Fighting Ad Fraud And The Flawed Value Chain

GlobalDots

25th October, 2017 7 Min read

We’re living in an age of digital hyper-growth. Billions are being invested in cloud technologies, crowdsourcing platforms are disrupting industries, AI and machine learning are slowly eradicating jobs… The digital sector is growing and has no intentions to stop.

The world wide web is the glue that keeps it all together. It’s where most of the communication has shifted to, and where most of the attention currently resides. And where there are eyes there will be ads.

Reduce your AWS costs by over 50%

Discover your Cloud Saving Potential – Answer just 5 simple questions. AppsFlyer, Playtika, Lufthansa, IBM, top leading companies are already using our FinOps services.

So many eyes are on the internet that in 2017 the internet advertising spend is set to surpass traditional TV ad spend (market numbers are yet to prove it). Since the first internet ad back in 1994, the online advertising industry kept growing and improving. Statista predicts that $229.25 billion is going to be spent on online advertising in 2017, with the numbers expected to grow to $335.5 billion by 2020.

Tweet this: Ad fraud could cost brands over $16 bn globally in 2017

However, where there is a lot of money to be made, nefarious acts are sure to crop up. With ad spend growing, fraudsters sure have a huge field to play in. According to some estimates, ad fraud could cost brands over $16 billion globally in 2017.

What Classifies as Ad Fraud

There’s a lot of confusion around the actual definition of ad fraud. It is often described as a blanket definition of being simply nonhuman traffic (bots).

While bots certainly hold most of the fraudulent traffic and subsequent media coverage, it is not the only way ad frauds are executed. A significant portion of fraud is actually human traffic.

That said, a bigger picture of the ad fraud landscape shows there’s more to it than just bots. At least one of the next characteristics has to be valid in order to qualify as ad fraud:

• Nonhuman traffic
• 0% viewability
• Deliberate misrepresentation

Nonhuman traffic is used to generate fake impressions and clicks, mainly through bot activity. Fraudsters are often able to fake form subscriptions, appearing as legitimate conversions. Bots can be misused in many ways – from simple bots to advanced sophisticated bots to massive botnets.

Image Source

Tweet this: Both human and nonhuman traffic is used to execute ad fraud

Human traffic, on the other hand, is perhaps more complicated and harder to detect as end users are in fact real while their activities are fraudulent. From click farms to ad injections, ad stacking, domain spoofing, buying fake traffic, and other, the human component is constantly learning new ways to elude fraud detection, automate its activities and scale them to ultimately drain advertising budgets from honest marketers.

Types of Ad Fraud

1. Search Ad Fraud (CPC) – one of the top areas where ad money is being lost. Involves building fake sites around expensive keywords to attract advertisers. The owner of the fake site then uses bots to generate false clicks on ads and generate revenue.
2. Affiliate Ad Fraud (CPA) – aka “cookie stuffing”, aims for affiliate commissions. Fraudsters use bots to generate traffic on affiliate sites and then use cookies to track it. If then legitimate traffic converts and makes a purchase, the fraudster siphons commission money intended for affiliates.
3. Pixel Stuffing and Ad Stacking (CPM) – Ad stacking is when ads are literally stacked on top of each other on a web page, with only the top ad showing. When users visit that page, an impression is counted for each of the ads and all the advertisers are charged, even though only one was displayed. Pixel stuffing is similar. Ads are stuffed into the pixels of the page, so they’re technically still there when a page loads but they’re impossible to see, while advertisers still get charged for them.
4. Ad Injection (CPM) – ads injected on pages by a small piece of malware installed by users (toolbars, extensions and similar). Besides occupying unpaid ad space, they damage site’s reputation, slow it down and devalue the site.
5. Traffic Fraud (CPM) – this one originates with publishers. In order to increase the traffic and therefore the price they can demand, publishers acquire low-quality traffic (or fake), usually from unvetted third-party sites.
6. Domain Spoofing (CPM) –  is one of the most lucrative fraud methods. It only takes a single line of code to become a victim. Fraudsters use it to change the URL of their sites and copy the URL of a more reputable site. They then sell ad space on it at a discount to appear like a great deal for premium ad space.
7. Lead Fraud (CPL) – it can originate from humans and bots. Human traffic is usually a result of publishers buying traffic for their site, usually through “work-from-home” schemes where people interact on sites that buy traffic. Bot traffic used to be easy to detect, but they’ve evolved. Now, they can mimic human movement, generate false ad impressions, and even fill out forms.
8. Retargeting Fraud (CPL) – is similar to lead fraud. Bots can be programmed to appear like ideal consumers in order to trigger a retargeting campaign.

 Image Source

Tweet this: Here are 8 main types of ad fraud

The Impact of Ad Fraud on Businesses

Now that we covered the numbers, the specifics and the types of ad fraud, it’s worth mentioning the impact that ad fraud has on online business efforts:

• Skewed data – analytic data will be incorrect at best. Marketing departments have then to spend time and personnel to study and clean the data. If neglected, it can deeply affect the bottom line as it leads to misinterpreted information and wrong marketing decisions.
• Increased conversion costs – as ads are implemented to generate leads, when ad fraud is added to the equation, the cost of acquired conversions can end up significantly higher. Ads can appear as unprofitable to run, pushing businesses to eliminate an effective channel due to malicious actors.
• Slower growth – as ad fraud can destroy advertising campaigns, in some occasions it can damage it so much that a business is better off stopping online campaigns altogether. It can harm a business’s growth or even be the end for some.

Just to put things into perspective, in January 2017 a huge ad fraud botnet dubbed Methbot built by Russian cybercriminals was discovered. It managed to soak up between $3 to $5 million in video ad revenue on a daily basis.

Tweet this: Advertising value chain failure: publishers & fraudsters interests are aligned

The Core Problem

Whether it’s from search engines, social networks or content marketing services, all online businesses buy traffic. It simply makes sense to pay to get more visitors to your site. But with publishers, the revenue depends on advertising. If the cost of the traffic is lower than what is earned through advertisements, it’s a sustainable model.

However, if publishers want to boost their revenues, they have to pay less for traffic or generate more revenue from each visit. The latter is much harder to achieve, which is why publishers simply look for cheaper clicks.

This is the core problem, the incentive that fuels fraud in advertising. As publishers look to buy cheap traffic, bad actors are prompt to generate and sell it to them. And it all works fine until it’s undetected.

Fraudsters generate traffic and sell it to a publisher, the ad impressions then flow through the digital advertising ecosystem and slowly siphon money from advertisers. The main flaw is that the fraudulent “human-appearing” traffic gets past detection and brings in revenue for publishers and fraudsters, practically making them accomplices. This is where the digital advertising supply chain fails, and this is the core issue that keeps fueling the ad fraud systems.

Ending Ad Fraud

There are anti-fraud solutions out there that manage to detect bad traffic. Even advertising marketplaces blacklist sites that are spotted to use fraudulent traffic. However, that’s only fixing the symptoms without tackling the source.

To eliminate ad fraud from the ecosystem, a paradigm shift is needed. The incentives that align publishers’ and fraudsters’ interests have to be reinvented. Some media and advertising companies have announced partnerships with anti-fraud vendors.

These partnerships, however, are not a long-term solution as bad actors will adapt to the tests of those who run the underlying verification technologies. It also provides a scapegoat, as publishers will be able to transfer the responsibility onto anti-fraud solution vendors. That kind of partnership doesn’t stop the issue at its source.

Brian O’Kelley, CEO @ AppNexus, suggests a punitive and distributed path for the industry as a whole to tackle the problem at its source:

• Ad tech companies should build their own proprietary anti-fraud solutions
• Verification vendors should make sure that every company in the value chain is eliminating bad traffic
• Immediate cessation of all collaboration with any publisher, network, or exchange that has a non-trivial amount of fraudulent traffic

By following the mentioned steps, O’Kelley claims that every element of the digital advertising value chain would be forced to hold itself accountable for its behavior.

As the world becomes increasingly digital and huge amounts of money are being invested and spent online, we are yet to see how the growing digital ad fraud issue will be tackled. What is certain, is that the current model is not suitable for the long run.

In case you want to learn more about ad fraud and security, you can always talk to one of our in-house GlobalDots experts. They can help you with anything web performance and security related.