Ad fraud: how did we get here and where to now?

Written by Sarah Atanasova, Publisher Development Lead at PubGalaxy

Digital ad fraud is an issue that seems to have blown out of proportion. According to the latest report by ANA (Association of National Advertisers) and White Ops, it will cost advertisers a staggering $7.2 billion globally in 2016. What is it that brought about this exponential growth? While it would be difficult to pinpoint a single root cause of the problem, looking into the roles of different stakeholders, as well as advice from various authorities in the field, could allow for better understanding and prevention.

What are we fighting against?

In the industry, ad fraud is widely defined as the intentional attempt to serve ads that have no potential to be viewed by a human. It now encompasses actions affecting all ad campaigns: CPM, CPC, CPL, CPA, retargeting.

First, there’s impression fraud. It could involve ad stuffing (ads hidden into a non-viewable 1x1 pixel) or stacking (multiple layers of ads, with only the top ad visible). It could also mean botnet traffic or even sites, created with this sole purpose of generating fake impressions. In fact, operators of fraudulent sites may serve pop-under ads that act as browsers that load other sites. Secondly, bots can mimic human click activity, affecting CPC-based campaigns. In CPA, there’s taking unjustified credit for a sale or overriding cookies to receive an affiliate commission. Or, scammers may hijack a browser and change what it displays on the web.

What (or who) is to blame?

There are several types of actions - and inactions, which have led to the ad fraud status quo. Firstly, ad fraud is not exactly illegal, on the contrary, it’s a low-risk, high-profit endeavor. Quite logically, the ANA/White Ops report indicates that the higher the payoffs, the higher the levels of fraud (for example, in video media with CPMs over $15). Furthermore, it appears that the improper things are incentivized. The CPM model rewards volume and many businesses operate on a revenue share, prompting publishers to take shady measures to achieve scale and other stakeholders to look the other way. Thirdly, it seems that all the finger-pointing and witch-hunting distracts from the real issue and hinders the implementation of all-around measures.

The spider web has all stakeholders entangled. Publishers may engage in fraudulent traffic acquisition intentionally or accidentally, usually in the shape of “audience development.”, aiming to reach the scale mentioned above. Some argue that fraud is caused by the sell-side failing to police its inventory well enough. For example, with Google AdX’s “after-the-fact” filtration, while Google doesn’t charge advertisers for automated impressions, the ads are still served, affecting the buyer’s optimization efforts and spend control. With SSPs, some may actually not question the upstream traffic sources of their publishers. Others might choose to turn a blind eye, or might simply not be aware. For others though, it’s a responsibility of the buy-side, who have

been measuring campaign success using the wrong KPIs. For instance, for CPC/CPA campaigns, fraudulent channels can perform very well, as they achieve high CTR and last-touch credit, so marketers actually increase their budgets for that channel.

All of this poses a great threat to the entire industry, leading to loss of credibility and making it hard to steal budgets away from print, TV, and radio. Unless this is acted upon, the ad tech industry itself might fall victim to ad fraud. How can it be prevented?

Тhere are generally three points to consider in fraud detection: did a real person see the ad (fraud prevention); did they have a chance to see the ad (viewability); and did the ad run where it was supposed to (verification). The truth is, there is no single measure, indicator, or actor who can resolve the issue. It would take a mix of many processes.

Publishers should be the first line of defense. Bot traffic is not limited to fraudulent publishers, as the Chameleon botnet demonstrated a few years ago. Thus, publishers should use tools to proactively monitor their own traffic sources to make sure they’re not facilitating fraud. Black lists can also help, although some fear they actually make matters worse, prompting fraudsters to register new domains. The sell-side, e.g. exchanges and SSPs, should use technology that verifies an impression before it’s even offered to an advertiser to guarantee authenticity.

On the other hand, DSPs should also proactively monitor and block low-quality inventory. Likewise, brands could enable pre-bid technology, based on historic evidence and predictive indicators, to monitor each individual ad call. They should ask media agencies for thorough reports, while employing technologies to verify the figures. Moreover, all agreements must request transparency for sourced traffic and cover the non-payment of bot impressions. In fact, some suggest that the responsibility rests with buyers to set the tone, as suppliers will adjust to their demands - that they should require clean advertising, measure by using the right KPIs, and ultimately reward sellers that comply.

Finally, users can also play a part in preventing ad fraud. The ANA/WhiteOps study found that two-thirds of sophisticated bot traffic comes from residential IP addresses. Freshly infected computers are a particular threat, as they haven’t been flagged. Computer users can counteract by keeping everything up-to-date, including browser versions, and using security software to fight malware locally.

Final words

It’s an industry-wide challenge to drive the changes necessary to limit ad fraud. Instead of pointing fingers, all stakeholders can do their part in making sure that advertising budgets are spent adequately, no illegitimate behavior is incentivized, digital advertising maintains its credibility as a channel, and last but not least, end users are happy.

Get The Drum Newsletter

Build your marketing knowledge by choosing from daily news bulletins or a weekly special.