Google’s latest buy demonstrates its intent to take on the scammers
As anyone who’s ever worked in the business will tell you, advertising is one of the most heavily-regulated business activities out there.
Google has bought fraud spotters Spider.io
First of all, ads need to be worked over by the lawyers and compliance people before they even get made; and then, in the case of TV ads, they need to be cleared by Clearcast, the NGO that pre-approves advertising. The list of things you can’t advertise, and the claims you cannot make, gets longer by the year.
Then, if just one punter complains about your TV or press ad to the Advertising Standards Authority, and the ASA decides that the complaint is justified, your ads will be withdrawn immediately. So, despite its reputation as a freewheeling, highly creative industry, advertising and media is also very tightly controlled. Given the enormous power of advertising to change behaviour and shape our perceptions of the world around us, this is probably just as well.
However, there is one advertising channel – online, as you might have guessed - that has the whiff of the untamed Wild West about it, where bad and questionable behaviour sometimes goes unnoticed and unpunished.
This isn’t necessarily because the internet is a lawless domain; it’s just that it’s relatively difficult to regulate, and the high levels of automation and self-service mean that abuses of the system are all too tempting. A very high level of human decision making (backed up with data) goes into placing TV, press or poster ads – this isn’t always the case online. Machines, crunching data and monitoring traffic all the while, make most of the decisions online. And machines can be fooled or fixed rather more easily than people.
One company which will be concerned by all of this is Google. Despite all its extra-curricular activities – operating systems, phones, thermostats, social networking, smart spectacles and the like – Google still makes the vast majority of its profits (around 70 per cent, according to most estimates) from advertising; or, to be more specific, Adwords. So, last year, about $9bn of its $13bn profits came from people clicking on those ads you see at the top or on the right-hand side of your Google searches.
But hackers and fraudsters are smart, and many will have seen that Adwords, and systems like it – while brilliantly simple and clever – can be fooled. One particularly insidious, and increasingly common, fraud is the use of “bots” (automated systems or “robots”) to simulate clicks. Advertisers pay for the clicks, as they agreed to do, but they might not be genuine – who can tell?
Because Google’s entire business is built largely on serving up ads that people then view or click on, you can see why Mountain View might be a tad worried – after all, this kind of thing threatens to undermine its business model.
One particular London-based start-up has made a name for itself fighting these practices, Spider.io, and this company was acquired (for an undisclosed sum) by Google last week. Spider, which was founded by Douglas de Jager, has only been going three years, operates in a very specialised niche and employs just seven people - so it won’t be the largest deal Google has ever done.
But I do think it’s worth looking at, as a statement of the search giant’s intent.
Spider.io is essentially an anti-malware company that identifies (importantly, in real time) the type of automated agent responsible for ad requests. Its technology is designed specifically to detect attacks originating from PCs infected by malware. It’s staffed by some very smart people – from what I’ve been able to discover, they include three PhDs and a an ex-Yahoo natural language processing and artificial intelligence expert. Acquiring this kind of talent will of course be very important to Google. But what will have also attracted Sergey, Larry and Eric will be Spider’s reputation for uncovering fraud.
Last year the company uncovered a “botnet” (a collection of internet-connected programs communicating with other similar programs in order to perform tasks) called Chameleon which was, according to estimates, costing advertisers $6m a month between December 2012 and March 2013. Until the discovery of Chameleon, most botnets stole advertising revenue through text-only advertising, such as the search engine advertising you might see at the top of your Google page. But Chameleon marked a step-change for the fraudsters, because it worked on display advertising.
Interaction with display advertising is difficult to fake, but the fiendishly clever bot was able to mimic human interaction with a website so that no one suspected there is a bot behind the click, hence the name Chameleon. The bot only clicked on an advertisement 0.02% of the time, and it re-creates “normal” mouse traces — or where the mouse hovers on the webpage — as well as “random” click-throughs on a specific advertisement. That is, it doesn’t click the ad in the same spot every time. That’s the level of sophisticated fraud we’re dealing with.
The botnet specifically targeted 262 (unnamed) websites and accounted for a staggering 65% of the traffic served to those websites. Spider.io was able to detect at least 120,000 “host machines,” thus far, and it says the majority of them are from United States IP addresses.
The fact that the seven-strong team at Spider was able to find out all this is as impressive as the fraud itself, so it’s easy to see why Google swooped for them. I suspect we will see more businesses of this type scooped up, and at increasingly high prices.
Last year the global online advertising business was worth $116bn; defrauding this market, providing you have the technological nous, is comparatively easy, making it incredibly attractive to ambitious scammers.
Google estimates fraud costs advertisers and companies such as itself at least $10bn a year, so it’s easy to see why Google, big online advertisers like Amazon or IBM, and agency groups like WPP or Publicis take the problem seriously. As Neal Mohan, Google’s vice-president for display advertising, told the Financial Times last month: “Ad fraud is the pollution problem of the web.”
It’s a problem that won’t go away. Over the years Google and the like have poured millions into tackling the problem, but the problem persists because as soon as a scam is exposed, another one pops up.
Of course Google has to do something about the problem, because it threatens its profits. But it also seems to be taking a lead. I think that the Spider acquisition, and the expertise that comes with it, will help it tackle the issue in both the long and the short term. Short-term, Spider’s systems can be built into Google to offer clients fraud protection. Long-term, it will give those clients confidence that the industry leader is taking the issue seriously. As Mohan said: “Advertisers [need] to value the media they are buying."
Andrew Moss is a partner at Green Square, corporate finance advisors to the media and marketing sector.