Following a recent burst of stories about the widespread incidence of fraud in online advertising and the pervasiveness of adbots inflating traffic numbers, the industry is now working to take action.
Indeed, marketers, agencies, and publishers all are stepping up their efforts to get a clear handle on the incidence of advertising fraud, and to put into place audit and verification efforts to foil bots, click-farms, and other fraudulent traffic.
“People really want to understand what’s going on out there,” said Timur Yarnall, CEO of media security platform MdotLabs, in an interview with CMO.com. The marketing industry has been aware of ad fraud for a while, but the concept began to gain broader acceptance toward the end of 2013. A number of companies also have received startup financing and started to compete in the verification stakes.
Brad Rinklin, CMO of Akamai, noted the company’s fastest-growing solutions family is cloud technology, which houses its IP intelligence and fraud protection technology. It’s not just useful for advertisers, but also for ticket sales and Web sites offering reservations, to keep bots from scraping up the inventory, he told CMO.com.
Akamai uses its technology to police its own online ad buys and check for valid users, Rinklin said. The company offers a service that will stop an ad from displaying if the site fails to meet a valid-user threshold. The user score is derived from all the Web traffic the network services and analyzes, Rinklin said.
“From those trillion clicks a day, we know all the traffic patterns of a particular IP address, and we can make a very scientific decision … and can tell that IP address is a human, not a bot,” he said. “The marketing department has to be able to root out and snuff out that sort of thing.”
While marketers and vendors still debate who has the ultimate responsibility to stop fraud, they are increasingly sharing their concerns. They note the difficulty in spotting adbot traffic that masquerades as human Web users—often cloning the browsing habits of real people—means they will have to cooperate to find solutions and head off the fraudsters.
“Everybody has a vested interest,” said Tom Salkowsky, department head of marketing at Mini USA. “The brand wants to ensure the numbers are authentic. Your agency partner wants to ensure that what they’re delivering is what was presented to us, the brand. And the media channel wants to ensure its authenticity and credibility [so it can say], ‘If you invest this in our property, you’re going to get that deliverable, and they’re real people; they’re not these automated clicks.’”
Salkowsky noted that for a brand such as Mini, which has a smaller budget than other carmakers, the authenticity of those online media buys is particularly important. “We don’t have as many dollars as our competitors do, so when we spend one, it needs to feel like $5,” he told CMO.com.
Competition among verification services has increased as more instances surface about a large share of audience numbers online coming from nonhuman sources.
“We’ve seen a lot of increased interest. We’ve had prospective customers reaching out aggressively,” MdotLabs’ Yarnall said. The Madison, Wisc.-based company works with publishers, advertisers, and agencies to track down ad impression fraud. In addition, it recently launched a publisher certification program that verifies a site’s traffic has been screened against bots and other fake traffic.
Yarnall said he estimates 20 percent to 30 percent of ads sold via major exchanges are waste, either via adbots or other nonhuman sources. That could total $30 billion annually worldwide, including about half of display ads. Seeing numbers like those thrown around has moved industry players to action, he said.
Estimates of the rate of fraudulent traffic vary widely—anywhere from 10 percent to 75 percent, as noted in a recent CMO.com feature. The Association of National Advertisers (ANA) recently announced a study to gauge the incidence of fraudulent traffic online and get a better view of the typical types of fraud, as well as which kinds of vehicles may be more vulnerable and the possibility of seasonal fluctuations in the incidence of fraud.
“What we’re doing is rallying the industry—rallying our members to not only raise awareness of this issue, but to have the advertisers have a larger role in addressing the solution,” said Bill Duggan, group executive VP of the ANA. “It’s not a role advertisers can play on their own. But they should play a role.”
The bulk of the study will be done this month, with the results expected to be released in the fall, said Michael Tiffany, CEO of White Ops, the verification company gathering the data of the ANA’s study.
“It’s natural for clients to say, ‘This is why I hired my agency,’ or the agency to say, ‘The publisher needs to fix that.’ While those are true, it’s the client’s money, and the client needs to play a larger role,” Duggan told CMO.com. Publishers have an interest, too, he added: “Longer term, it just taints the media.”
Adbots are meant to behave like real people, and often clone the profiles of real Web users, so they can be very tricky to spot.
“It’s not that X percent of every dollar is getting stolen—it’s that 100 percent of some dollars are getting stolen, and you can’t tell which one it is,” Tiffany said. “Everyone was thinking that it was in the fringes, and you know how to avoid it. [They thought], ‘It doesn’t happen to me because I’m a premium advertiser, and I buy from a premium advertising agency.’”
But there are some tip-offs to spot bots and other types of fraud, experts said. According to Yarnall, one tell is an IP address that repeats in large numbers in a short period of time (for example, 20 impressions per second) or a large bulk of traffic coming through a single VPN, which can be used to mask the identity and location of the user. MdotLabs has developed a series of standards to steer buyers away from potential trouble spots.
Some practices make efforts more vulnerable, experts also said. Tiffany noted that pages with many clickable parts are a tempting target because each click adds to the traffic numbers.
The constant drive for lower rates and more inexpensive buys is spurring a lot of the fraud, too, Yarnall said. Buying anonymous ad inventory via a programmatic exchange puts the campaign at higher risk, he said.
“If your boss tells you get something done for five cents instead of 25 cents ... it’s not your fault if the thing breaks,” he said.
But while advertisers can sometimes spot signs that their traffic is not altogether legit, fraudsters are on a constant learning curve, improving their operations every time they are caught and blocked. Spotting some scams can give advertisers a false sense of success because even as the defenses catch some, other fraudsters are learning, Tiffany explained.
“When you succeed at these kinds of operations, you make massive profits. So there’s a huge incentive to reverse-engineer what the good guys came up with,” Tiffany said. “You have your bag of tricks, and it’s finding fraud, but over time the bad guys have figured out what you’re up to.”
It’s a constant arms race, Tiffany said. He explained that White Ops changes the code it uses in its bot-detection efforts regularly to make it more difficult and expensive for fraudsters to reverse-engineer and bypass its authentication tools. It may not be impossible to create bots that can go undetected, but the expense takes away the financial incentive for the fraudsters.
Just as consumers are constantly watching for phishing and other frauds online, marketers and publishers should assume their efforts are constantly under attack from fraudsters with adbots and other scams, experts said.
“The bot guys don’t get together and share notes, so there’s a large number of different operations of differing levels of sophistication,” Tiffany said. “The guys making the big numbers are the ones who haven’t gotten caught, and they’re the ones reaching the premium advertisers because they’re good at hiding in the noise.”
To win the arms race against the fraudsters will require an effort coming from all parties involved, including agencies and marketers. The industry will need some common standards for authenticating traffic and share information about scammers, Tiffany said. “It’s going to have to take a coordinated way of working together throughout the ecosystem,” he added. “It’s going to have to be a trust supply chain.”
If the industry as a whole becomes able to communicate and have standards, it will begin to develop the massive databases it needs to attack the issue, Yarnall said. “Scammers are smart, but they’re not unbeatable,” he said. “If we communicate better on the security side, we can catch a lot.”
Mercedes M. Cardona, CMO.com. August 18, 2014
Copyright © 2009-2014. Adobe Systems Incorporated. All rights reserved.