Yahoo! recently finalized their consolidation of all their individual affiliate programs at Commission Junction to a single one. The Yahoo! Search Marketing affiliate program was one of them. Although the old YSM program was closed at CJ are old affiliate links and banners still working, but without tracking commission (free traffic for Yahoo!, way to go). This flaw itself has nothing to do with Yahoo!, but is a questionable and known “feature” of Commission Junction.
I don’t want to rant (again) about this , but it exposed a flaw in the code of the YSM landing page, which is not only embarrassing but probably also causes the folks at the Yahoo! customer service department to start believing in the existence of parallel universes.
I can only imaging what must go through the head of a CS rep due to claims made by new YSM advertisers that swear by the life of their mother that Yahoo! promised but never provided them with the advertised amount of free clicks. Not advertised on another website or old magazine, but on the YSM sign-up page itself.
The problem is a flaw in the landing page code of script located at searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php.
Affiliate Links redirect to that script with a number of URL parameters, such as the affiliate ID, a number of other parameters and two parameters which we will exam in more detail now.
The “o” parameter is used to pass on the Coupon Code that grants the discount to the customer to the sign-up script. The old Coupon Code that was good for $50 in credits was USCJ17 for example (o=USCJ17). It was replaced with the new coupon code USCJ16, which is good for only $25 in credits for clicks (o=USCJ16).
The other parameter is “b”, which contains the discount amount. b=50 would be a $50.00 discount for example.
The value for “o” is not validated by the script whatsoever and “b” can be any amount Yahoo! seems to offer as discount. It shows $0 on the page if the amount does not seem to be right. 100 (= $100 discount) does not work for example, but 75 ($75) seems to be a valid promotion amount, because it is accepted as value.
Check out this fake URL and see for yourself what Yahoo!’s own website is telling the visitor:
Note: The URL is fake, no discount will be granted!
Here is a screen shot, because I don’t expect the link to work the way it does work today for much longer.
Advice to Yahoo!: Tell one of your developers to add a check for the coupon code (URL parameter “o”) and return an error, if it is an invalid or expired coupon (yes, show two different messages to avoid customer service issues and confusion).
While you verify the validity of the coupon code, pull also the actual discount amount that the customer gets with the coupon from the database and ignore the “b” parameter altogether.
I sent the affiliate management team of the Yahoo! affiliate program an email about this flaw and the issue with old, but seemingly working YSM promo banners and links already. I also told the AM about my blog post here at SEJ. Blogs tend to expedite response times by internet companies from time to time.