Home Data-Driven Thinking Secure Ads Layer: The Ad Fraud Solution You’ve Never Heard Of

Secure Ads Layer: The Ad Fraud Solution You’ve Never Heard Of


jamesaveryddtData-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.

Today’s column is written by James Avery, CEO at Adzerk.

Fraud is the ad industry’s not-so-secret problem. It impacts publishers just as much as advertisers. Advertisers have finite budgets to spend filling placements each year, and the amount that gets wasted on fraud hurts the payouts of legitimate publishers.

It’s not as simple as blocking unwanted domains from accessing a site or demand-side platform because fraudsters adapt faster than publishers and advertisers can detect their exploits. But a century-old solution using a secure sockets layer (SSL) may hold the key to stopping fraudsters in their tracks. Since it creates a boundary between those who serve and display advertisements, I call it the secure ads layer.

We are all familiar with fraudsters’ ploys. They can repeatedly make ad requests to a site, not only refreshing a page but also mimicking valid user agents to avoid detection. They can build sites that look legitimate but are filled with stolen content, with ad units stacked on top of each other. Fraudsters can even make ad requests from inside a 1×1 pixel.

And they’re probably using new techniques now that the industry doesn’t even know about.

Impact On Publishers’ Bottom Lines

Fraudsters also use countless adware and malware plugins that insert or replace ads on legitimate publisher sites. Often, these toolbars are presented as Trojan horses to end users, promising to donate revenue to charities of their choice or deliver some marginal benefit to their web browsing experience. Of course, the revenue is directed to the plugin creator while the publisher loses the value of its inventory.

This is not just a short-term loss of revenue – the overall value of a publisher’s inventory will diminished through fraud. It contributes to ever-shrinking CPMs, and it’s only getting worse.

Ultimately, trying to solve ad fraud through various “patches” that detect fraudulent activity and block users or patterns is like trying to put out a forest fire with a cup. You might see some short-term successes, but you’re guaranteed to lose the war

The core issue is that ad platforms use domain as the main identifier when identifying traffic. This can be easily spoofed on nearly all major platforms, and in many platforms it can just be passed in as a query string on the request. As long as a fraudster can masquerade as a different domain, there will always be ad fraud.


AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

Better Than A Domain

There is, however, a potential solution based on technology that goes back to 1874. It uses the same basic principle as SSL.

SSL is a fairly well-known technology, although the average user probably doesn’t know that it works because of a technique called public key cryptography. A browser can use a public key to confirm that a certificate was signed with the corresponding private key, without having access to the private key.

One use of public key cryptography is the ability to sign a message and then verify that the message wasn’t tampered with. What I envision is for publishers to host a set number of valid public keys, perhaps stored at a central repository or just exposed through a simple endpoint, such as a  /_keys folder off their main domain. The publishers would give the corresponding private keys to vendors, such as their ad server and SSP, who they’ve already vetted.

Say The New York Times adopts a secure ads layer. Whenever impressions are served on nytimes.com, their private key is used to sign the full URL, a time stamp and the ad request’s user ID (cookie). The buyers, including the exchanges, DSPs or networks, would then use the Times’ public key to verify that the URL was indeed certified by the publisher.

Not only does this secure ad requests for publishers, it’s a huge opportunity for DSPs because they could enable buyers to purchase verified traffic and choose publishers based on their verified keys, as opposed to domain.

This technology could be a game-changer for programmatic advertising, but to get this done, we need the support of the major ad servers, exchanges and DSPs.

Secure ad traffic is better for advertisers and publishers. The secure ads layer is something everyone could implement without any proprietary technology or extra cost.

Follow Adzerk (@adzerk) and AdExchanger (@adexchanger) on Twitter.

Must Read

shopping cart

Moloco Invests In Its Competitor Topsort As The Retail Media Stakes Go Up

Topsort can lean into Moloco’s algorithmic personalization, while Moloco benefits from Topsort’s footprint with local retailers in the US and in Latin America.

CDP BlueConic Acquires First-Party Data Collection Startup Jebbit

On Wednesday, customer data platform BlueConic bought Jebbit, which creates quizzes, surveys and other interactive online plugs for collecting data from customers.

Comic: The Showdown (Google vs. DOJ)

The DOJ’s Witness List For The Google Antitrust Trial Is A Who’s Who Of Advertising

The DOJ published the witness list for its upcoming antitrust trial against Google, and it reads like the online advertising industry’s answer to the Social Register.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters

Why Vodafone Is Giving Out Grades For Its Creative

One way to get a handle on your brand creative is to, well, grade your homework, according to Anne Stilling, Vodafone’s global director of brands and media.

Inside The Fall Of Oracle’s Advertising Business

By now, the industry is well aware that Oracle, once the most prominent advertising data seller in market, will shut down its advertising division. What’s behind the ignominious end of Oracle Advertising?

Forget about asking for permission to collect cookies. Google will have to ask for permission to not collect them.

Criteo: The Privacy Sandbox Is NOT Ready Yet, But Could Be If Google Makes Certain Changes Soon

If Google were to shut off third-party cookies today and implement the current version of the Privacy Sandbox, publishers would see their ad revenue on Chrome tank by around 60% on average.