Publisher’s Guide to Ad Fraud Prevention in 2017

Some of the biggest advertisers and brands are spooked by the sophistication of fraud and the entire media supply chain’s apparent inability to eliminate it.

Criminals prey on big money, especially in inefficient, non-transparent systems with many touches, low or no accountability, and poor measurement. (For them,) Digital media is THE perfect place to hunt.

That was Marc Pritchard (of Proctor & Gamble), speaking on what his company intended to do about it at IAB ALM 2017. He revealed their 4-step action plan, in which P&G decided to only do business with digital media entities that have gotten certified against fraud from TAG in 2017.

On a similar note, all of La Quinta Inns & Suites’ 2015 insertion orders specified that the brand will only pay for human traffic.

Methbot drove it home: By Q3 of 2016, a previously low-volume bot signature that WhiteOps had been tracking since a year had scaled beyond anything seen in history—reaching as many as 137 million impressions per day, and expanding to almost five billion daily bid requests across multiple platforms.

Image Source – WhiteOps’ Methbot Report

As if that wasn’t bad enough, the bot was also mutating, adapting itself daily to

continue evasion from fraud-detection and viewability-measurement technologies, all the while fabricating high-value video inventory on PMPs (which was previously deemed near-impervious to fraud).

Who would be surprised, then, that up to a quarter of all digital media spend is lost to fraud.

And while ad fraud is terrible for advertisers and brands, we would make a case that it’s just as bad, if not worse, for publishers.

Publishers lose money, and worse, lose data integrity  and credibility of their brand in the process. Methbot spoofed premium publisher domains (to “hijack the brand power of prestigious publishers”) and then supplied fake audiences (advanced bot behavior complete with browser sessions, mouse movements, geolocation data, and social logins to make it look like real people) to the fabricated inventory.

This allowed the operation to leach off millions of dollars of advertiser’s money every day, and also compromised, perhaps forever, the digital identity and authentic audience data of real publishers; the ones who invest heavily on differentiated, well-proofed content, and additional resources on top of it to monetize that content efficiently via semi-automated programmatic deals.

Anthony Hitchings, Digital Advertising Operations Director, FT.com told their site’s  domain-spoofing story in an op-ed published on DoubleClick:

A high-profile agency for a bank approached the FT about buying some home page roadblocks. During discussions they mentioned that previous roadblocks for the client had under-performed. Our records showed no recent spend from this particular client. It turned out they had purchased two home page roadblocks programmatically and not one single impression had appeared on FT.com as they were purchasing fraudulent inventory on open exchanges rather than via FT managed private marketplaces.

Data is the new currency. And fraud ruins it for publishers:

Every time a perpetrator fakes a domain, the market is hit with fake metrics. That dilutes a publisher’s brand in the industry as advertisers and platforms see a mix of metrics that don’t accurately represent a publisher’s inventory.

— Manny Puentes, CEO of Rebel AI (Source)

TAG (Trustworthy Accountability Group) assembled 170 of its anti-fraud executives for a debrief on the Methbot findings. 100 inaugural ad tech companies were awarded Certified Against Fraud seal in compliance of TAG’s Certified Against Fraud Program (set of anti-fraud guidelines and tools) for buyers, vendors, direct sellers, and other ad tech intermediaries for doing their part:

Image Source: TAGtoday.net

By the end of 2017, most major advertisers (like Pritchard) would be spending their advertising dollars on publishers (and ad tech companies) who have shown themselves to be committed to fighting ad fraud.

The value of having a clean site is only going to go up if advertisers demand to pay only for human traffic.

— Sarah Sluis (Source)

It takes an entire village to eliminate fraud: Agencies, networks, exchanges, and vendors, before buyers and sellers even come into the picture.

Apart from checking vendor seals, some things publishers can do for ad fraud prevention are:

1. Monitoring Sourced Traffic

Monitor and know your sources, and share this knowledge with buyers and exchanges. However, if you’re really serious about fraud, look to eliminate traffic from third-party sources, which is known to be three times more likely to contain bots than unsourced traffic.

Image Source: ANA/WhiteOps 2015 Bot Baseline Study

2. Protecting your domain from Ad Injections and Content Scraping

Ad Injections (hidden insertion of ads into an app or a web page without the consent of the publisher) occur when a third party intercepts web content before it’s rendered on user’s browser. The fraud-operator (usually a client-side browser extension or adware program installed on user’s computer) injects ads without publisher consent and gets paid for these unsanctioned impressions.

These injections will defile UX and skew your impression metrics – In their Bot Baseline Study (2015) WhiteOps analyzed a premium publisher and found that ad injectors increased their total impression volume by 6 percent. There’s not much you can do except move your domain to HTTPS and implement malware scanning.

Scraped content may or may not be high up on your priority list, but it does help fraudsters monetize it with ads on a separate domain. Prevent web-scraping with due diligence.

3. Allowing Third-Party Traffic Assessment Tools

Give your buyers some peace of mind by letting them track traffic performance through MRC-accredited third-party traffic assessment and monitoring tools, especially for metrics like viewability, engagement, and bot detection. Maintain billing transparency with advertisers and do not charge for fraudulent impressions (Invalid Traffic). Implement fraud prevention solutions from vendors like comScore and WhiteOps that are certified by TAG and follow MRC IVT guidelines.

4. Focusing on Direct Selling

Direct sold inventory has been known to have lower fraud rates compared to programmatic display/video. For instance, 2015 Bot Baseline Study (by ANA/WhiteOps) found that Direct video ads, where measurable, were 59 percent less likely to have bots than the study average, despite the fact that video inventory gets the highest bot-rates due to high-CPMs. Direct display ads were also 14 percent less likely to have bots than the study average.

Image Source: ANA/WhiteOps 2015 Bot Baseline Study

5. Working with IQG Certified Networks

TAG IQG is a set of guidelines that provide brand safety assurances to marketers – that their ads will not appear next to inappropriate content. Selling your inventory via IQG certified networks and exchanges like AppNexus, OpenX, Sovrn, AOL, Index Exchange, etc. add to your worth as an authentic, brand-safe publisher.

Interestingly, while inconclusive for the industry at large, Index Exchange found that its exchange-wide NHT (Non Human Traffic) rates were lower in header auctions (2%) when compared to tag-based (waterfall) auctions (3%). WhiteOps works on developing and providing fraud prevention solutions that rely on campaign level monitoring, impression level pre-bid blocking, viewability, and NHT detection to ensure a fraud-free environment for media buyers and sellers.

Fraud is ubiquitous: The industry has come to terms with that. But instead of turning a blind eye, advertisers are finally taking a stand against having to waste their ad spend on garbage.

Marc Pritchard was very clear when he said, “We have a media supply chain that’s murky at best and fraudulent at worst.”

It’s up to the ad tech industry, on the whole, to rebuild trust and make it safe for advertisers to buy media at scale. And while the industry works on catching up, it’s up to the publishers to bunker down and eliminate fraud from their individual supply chains.

Leave a Comment