How does GrowSurf's anti-fraud system work?

Our anti-fraud system takes into account both client-side and server-side factors in a comprehensive manner.

On the client-side, we use a combination of highly accurate browser fingerprinting methods that check for and validate new participants entering the referral program. This allows potential fraudsters to be identified beyond just their IP address, and can target the user whether they are in a private browser mode instance, or using different browsers and changing browser screen sizes, etc.

Once data is submitted to our servers, the new participant's information will also be processed and validated through a series of proprietary anti-fraud measurements to classify the fraud risk-level of the new participant (e.g, '[email protected]' is identified as similar to a participant with email '[email protected]').

You can choose from two settings to set your referral program's anti-fraud behavior from the Campaign Editor: (1) Loose and (2) Strict.

  • Loose: Allow any new participant to join your campaign, even if identified as having a high or medium fraud risk level (fraudsters will always be visibly marked in your dashboard).
  • Strict: Completely block all new participants with a high fraud risk level from joining your referral campaign. GrowSurf will also assess behavior and characteristics of new participants during a specific threshold of time, and block them if a suspicious pattern is detected.


Participants will have a fraud tag associated with them if they have either medium fraud risk or high fraud risk:

  • Medium fraud risk: There is a good chance the participant is a fraudster, however our system is not 100% certain. We recommend that you review the participant in detail. 
  • High fraud risk: Our system is overly confident that the participant is a fraudster.


Additional anti-fraud tools

In addition, GrowSurf also offers additional anti-fraud tools that are available to you within the Campaign Editor - Options page, and on your dashboard:

Blacklist email and IP addresses (with wildcard support) and countries

Blacklisting email addresses and IP addresses support wildcards (e.g, using patterns such as gavin*@hooli.com).

Whitelist email and IP addresses (with wildcard support) and countries

Any values in the whitelist will always will override any blacklisted values.

Enable Google reCAPTCHA

For full instructions on how to enable reCAPTCHA, please see this article.

Bulk delete fraudsters from your dashboard

Trace original fraudsters

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.