Ubisoft On Why Devs Need More Than Data To Ferret Out Fraud

Data is helpful in the fight against fraud, but it’s not enough, said Martzel de Domingo, who leads user acquisition at French gaming giant Ubisoft, whose titles include “Assassin’s Creed” and “South Park: Phone Destroyer.”

Fraudsters know how to hide behind the numbers.

“Some people might not look to see what’s happening after an install,” de Domingo said. “This feeds right into the fraud issue.”

For example, if users only spend a few seconds in an app after they download, retention will look good even while engagement isn’t.

There may be different reasons users bounce: They lost their internet connection, they downloaded by mistake, the traffic was incentivized or, increasingly, the install was fake.

But if you only look at download and first open and not what happens next, you’re not getting the whole story, de Domingo said.

“You not only have to know your data, you have to know your users: what they’re doing and the reason why they do it,” he said. “If retention is high on day one but the session is only five seconds, this is not normal user behavior.”

AdExchanger spoke with de Domingo about dealing with app fraud in the user acquisition trenches – and one fraud tactic he never thought he’d see.

AdExchanger: Which type of mobile fraud do you see the most?

MARTZEL DE DOMINGO: The biggest thing I’m seeing at the moment is click spamming, which is when ad networks, affiliate networks or even app developers generate fake clicks which are then attributed to the network and which we pay for on a cost-per-install basis. The click never happened and what we’re actually paying for is a user who downloaded our game organically.

In most cases, there aren’t even enough devices in a specific audience or geo to bring in as much click volume as you’re seeing.

How can you tell it’s happening?

When you see an extremely low install rate or way more installs from an ad network, but they’re converting far less than average, you know there’s something going on.

What are some other red flags to look for?

One very basic thing to do is to look at the number of clicks. Is it average and does it make sense? And does the install rate make sense? That’s how to find click spamming. You also need to look at the retention numbers. When retention is extremely low and you have sufficient data to show that it’s statistically significant, you can easily filter out that source.

But understanding user behavior and intent can tell you much more than only looking at data.

For example, there are apps or sources that can fake your retention. They know that most marketers like me look at day one, day three and day seven retention. On those specific days, we might see an average retention rate of, say, 50% on the first day, 30% on the third day and 20% after a week.

But if you look at day two or day six, it’s 0%. The fraudster is specifically boosting the days that most marketers look at to fake user behavior that’s not actually happening.

Is this common?

It doesn’t happen a lot. The very sophisticated fraud schemes occur very rarely, because it’s not as easy as click spamming, which they can do automatically. It takes time. 

What’s the most surprising fraud tactic you’ve seen recently?

One that is quite difficult to spot – and can be quite dangerous – is in-app purchase fraud. This is when a specific source brings you very low retention, but some payments. They will pay for items with a low price, say $1 or $2, to make marketers believe they’re providing a good source. From the fraudster’s perspective, they’re investing a bit in order to get a higher CPM in the end.

If you’d told me two or three years ago that there would be people faking payments to try and make me bid higher on certain sources, I wouldn’t have believed it, but it’s actually happening. If they can boost your CPM by two or three times, it pays off for them.

How do you handle clawbacks from your partners?

The hardest thing is when you actually know or are pretty sure you’re buying fraudulent traffic, but there’s no real way to prove it. If an ad network claims something is not fraud, it’s very difficult to convince them otherwise unless you previously negotiated with them not to pay for some things, like traffic with retention below a certain threshold and you can prove it with a neutral third party.

The biggest issue isn’t finding the fraud, but confronting the ad networks and making sure you don’t pay for it. The negotiation that comes after is the most painful part.

Enjoying this content?

Sign up to be an AdExchanger Member today and get unlimited access to articles like this, plus proprietary data and research, conference discounts, on-demand access to event content, and more!

Join Today!


  1. What Martzel isn’t saying though is – He’s not buying Clicks (CPC) – he’s buying installs (CPI) , and even though he’s getting actual users installs attributed / paid for – he’s holding Networks accountable for spamming clicks.
    There’s no logic here.

    As long as Mobile App Advertisers, like Ubisoft, doesn’t comprehend that as long as you interlace attribution and incentives – you will always end up with higher attribution, as you pay for this event without being willing to take the risk on learning how to actually buy media.
    This is probably as buying media is difficult and expensive.
    App Developers like Ubisoft basically wants to eat the cake but leave it whole – i.e. not risk money on converting impressions, but still, have the boldness to complain over the unpaid impressions/clicks they did NOT buy.

    • @Jason: App Developers like Ubisoft want to invest in UA traffic that is legit and without fraud. It is already common knowledge that attribution fraud is happening on many levels across the industry. Advertisers don’t want to pay for fake installs or organic traffic. Not sure why you do not see the logic in that.

      Injecting clicks or spamming clicks (which, yes, advertisers do not pay for) in order to poach organic installs (which advertisers do pay for!) is fraud. Very simple. Nothing to do with media buying being difficult or expensive.

  2. Clearly, Mr Jason does not understand Mobile attribution. Click-Spam is very similar to Cookie Dropping, the clicks are fake, but they will make an attribution software attribute real installs towards it, if there is not another last click (thus, mainly organic installs will be affected).