Understanding Digital Ad Fraud: 7 Commonly Asked Questions Answered
Despite industry initiatives to address it, ad fraud is still a massive issue.
In fact, costs of ad fraud are expected to soar to $19 billion by the end of 2018, which means all players in the digital advertising ecosystem need to be proactive against it.
We want to help you gain a better understanding of the digital media landscape in general, and ad fraud in specific, so we sat down with Rich Kahn, the CEO and co-founder of eZanga and Anura.io, who helped break down the fundamentals of ad fraud by sharing his insights and answers into 7 commonly asked questions:
1. Are there different types of ad fraud? What are the differences?
There are many different types of ad fraud, some more popular than others. Here are some of the many ways fraud is created:
Click Fraud - One of the most common types of fraud, click fraud ranges from bots or malware to human click farms clicking on ads. It’s used to create fake impressions, to make an ad look like it has more traffic than it really does, and to drain the budgets of unsuspecting advertisers.
Search Ad Fraud - Fraudsters use keyword stuffing to make their phony websites appear higher on search engine results. Advertisers then buy ads on these fake sites with the false hope that their ads will be seen.
Ad Stacking - A very popular method of ad fraud, multiple ads are stacked on top of each other in one ad space. Only the top ad is seen by the user, but the impression for each ad is registered.
Domain Spoofing - Fraudsters misrepresent themselves by making traffic appear as if it is coming from one domain when it is really coming from a different location. The spoofed site is usually a recognizable, mainstream site, therefore they’ll let the traffic pass through, unaware of the fact that it is a spoofed domain.
Pixel Stuffing - Hiding a display unit in a one-by-one pixel, these ads are not visible to the human eye but do still register impressions as if there was traffic on their page.
Off-Screen - An ad is served but appears off screen which is not visible to the user.
Human Fraud - Forms are filled out by actual humans with real information, bypassing all of TCPA checks and basic filters. The information provided on the forms is stolen, meaning the recipient of the call resulting from the form-fill is unaware their information has been used. This leads to TCPA compliance issues, negative brand exposure, and wasted ad spend.
eCommerce Fraud - Very closely aligned with human fraud, stolen credit card information is used on fraudulent transactions. If an affiliate marketer is the person driving the eCommerce fraud, they may have been paid for the transaction long before a chargeback on that transaction is created.
Video Fraud - This happens when an ad unit is displayed to a video and is typically being shown to bots or malware.
Install Fraud on Mobile Applications - Using a variety of spoofing tools, apps look like they are being installed on real devices when they are not.
Landing Page Scraping - Many business landing pages contain a phone number to get in contact with the business and will judge the quality of a campaign by the traffic driven to that page and the number of phone calls received. Human fraud farms, scraping tools, and avatars have all been used on campaigns like these to generate a phone call, just long enough to register the call as a good call for payment, and then quickly disconnect.
There are many other forms of ad fraud but these are the most common we hear of from a number of clients.
2. What’s the biggest misconception about brand safety?
The biggest misconception about brand safety is that brand safety means the same to everyone. Brand safety is different for every company - what is deemed brand safe for Sprite, may not be for Disney. What is brand safe for Playboy may not be brand safe for Guns and Ammo. Everyone has a different meaning of brand safety for their brand, so there can be no one blanket statement about what is and is not considered brand safe.
Another aspect of brand safety which is important to explore is how fraud can make your brand susceptible to concerns over your brand. For instance, if you are an insurance company acquiring leads, you are likely going to have some fraud on your lead generation forms. The details are accurate, but the person submitting the form is doing so with malice. When the brand contacts the person indicated on the form, and they have no idea who you are or how you got their information, that makes the person question the brand and their intent. This, too, can be a cause for concern as it puts a negative connotation with your brand. Imagine making this mistake millions of times a year, how it can negatively impact a brand.
Brand safety cannot be considered a one size fits all for everyone.
3. What are some ways that publishers are trying to prevent ad fraud?
Publishers are using different third-party tools to prevent ad fraud. Some use pre-bid tools to ensure the traffic they are generally getting is clean initially. This gets rid of the obvious stuff. Where publishers fall short is not using a tool to help capture more sophisticated fraud as most sophisticated fraud will get past a pre-bid tool.
Publishers also are using backend analytics to identify pockets or hot spots of fraud within their network to isolate or eliminate those overtime.
An ideal combination for publishers is to use a real-time solution on the front end as the traffic is coming in to get rid of the obvious stuff, more sophisticated tools to get rid of the heavier stuff down the pipe, and an analytics tool to prevent certain pockets from entering your network right out of the gate.
4. What’s one thing you think media sellers should be doing differently?
If you are selling media, you make money on volume. But, on the other hand, your model is threatened as fraud starts to take over your network. Left unchecked, fraud will grow knowing it isn’t being monitored effectively. Fraud has an interesting way of trying to find ways around systems to grow. If you are selling inventory, you need to know where the fraud is coming from and nip it in the bud as fast as possible as to not become a bigger problem.
Media sellers cannot get complacent. Even if a tool, or multiple tools are in place, media sellers need to consistently test new tools just to see what other tools are saying. If you have the option to test alternative tools, do so to ensure the quality of the tools you are using. You do not owe any loyalty to your toolset, you owe loyalty to your clients by ensuring the tools you use are best for your organization.
5. The IAB recently released the IAB Advertising Quality Measurement Buyer’s Guide, which highlights that advertisers should expect their ads to be: (1) viewable, (2) displayed next to brand-appropriate content and (3) fraud-free. These are being referred to as Ad Quality Metrics. Do you think these are the right metrics? If yes, why? If no, what do you think is missing?
In a broad scope, yes - viewable, next to brand appropriate content seen by real people (e.g. fraud-free) is ideal. While the broad definition of the Ad Quality Metrics makes sense, it’s subject to leniency.
Viewability makes sense as it is based on something that we all agree on, “I want my ad to be seen.” But we still need a better definition of “viewability,” which most people are unaware. 50% of the pixels being in view for one second isn’t nearly long enough for most people to not only take in the message but to also decipher the meaning of the message. We know it takes the human eye a quarter of a second to focus on an object and about a half a second to recognize what it sees, leaving you with about a quarter of a second to absorb the message given in half of an ad. Is that acceptable to the advertiser? Probably not.
Brand-appropriate content is ambiguous. As with brand safety, who defines brand-appropriate content when each brand has a different take on what is and is not appropriate? What is a good standard for one brand, may be a poor standard to another brand. Even if you say no “Violent Content”...who defines what level of violence? Is it machine learning? AI? Or a person? All three are capable of making mistakes. So, what level is acceptable and who is monitoring it and is that monitor capable of making mistakes? The list goes on and on… So, it’s not so black and white as one would think, is it?
Fraud-free is ideal, and I am glad it is included, but it is still lacking in its definition and will still be subject to fraud if all that is looked at is the TAG standards. According to the Ad Quality Metrics, the IAB is pointing to a TAG standard of IVT, which is just your general assignment of invalid traffic and is not a strong enough definition when it comes to sophisticated fraud attacks. For instance, human fraud farms do not fall into a category of IVT, it pretty much falls into a category of its own well beyond SIVT. Human fraud farms get past most fraud detection companies that are IVT/SIVT certified, which just goes to prove; human fraud farms are in a category unto themselves.
Very generic terms are being used to confirm the advertising quality details of campaigns. For example, the IAB Advertising Quality Measurement Checklist mentions to “map your definitions of fraud to your vendors’ fraud filters [using] blacklist vs. whitelist [and] blocking vs. monitoring.” These are very generic terms on how to block fraudulent traffic. An IP address alone is a very poor way of blocking, unless of course it belongs to a data center. Behind each IP address can be multiple devices and behind each device can be multiple users. You should never block a source or site, unless it is 100% fraudulent and that is rare. Rather you should be blocking fraudulent users on those particular sources or sites. This is very different from the current wholesale approach of eliminating it all.
The current categorization of IVT and SIVT is really just a way of grouping items together to keep it tidy and neat. I understand why it is done. It gives a way to see if companies are following some basic rules that fall into these categories. However, it doesn’t answer the question of real fraud attacks - these attacks aren’t always going to fall into a nice, neat category. Currently, there are several different types of fraud that don’t fit into these categories and are being missed by most fraud vendors. I don’t feel the categorization of IVT and SIVT makes sense and if this is our only reliance for ‘fraud-free’ with the Ad Quality Metrics, it will continue to be un-achievable.
6. Viewability or Fraud: Marketers are split on which is the bigger issue. What’s your opinion?
Very simple - marketers should be focused on fraud. Viewability is a vanity metric that has some truth behind it but by definition is a bogus metric. By its own definition, 50% of your content is in view for one second (two seconds for video). If I take a banner and cut it in half and show you that banner, will you understand the message?
For example, here is more than 50% of an ad of a popular brand (Partial Ad). Do you recognize the brand? Don’t cheat, you only get one second. With this ad, feel free to take longer; unless you have seen it before, it probably won’t help. Give up? Here is the full ad.
It's not enough to get your messaging across. And as an advertiser, that’s not what I am looking to pay for. It takes on average 250 milliseconds for someone to focus on an object and another 500 milliseconds for the brain to recognize what it is seeing. That gives you a quarter of a second to get your half of your message across. That’s not going to get the job done.
Making sure you have “a real person in front of the content” is the most important issue to focus on. Viewability was built on a good premise but a weak definition has lead to poor execution. To ensure fraud is off your network and you are removing all fraudulent users, you need to look at real measurable metrics. Track your backend true performance. If a performance campaign is doing well, it’s likely the branding campaign will be, too.
7. What terms and definitions do you think are most important to understanding ad quality and measurement from a holistic perspective?
We need to come up with better definitions for what people are looking for when understanding fraud. The most important measurement to know is that content is being placed in front of a real person with genuine intent. Getting to that standard in some fashion is what needs to happen across the industry.
This comes down to true performance. And by performance I don’t mean that someone filled out a form or that someone actually completed a shopping cart transaction, but rather that transaction was a real transaction that didn’t get charged back later on. The form was filled out and validated that the intent was there. That is a true validated performance metric, not the ones that are called back later as a fraudulent transaction.
If you get a “real person in front of your content” it will bring the true performance, which is the single most important metric someone needs to understand.
About the Author:
Rich Kahn is the Co-Founder and CEO of Anura.io, an ad fraud solution that monitors traffic to identify real users versus bots, malware, and human fraud. Anura is the culmination of more than a decade of fraud detection efforts within digital marketing firm eZanga.com, which Rich also co-founded and owns. Previously, Rich held management roles at Verizon Wireless and Bloomberg, before starting his own internet service provider, First Street Corporation. He co-founded Paid for Surf, an advertising software company, and was the COO of the pay per click advertising network AdOrigin. Rich is considered an industry expert, having over 25 years global experience with internet technology, digital advertising, ad fraud management and elimination.