Ad fraud can’t be dismissed as a minor issue or incidental drawback. This is the dark secret of the digital marketing industry. For a cash-strapped startup, fraudulent clicks could potentially consume a limited budget, killing the entire business before it even gets off the ground. In this way, ad fraud is directly constraining innovation and economic growth.
Estimates vary, but one report determined that approximately $16.4 billion was lost to online advertising fraud in 2017. Blockchain technology could prove to be a viable solution in the near future. By using a trustworthy ledger, advertisers might be able to audit the performance of their ads and bring transparency to a convoluted process.
But will that be enough? Many efforts have been made to eliminate ad fraud, but it keeps coming back. It’s like the “not quite dead” movie trope, in which a villain appears to have been defeated, but then there’s the subtle twitch of a finger among the rubble. Before you know it, the nemesis comes roaring back to life, charging toward the hero, madder than ever.
Ad fraud is formidable. For years, the industry has floated around a figure that one-third of all clicks could be fraudulent. In so doing, they’re ignoring an Oxford BioChronometrics study indicating that between 88% and 98% of digital ad engagement could be fraudulent. The World Federation of Advertisers (WFA) says that ad fraud is “second only to the drugs trade as a source of income for organized crime” and warns that any programmatic buy is vulnerable to ad fraud.
Experts all agree that an intricate chess game is in-progress. Technological solutions are swiftly greeted by aggressive countermoves.
Rich Kahn, CEO and Co-Founder of eZanga.com and ad fraud filtration tool Anura.io, said, “The problem is for every advancement we make, the fraudsters do the same. For instance, machine learning can be used to help identify new fraud threats, but fraudsters can use it to sidestep their way against being caught.”
The fraudsters are even exploiting consumers’ desire for privacy protections. Kahn said, “With mobile devices, ad fraud organizations used to be able to gather unique identification codes for cell phones to help gather data information about a particular device. However, with the desire for increased personal privacy, those codes were no longer made available, making it easier for fraudsters to perpetuate fraud on mobile devices.”
Upon hearing that at least one-third of ad traffic is fraudulent, a business could understandably feel tempted to abstain from a digital marketing spend altogether. When asked what he would say to convince these businesses otherwise, Kahn replied, “Two-thirds of that is good traffic, and the most amazing thing happens when you don’t market — nothing.”
Stefan Benndorf, COO and Managing Director at AppLift, agreed that fraudsters are constantly updating their techniques. He compared them to chameleons, blending in to run unnoticed.
“Shareholders and C-level executives realized they were investing huge amounts in marketing, but they were not necessarily getting the returns expected from their newly acquired user,” Benndorf said. “At that moment, advertisers started sharing post-install data with networks more systematically.”
He then revealed the extent to which these fraudsters are willing to go. For advertising clients, the fraudsters’ relentless commitment to the scam might be somewhat unnerving.
Benndorf explained, “Simple bots and farms that were not able to replicate post-install behavior quickly became less relevant for fraudsters — they were getting flagged easily by advertisers and networks. Fraudsters, then, had to develop more sophisticated mechanisms to replicate real user behavior, by having their bots or farms engage with the app, even to a level where small in-app purchases were made. These bots and farms are identified most of the time now, since their user behavior replication is never perfect.”
Benndorf said that advertisers can minimize risks by working closely with ad networks, publishers, and attribution partners. He said that the industry is becoming better informed about the scope and complexities of ad fraud. His company, AppLift, fights fraud with a combination of statistical modelling, data evaluation, and human experience.
Some people may be skeptical that an end to the problem is in sight, given the massive amounts of money already stolen by fraudsters. The coding of bots isn’t visually dramatic, but if it was, it would make for the ultimate “Ocean’s Eleven”-style heist movie.
Rich Kahn explained, “If a basic bot came along and went straight to clicking on ads, it’s going to get caught — it’s too predictable, it has a pattern and it’s very easy to spot. Now, say the basic bot is trained to go under the radar. This bot is programmed to pretend it is a real person, generating a history and creating a profile for itself. This bot goes out and does a search on a search engine, say for ‘health,’ and clicks on a few pages, viewing both organic and paid content. It behaves very much how you or I would if we were looking for information online. This bot is building its history to appear as a real person. It will ‘surf’ the web, possibly during the normal 9-5 time frame (it’s an East Coast bot), viewing content that fits a pretty good social profile built around that vertical.”
This careful behavior is just a precursor to malicious activity. Kahn continued, “Once this history is sufficient, the bot will then spend a short amount of time targeting ads where the bot owner would get paid, and clicks on these ads. The bot here is creating click fraud and this will evade most fraud detection companies because, remember, the bot has built up history to appear to be a real person. Once the bot completes its money-making opportunity, it shuts down, recycles, and starts all over again. Because this is really a program that is running, it is highly scalable. That one little bot could spawn thousands upon thousands of bots in the cloud. Now imagine if you do this across multiple providers.”
Fraudsters don’t limit their efforts to bots that mimic human behavior. They also pursue their objectives through botnets — an array of infected servers and devices that are hijacked to do the fraudsters’ bidding. Fortunately, the forces of good are catching up. New enterprise software is able to analyze data-in-motion, detecting some incidents of fraud and preventing it in real-time.
Oya Yaşayan, a programmatic media expert, pointed out that multiple parties have a vested interest in maintaining the status quo. She argued that the ad industry periodically talks about fighting ad fraud, but little progress has been made.
“Fighting fraud costs money, and every company in the ecosystem wins from it,” she said. “How? If the campaign traffic is high, ad exchanges get a percentage of a bigger volume, buying platforms look better, media agencies can bring those great results to clients, and clients can brag about them. Detecting and eliminating fraudulent traffic from the campaign traffic, on the other hand, means higher media prices and lower views and clicks. So, why bother?”
Yaşayan believes that when these big players feign ignorance, they choose not to see the real value of online advertising: creating measurable business results.
“Instead of leading the industry towards performance-based advertising, they tried to show views and clicks as important KPIs. Because everyone loves easy success,” she explained.
To ensure that the full benefits of digital marketing are achieved, precautions must be taken, systems must constantly evolve, and performance metrics should be viewed in a new light.
Yaşayan said, “The client should abandon low CPMs and CPCs as the criteria of their inventory selection decision. They should focus on actual measurable business results: sales conversions, email sign ups, loyalty program applications. These KPIs are the main force field of online advertising.”