SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Online shopping split legit vs scam broken partnership chains
#
MarTech
#
Payment Technologies
#
e-Commerce

Rakuten drops Honey extension amid affiliate fraud row

Wed, 21st Jan 2026
Author image
By Mark Tarre, News Chief

PayPal-owned browser extension Honey has lost access to around 2,000 clients after Rakuten removed it from its advertising network amid allegations of affiliate link substitution and commission theft from content creators.

The dispute centres on claims that Honey changed the attribution on purchases when a consumer used a creator's affiliate link while the extension was installed. Critics said the extension replaced the creator's tracking link with its own at the point of purchase. That approach could shift the "last click" commission away from the creator and towards Honey.

The episode has drawn attention to the mechanics of affiliate marketing, where merchants pay commissions for sales attributed to partners such as publishers, influencers, loyalty programmes, price comparison sites and browser extensions. The channel sits alongside broader digital advertising, where attribution and measurement remain contested as marketers assess value across platforms and partners.

Chad Kinlay, CMO of ad tech company TrafficGuard, said the Honey case showed how fraud tactics have evolved in areas that many brands still treat as lower-risk than display or search advertising.

"Advertising fraud is becoming increasingly sophisticated, and without intervention, this problem will continue to plague the industry and weaken consumer trust in brands. Honey, a popular browser extension owned by PayPal, has been terminated from the Rakuten Ad Network after it was alleged the company had been stealing from content creators and misrepresenting itself to consumers. It was claimed that when consumers with the Honey extension installed and clicked on a creator's affiliate link, Honey would substitute its own link when a purchase was made. Capturing the last click like this means that Honey would earn the commission that should be rightfully attributed to the creator," said Chad Kinlay, CMO, TrafficGuard.

Affiliate economics

Affiliate programmes typically reward the partner that receives attribution for the conversion. Many programmes use last-click measurement, which credits the final tracked referral before a purchase completes. This can create incentives for intermediaries to position themselves at the end of the purchase journey, even where they have not introduced the customer.

Honey built a large footprint as a browser extension that presents voucher codes and shopping offers during checkout. The allegations against it focus on whether it claimed commissions even when it did not deliver a discount or other incremental value on a transaction.

Kinlay framed Rakuten's move as a marker for how affiliate networks and merchants may respond when attribution disputes involve large partners.

"When a high-volume affiliate partner loses access to thousands of merchants overnight, it reinforces a hard truth many brands are already tackling, that scale without transparency does not equal value," said Kinlay.

Network response

Rakuten's decision could influence how brands evaluate affiliate partners, including browser extensions and loyalty tools that sit between a customer and the merchant during checkout. The affiliate channel depends on trust between merchants, networks and publishers, and disputes over attribution often affect smaller creators first because they lack leverage in the supply chain.

Kinlay said the case also underscored limited visibility for advertisers into where spend and commissions end up.

"Rakuten's decision on Honey is a signal of where the affiliate marketing industry is heading. Brands are largely unaware of the substantial losses from ad fraud and just how quickly they are adding up. Tactics like affiliate fraud are perfect for fraudsters as they allow them to steal attribution from a legitimate partner to siphon advertising budgets without brands even realising they're paying the wrong source," said Kinlay.

How fraud works

Affiliate fraud can take several forms, ranging from unauthorised voucher sites and trademark bidding to more technical tactics that manipulate tracking. A key risk involves misattribution, where a commission is paid to a party that did not drive the conversion.

Kinlay pointed to cookie stuffing as one method used to force attribution to a bad actor. The practice involves adding tracking cookies to a user's browser without a clear, legitimate referral action by that partner.

"Fraudsters leverage methods like cookie stuffing to secretly attach multiple irrelevant third-party cookies to a user after they visit another affiliate's website or click their link. If the user ends up visiting the target website and converts, the bad actor gets the credit, not the affiliate that has genuinely brought traffic to your site," said Kinlay.

He said the impact reaches beyond the initial commission payment and can distort how marketers optimise campaigns and allocate budget.

"Misattribution happens without advertisers ever being the wiser, leaving companies paying out redundant traffic. The problems don't stop there however, as companies begin to optimise towards the fraudulent source falsely believing it is driving results. In reality, incentives are misaligned and budgets are drifting away from genuine growth," said Kinlay.

Brand safeguards

Brands that rely on affiliate programmes often manage hundreds or thousands of partners. That scale can complicate oversight, especially where networks and intermediaries sit between the merchant and the end partner. Marketers also face pressure to keep acquisition costs down, which can lead to an overreliance on last-click metrics.

Kinlay argued that advertisers should challenge attribution assumptions and demand clearer explanations of how partners influence conversions.

"For brands relying on affiliate programmes, it's crucial to learn that if you cannot clearly explain who influenced the conversion and why, someone else is probably getting paid for it," said Kinlay.

He said monitoring and partner review should be treated as an ongoing requirement rather than a one-off audit.

"Just as businesses rely on antivirus software to protect their networks, advertisers need to safeguard their digital channels against a growing wave of ad fraud. One of ad fraud's biggest strengths is its ability to go undetected, but this can be circumvented with active monitoring. Advertisers should be screening new partners, reviewing their platforms, and weeding out unethical affiliates. Actively monitoring your analytics and clearing out suspicious affiliates will ensure they aren't getting away with ad fraud, and cleaner optimisation leads to growth that brands can actually trust," said Kinlay.

Related stories
Gr4vy adds Sardine tools to unify fraud & payments
Veriff & Data Zoo partner to combat AI identity fraud
Australia’s cyberattack surge demands a new approach to data resilience
Fake Olympics shop ads on Meta target fans’ wallets
Asia-Pacific firms hit tech hurdles scaling agentic AI

Top stories

Most enterprises unprepared for HPE’s virtualisation reset
Why Australian superannuation funds need to prioritise security for their customers with strong MFA
Milestone chooses Australia to launch 2026 MXD series
CrowdStrike Falcon now available via Microsoft Marketplace
Macquarie boosts loan to fund Sydney AI data centre