Ad Fraud Bot Traffic Long Reads

How adtech aims to stop fraudsters ripping off the media business


By Ronan Shields, Digital Editor

December 13, 2016 | 12 min read

Advertisers are doubling down on ad fraud with the industry trade group Trustworthy Action Group (TAG) pursuing a payment ID system which it hopes will help prevent organized crime elements from continuing to siphon money off from the industry.

Ad fraud

The industry hopes a widespread rollout of a payment ID system will help root-out fraudsters from the digital media sector

Last week TAG issued its first round of “certified against fraud” accreditations to several companies, in the hope that will help erode brand-side marketers’ fears over employing digital media, 78% of whom cite it as one of their top reasons for making further investment (see chart below).

This is an issue the Association of National Advertisers claims will cost its members $7.2bn this year alone and TAG hopes that its “rigorous” vetting process will help keep adtech honest by validating those media buyers, owners and adtech intermediaries that sign up to its principles. The hope being that those not on the list will be frozen out of the industry.

eMarketer survey of US advertisers

TAG’s list of certified tech vendors is set to be added to in the coming months according to its CEO Mike Zaneis, further explaining that the fact that the first trench of ATG to receive approval consists of companies on both the buy- and sell-side of the business is encouraging. This means that traffic is likely to be vetted twice, with Zaneis adding that there would be no tolerance for discrepancies in the reporting of fraud.

Further, he goes on to reveal that TAG’s 130 members are sharing anti-fraud intellectual property as a means of furthering the fight against crime. “Information sharing is going to help us filter more effectively,” Zaneis says.

Payment ID system

An additional part of this drive to minimize the lure of adtech to organized crime elements (see here for more analysis of the extent of the input of organized crime) is the introduction of a “payment ID system”, which the industry hopes will make it more difficult for such elements to collect money from the business, ergo make it less attractive to them.

The most effective way to implement and police this system is at exchange level, as it does not require all inventory sources to proactively participate, rather it only requires ad exchanges (which aggregate multiple sources of demand) to participate. Under such a system ad exchanges issue an ID to those on their platform and from here they can begin to implement responsibility, according to participants in the scheme.

Presently, TAG has created the principles of the scheme, and the latest guidelines have been submitted to the Open RTB working group with its “transport protocol” included in the latest Open RTB draft (version 2.5 which is open for public comment until December 16) containing recommendations that the latest standard has a module included that will enable payment IDs.

'Follow the money'

Mike Zaneis, TAG, president and CEO, says “following the money” is the most crucial part of keeping the internet honest, and that is at the heart of the outfit’s endeavor at present.

“It’s about knowing who you’re doing business with, and following the money,” he says. “Things like payment IDs or TAG are important for that … if you look at the IAB study it estimates that about $4.4-or-$4.6bn is lost to fraud … a lot of companies have to ask themselves: ‘what am I doing about it?’"

Steve Sullivan, Index Exchange vice president, also says that “payment ID is about following the money back to its source; that’s what needs to happen in the world of fraud,” adding that in many cases “the answer will be quite shocking”.

He went on to say: “The question over how such companies make their money has already been answered, but question now is ‘who is making that money?”

How does Payment ID work?

This system essentially “ties payment to a known entity” at an ad exchange level, according to Sullivan, who adds that this will make ad exchanges much less attractive to “bad actors” as it would make it more difficult for them to collect the revenues they generate from more honest players in the market.

Previously, a buyer could look back at their data and then realize that a certain percentage of their media buy was fraudulent, but there was little realistic opportunity for them to then go back and know exactly where this fraudulent traffic came from, explains Sullivan.

“They could know they got it from a certain exchange, but there’s no way for that exchange to identify which particular source. However, the payment ID system would enable that, as the buyer can say to the exchange that it won’t pay for these [fraudulent] impressions, and it pushes the responsibility back down the supply chain all the way to the supplier, or the bad source such as people that use bots to monetize their site,” he adds.

TAG’s Zaneis adds: “TAG has anti-fraud certification and works in co-operation with the MRC [Media Ratings Council], and there’s a lot of ways we work with each other to point towards the gaps and at an industry level there’s a lot of things we can do.”

Sullivan continues: “The question over how such companies make their money has already been answered, but question now is ‘who is making that money?”

Locking out the criminals

TAG works with the cooperation of multiple law enforcement agencies

Many in the industry point to organized crime outfits when asked what parties are perpetrating such fraud, with TAG’s Zaneis claiming it is the “sky high margins” and complicated nature of the adtech ecosystem that makes it such an attractive prospect for them.

"It almost doesn’t make sense of them to deal drugs or traffic humans any more,” he says, adding that making it difficult for the operators of bot networks to extract payment from the media industry is key to tackling the problem.

“First we have to protect ourselves [through measures such as its payment ID system] and stop handing money over to criminals, then the next step is to start working with law enforcement,” adds Zaneis.

To help improve the efficacy of its initiative TAG also coordinates with powerful law enforcement bodies such as National Intellectual Property Rights (IPR) Coordination Center to then help the industry hunt down such criminal elements.

“First we have to protect ourselves [through measures such as its payment ID system] and stop handing money over to criminals, then the next step is to start working with law enforcement,” adds Zaneis.

Although the complex nature of the adtech ecosystem makes it difficult to hunt down such criminal outfits authorities in the US are increasingly investigating this area, with such rigor the envy of the media industry elsewhere in the world.

Clients increase scrutiny

Speaking at the most recent IAB Ad Operations Summit in New York, Mitchell Weinstein, IPG Mediabrands, senior vice president of ad ops, shared a panel stage with both Sullivan and Zaneis, where he commented that a lot of his agency’s focus in 2017 would be on improving third-party verification of traffic, particularly in mobile apps (see video below).

He also went on to note how brand-side marketer trade body the ANA is now issuing guidance to its clients that when dealing with their media agencies, and their third-party tech partners, they will not pay for any impressions that are considered fraudulent. This is now being written into the terms and conditions in contracts between marketers their agencies in the US, according to Weinstein.

“That’s going to be a big thing going forward from the buy-side,” he told attendees. “One of the things that we’re going to start pushing for also is mobile fraud, there’s a movement out there to have an open source code for SDK integration to have a verification for apps. As more and more traffic goes into apps and a mobile environment that’s an important area,” he added.

“We need to be able to measure fraud, as it’s no longer safe just to assume that because it’s in-app it's viewable and so forth, because that’s just not the case. So we really need to be able to focus on those kinds of environments, because that’s where the consumers are.”

In-app mobile inventory is no longer a safe bet

Weinstein's claim that it is no longer safe to assume that in-app mobile inventory is fraud-free is backed up by research from adtech outfit Sizmek which recently released data which shows that fraudulent traffic appears on over half (52%) of uncertified apps and in nearly one tenth (8%) of certified app traffic.

The whitepaper – dubbed Advertising Fraud in Mobile Apps – alleges a “staggering volume of malicious traffic” contained within mobile apps, with the nefarious activity taking place in the form of ad impressions generated by bots, as well as non-viewable ads being served.

Sizmek found flaws in the vetting processes of multiple types of app stores

Sizmek analyzed around 20 billion app impressions on iOS and Android devices, and found that 52% of the 24,000 apps not certified by official stores, such as Apple’s App Store or Google Play, were discovered to be generating “malicious traffic”.

A more concerning finding for advertisers was that although official app stores provide a layer of oversight to prevent fraudulent apps from entering the marketplace, they still find their way onto mobile devices. This is often the case whenever “malicious app developers” produce sophisticated fraudulent apps that can evade regular levels of fraud detection.

Zach Schapira, Sizmek, product marketing manager, adds: “Uncertified apps have become a breeding ground for fraud, so brands need to be vigilant with their mobile targeting as well as their blacklists when seeking safe options to reach and impact audiences via mobile.

“If an advertiser is deploying a piece of their budget towards in-app advertising, it’s important that they understand that malicious activity does not discriminate.”

Breakdown in communication


Meanwhile, a separate comScore study of over 250 publishers carried out by 614 Group and Distil Networks found a trend that would pose worries for media owners, namely that they are unaware of how their traffic is rated.

The study found that 80% of publishers don’t have insight into how their traffic is audited by third-party measurement tools when it comes to them detecting non-human traffic (NHT).

It goes on to state that only one-third of publishers actively block NHT, yet around 70% of publishers think they can demonstrate a return on investment around anti-NHT efforts across both campaigns and per-client projects.

Rob Rasko, 614 Group, cofounder and CEO, says the results demonstrate a clear breakdown in communication between the buy- and sell-side of the business, a problem proliferated by fragmentation in the measurement of NHT by anti-fraud adtech vendors

“Publishers get a notification from a buyer saying they’ve got some NHT on their site, and when they ask what exactly they mean, or which impressions are at fault, that’s where the communication really breaks down,” he adds.

Other key insights in the report are that 78% of publishers are “victims of NHT”, yet only 38.4% purchase traffic from third parties (a concern raised by TAG’s Zaneis and IPG’s Weinstein when on stage at the recent IAB Ad Ops event).

Meanwhile, 74% of publishers participating in the study claim that traffic quality issues are a regular part of their pre-sales discussions with the buy-side of the industry, with only 5% claiming they have a dedicated anti-fraud officer within their organization.

“Publishers are doing a good job when it comes to digital, but marketers read headlines about billions of dollars being wasted and then they think that digital is tainted, something has to be done to bridge that gap,” adds Rasko.

For more digital marketing news see The Drum's dedicated section.

Ad Fraud Bot Traffic Long Reads

More from Ad Fraud

View all


Industry insights

View all
Add your own content +