Digital Transformation Ad Spend Adtech

IAB Tech Lab escalates attack on CTV ad fraud with ads.cert 2.0


By Kendra Clark | Senior Reporter

September 30, 2021 | 6 min read

The Interactive Advertising Bureau Tech Lab has unveiled the second evolution of its ads.cert framework for improving transaction transparency in the programmatic advertising pipeline. The new ads.cert 2.0 includes additional layers of cryptographic security and is designed to reduce ad fraud within the CTV space.

TV glitching while man in suit is talking

IAB's new ads.cert 2.0 could create help reduce ad fraud on CTV

The Interactive Advertising Bureau (IAB) Tech Lab, a technology group at the leading standards-setting industry group, today announced that it is rolling out a new standard – dubbed ads.cert 2.0 – designed to combat ad fraud across the digital ad ecosystem. Using high levels of cryptographic security, ads.cert 2.0 aims to help ensure that media buys are secure and legitimate, thereby giving advertisers more confidence in the value of their investments.

While the standard hopes to improve security and reduce fraud across channels, ads.cert 2.0 was specially designed to protect ad buys on connected television (CTV) – a notoriously hard-to-measure and fraud-riddled landscape.

“What is needed for further trust and confidence in buying through programmatic channels is security and integrity within the buying protocols,” Shailley Singh, senior vice-president, product management at IAB Tech Lab, tells The Drum. The new ads.cert 2.0 framework aims to solve that.

Singh points out that buyers generally receive ad requests via one of two sources: user devices or server-to-server communications acting on behalf of a user device. This latter method is often called server-side ad insertion (SSAI). SSAI pairs an ad (coming from one server) with the content shown on-screen (delivered via another server) in real-time. Unfortunately, the structure of this type of ad-serving renders it particularly vulnerable to meddling – SSAI-related fraud is among the most prevalent kinds of fraud seen in CTV today.

Reducing SSAI ad fraud: reading the (call) signs

Created by the IAB Tech Lab’s Cryptographic Security Foundations Working Group, the ads.cert 2.0 standard sets guidelines for safer programmatic and SSAI transactions. It includes a handful of protocols that give advertisers and publishers elevated visibility into the entire transaction process to provide them greater confidence in the legitimacy of the businesses with whom they’re working, the data being exchanged, the impressions and the devices upon which ads are served.

With the new ads.cert 2.0, the ‘Call Signs’ protocol, for instance, allows a company to accurately identify other companies involved in a specific ad transaction, thanks to Domain Name System records. Using the new ‘Authenticated Connections’ protocol, advertisers and publishers can feel confident in the authenticity of the origin of a request and can help prevent interference in server-to-server requests. Ads.cert 2.0’s ‘Authenticated Delivery’ protocol authenticates the data in a given bid request, allowing buyers and sellers to see if the price or location of a given bid have been tampered with. Finally, the ‘Authenticated Devices’ protocol attests to the legitimacy of the device on which a given ad is being served.

Within the CTV ecosystem specifically, the ‘Authenticated Connections’ protocol may help to ward off SSAI-related ad fraud. “Most server-to-server communications [e.g. SSAI interactions] do not clearly identify the entity invoking the ad request,” says Singh. “This makes it very difficult to identify if the ad request is from a legitimate adtech partner. Ads.cert 2.0 solves this problem by creating a standard way for any client of a server-to-server request to authenticate itself with the server it’s calling. The solution does this in a way that’s compatible with existing ad interaction web services. Adding this form of security will significantly reduce the risk of having a fraudulent server-to-server ad integration evade detection.”

IAB is recommending that all SSAI providers implement ‘Authenticated Connections’ and advises that both buyers and sellers should require this type of protocol for all CTV media transactions.

Ads.cert 2.0, which will roll out to advertisers and publishers beginning today, is the newest evolution of IAB’s ads.cert standard, which was introduced in 2018. By integrating cryptographic bid requests, ads.cert added a new layer of security to the prior ads.txt framework, which was IAB’s first widely-adopted tool for improving transparency into the programmatic ad transaction pipeline.

“As an industry, we must move quickly in adopting tools that help safeguard all inventory and advertising investments,” said Rob Hazan, senior director of product, index exchange and co-chair of the IAB Tech Lab Security Foundations Working Group, per a statement released today. “Standards like the ads.cert 2.0 provide a common framework and open-source tools to combat the increasingly frequent ad fraud attempts we’re seeing in CTV, and are a critical component in securing the programmatic supply chain.”

The new framework could also help IAB itself continue its revenue hot streak. In April, the company reported that revenue from its programmatic offerings jumped nearly 25% in 2020.

For more, sign up for The Drum’s daily US newsletter here.

Digital Transformation Ad Spend Adtech

More from Digital Transformation

View all


Industry insights

View all
Add your own content +