimate sale.
You approve or reject. Clear the genuine conversions through to payment and reject the ones that don't hold up — keeping that commission in your account.
You feed back patterns. Use what you learn to tighten partner terms, pause repeat offenders, or adjust your thresholds so the system gets sharper at separating good traffic from bad.

Common mistakes

Treating every flag as guilt. A high risk score is a prompt to investigate, not a verdict. Legitimate sales sometimes look odd — a deal-hunting customer, an unusual device, a burst of traffic from a viral post. Reject blindly and you'll punish good partners and sour relationships. Always review before you reject.
Ignoring the queue entirely. The opposite failure: flags pile up unreviewed, defaults quietly approve everything, and the safety net does nothing. Event Risk only protects you if someone actually works the queue on a regular cadence.
Setting thresholds and never revisiting them. Fraud tactics evolve, and so does your partner mix. Thresholds you set at launch may be too loose a year later. Treat them as a dial you adjust, not a switch you flip once.
Not documenting your decisions. When you reject a conversion, note why. Without a record, partner disputes become your word against theirs, and you can't spot the repeat offenders forming a pattern over months.

Reporting tips

The dashboard is where Event Risk turns from a vague safety feature into hard intelligence about your programme's health. Start by tracking the share of conversions flagged each week — a stable baseline is normal, but a sudden spike usually means a single partner or a new traffic source has started misbehaving, and that's your cue to dig in.

Break flagged events down by partner: a handful of partners almost always account for the bulk of risky conversions, and isolating them tells you exactly where to focus. Watch your rejection rate too — if you're rejecting most of what gets flagged, your thresholds may be too loose and letting obvious junk through; if you're approving nearly everything, they may be too tight and creating busywork. Finally, keep an eye on the gap between conversions tracked and conversions approved over time. A widening gap is an early warning that quality is slipping before it shows up in your margins.

When to use / when not to use

Lean on Event Risk when…	Be cautious when…
You run an open or large programme where you can't personally vet every partner driving conversions.	Your programme is tiny and every partner is hand-picked — manual review may already cover you, and over-tight rules just slow legitimate payouts.
You work with coupon, deal, or high-volume traffic partners where abuse and leakage are common.	A flag lands on a trusted, long-standing partner — investigate the cause before assuming bad intent and damaging the relationship.
You've seen unexplained spikes in conversions or suspect bot traffic eating your budget.	Nobody is assigned to work the review queue — an unused safety net protects no one and may give false confidence.

Related guides

← Back to impact.com hub

Frequently asked questions

Does Event Risk automatically reject conversions for me?

Only if you configure it to. By default it scores and flags risky events for review rather than rejecting them outright. You decide the rules — auto-approve low-risk events, hold medium-risk ones for a human, and optionally auto-reject the highest-risk band. Most managers keep a person in the loop for anything borderline.

Can a legitimate partner get flagged by mistake?

Yes, and it happens regularly. A genuine sale can look unusual — a customer on an odd device, a sudden burst of traffic from a viral mention, or a deal-hunter with a strange click path. That's why a flag is a prompt to review, not proof of fraud. Look at the detail behind the score before you reject anything.

What's the difference between Event Risk and clawing back a bad conversion later?

Timing and cost. Event Risk catches suspicious events before commission is paid, so rejecting one is a simple click. A clawback happens after you've already paid — it means recovering money from a partner, awkward disputes, and sometimes funds you never get back. Stopping the payout up front is always cheaper than chasing it afterward.

Need help with your programme?

Get personalised, expert advice on your affiliate setup — completely free.

Get your free audit →