I have a bunch of websites - around 20 - and we are affiliates of a major player in our industry. Traffic is tracked via a ClientID string number and sales made are tracked and paid monthly.
Recently I discovered what I perceived to be a wrong ClientID reference string on one of our websites and to cut a long story short, I went on to discover that the number was the affiliate number of an ex-employee who had set up a number or very similar websites to mine and had registered as an affiliate of the same major player.
Using his ClientID on my websites in order to claim OUR sales commissions as his.
Customers booking on our websites were credited to HIS affiliate ID.
Using the waybackmachine Internet archive, I went on to discover this had been going on for 2 years over most of our websites.
My question is , what is a clever way to detect/police this activity for the future ?
ClientID's are sprinkled throughout the websites and it would take a huge amount of time to check each website daily.
Of course, doing all the coding myself and not relying on staff would do the job, but it's not practical because of the size of the websites. I need to use labour.
Trust and verify but how to verify in the most effective manner.
Any ideas please how to lock the door after the horse ... etc...?