The scenario I'd described before was only plausible ~if~ we allowed Affiliates to compose their own link URLs by arbitrarily combining their Affiliate ID with any Merchant IDs and Product IDs, so they could generate fraudulent sales across a wide number of Merchants and products to avoid detection. Instead, we require Affiliates to obtain their unique link codes from us manually for each Merchant's program, and if they get Affiliate code for just your own program and suddenly try to generate a large number of fraudulent payments credited to that one Affiliate's links, well you'd notice that pattern and could delete (=ban) the Affiliate from your program and refuse to pay those commissions.
Moreover, after that discussion of our unique Affiliate link format and the reasoning for the ev= hash value, I found out we have devised other behind-the-scenes mechanisms to actively detect and block abusive/fraudulent transaction patterns (Affiliate-related and otherwise). Because of those built-in fraud controls, the unique link format is actually by now a bit of vestigial overkill (like a padlocked fence gate which is retained after a fully-functional bank vault door is installed behind it), which we could actually eliminate without much risk. We've kept the link format as-is because some Merchants may find it reassuring, and sketchy would-be Affiliates may find it deterring, not to mention that eliminating the ev= hash value would require significant rewriting of our Affiliate module, so more-urgent programming tasks have taken precedence.