Programmatic I/O: The Buy And Sell Sides Share Responsibility In Fraud Fight

fraud fightHow bad a problem is online ad fraud, and how should the buy and sell sides divvy the responsibility to combat it?

This question formed the crux of the panel “New Methods For Defeating Fraud In The Programmatic Era,” moderated by WPP’s Team Detroit chief digital officer, Kurt Unkel, at Wednesday’s Programmatic I/O conference in New York City.

So are 30% of online ad impressions truly fraudulent, as some industry studies suggest?

Andrew Casale, VP of strategy at sell-side ad tech company Casale Media, thinks that’s about right. “It could be bigger,” he said during the panel.

However Neal Richter, chief scientist at Rubicon Project (which began on the sell side, but has branched out to work with the buy side), differs.

“When someone gives you a number like that, the scientist in me asks, ‘Where’d you get the numerator and where’d you get the denominator?’” he said. “There could be a great deal of selection bias in this particular exercise.” Some exchanges might be overwhelmed with fraudulent activity. Others might run a much tighter ship. He added an exchange with good policies should not suffer 30% fraud rates.

Still, the exact percentage is irrelevant, said Michael Tiffany, CEO of White Ops, which specializes in online ad security. Within the mature credit card industry, he said, losses average 7 cents per $100 spent. “If fraud was just 7% of advertising, it would be 100 times worse than the credit card fraud that makes the news everybody hears about,” he said.

The Root Of The Problem

Whether fraud rates are 30% or 7%, what enables its existence? Casale pointed to the rise of automation in programmatic – the fact that machines buy based on data and data can be misleading. “We’ve given automation a lot of control and, as a result, oversight has dropped and fraud has risen,” he said.

But Drew Bradstock, senior product manager at Google, said the problem was fundamentally human.

“A lot of people do the three monkeys,” he said. “They see bad data, they see CPMs too good to be true, they see attribution models that don’t make sense except financially for the bottom line and they look the other way.” Automation might warn the human buyer, Bradstock said, but the attraction of buying a lot of traffic at cut-rate prices can overtake all good sense.

Not that these two viewpoints are mutually exclusive. Casale argued that the problem with automation is that it obscures the money’s path. In the old days of media buying, planners knew who their media partners were and where the money was going, and therefore fraud wasn’t as much of an issue.

“We now work in an ecosystem where you don’t know who you’re working with, you don’t know where the money is going, and I think that’s bred the current environment,” he said.

One of the biggest culprits, said White Ops’ Tiffany, is publishers’ fixation on getting bigger audiences, often through extension programs, making business decisions to facilitate volume-based sales.

“The middle man who might provide the transaction framework for this might source traffic from several other third parties,” Tiffany said. “You pay a guy who pays a guy who pays a guy who pays a botnet. And that traffic checks out clean. It goes to a website we all recognize and it looks good because it’s one of the more sophisticated form of fraud.”

This habit creates a vicious cycle wherein performance drops (because bots click but don’t buy). And as performance spirals down, advertisers feel they need to reach more people, thus they buy more traffic and more bots. Performance drops further and advertisers are pressured, yet again, to reach more people.

“This obsession with reach makes it extraordinarily hard to get off the juice, because the expectations of what volume you can buy at certain price points is wildly off the mark,” said Tiffany.

How Fraudsters Operate

Rubicon’s Richter pinpointed four key fraud strategies.

First, fake websites built just for advertising. Advertisers need to identify them and blacklist them.

Second, publishers “who know or should know their traffic acquisition strategy is sketchy.”

Third, smaller publishers getting traffic pumped into their sites, basically a bunch of unidentified spiders hitting their site.

Fourth, counterfeit impressions, either code built from scratch or a toolbar vendor doing ad injections.

These strategies aren’t always used in isolation. For instance, while botnet fraud is most prevalent because, as Tiffany pointed out, it “scales and captures high-value ad spending,” fraudsters will often create real human traffic via click farms (a bunch of low-paid workers clicking aimlessly on ads), an activity that stuffs their browsers with cookies.

While this tactic isn’t particularly scalable, it creates traffic that’s legitimately human, fooling detection systems. Once fooled, fraudsters clone those human cookies and use bots to scale their operations.

“They replay our cookies and metadata, so the bots are copies of known good consumers,” Tiffany said. “That leads to the highest dollar losses because those bots capture high-value ad spend rather than remnant long-tail stuff.”

The Effect On Publishers And Advertisers

While the advertisers are the most obviously affected – after all, they’re not getting what they paid for – publishers lose money as well.

Google’s Bradstock noted how toolbars can lower the price of publisher inventory. “Their inventory is being sold for five cents through some malware toolbar, and they’re trying to get $5 CPMs,” he said. “And they can’t understand why their overall yield goes down and they’re not seeing money.”

This is why buyers need to ensure they buy from exchanges with reputable publisher relationships. “If you buy from a high-profile site,” Bradstock said, “there’s a lot of incentive from people who manufacture counterfeit impressions to fake that domain and grab some money.”

This artificially inflates publisher inventory supply, further lowering their prices.

This is why, as Casale pointed out, “understanding the ecosystem [for publishers] is just as important as for buyers.”

“If you’ve got an exchange that has the technology that lets you take one impression and set up a blind URL and repackage it as something else and sell it on, that’s not good,” Richter said. “You have to be aware people are repackaging bad inventory as good inventory, basically laundering it.”

And exchanges, which recommend inventory for buyers, need to proactively police the sites running through their platforms. Because URLs can be spoofed, for instance, relying excessively on whitelists makes one susceptible to fraud.

“You’ll get victimized, unless you know you can only buy YouTube through [Google’s] AdEx,” Richter said. “Why would you find YouTube through an exchange you’ve never heard of?”

What’s Up With Video, Anyway?

This YouTube scam wasn’t hypothetical. One year ago, an exchange changed its policies around toolbars and suddenly billions of YouTube impressions were available through that exchange. Companies like Dstillery and Rocket Fuel, sniffed out the rat, Bradstock said, and refused to buy the inventory. Google noticed the problem as well.

“But a lot of people bought those impressions because it’s cheap YouTube, and then sold them onto their agencies,” he said.

While display is most affected by fraud due to the amount of spend traversing through the channel, video also has its share of bad traffic due to the format’s explosive CPMs. And fraudsters follow the money (the lower CPMs in mobile aren’t as attractive as those in video, so mobile doesn’t have quite as bad a problem).

Bradstock has noticed a high percentage of fraudulent traffic in exchanges, which are more interested in growing and therefore less interested in cleaning out their inventory. That’s the problem with high-demand video inventory, Richter said: Advertisers want it, so fraudsters create it for them.

“They want premium brand inventory in video for five bucks,” Bradstock said. “You buy it at five bucks, and you’re likely buying fake inventory.”

What To Do?

How to uproot fraud? Simply follow the money. One problem with that, Tiffany pointed out: There’s nothing simple about doing that.

“Traffic is fungible,” he said. “The number of middlemen make doing those monetary forensics extremely difficult.”

His remedy? The buy side needs to stop paying for bogus traffic – basically lose the incentives that make it advantageous to game the system by buying boatloads of bogus audience. Cutting off the buy-side money, he argued, will change the incentive structure. And that incentive structure needs to change because fraudsters have absolutely no fear of legal prosecution.

“Even if we could do attribution all the way to the source, you can’t motivate local law enforcement to do something about the problem,” he said. “And even if you could throw these people in jail, if the crime remains wildly profitable, then there will just be new entrants. The only solution is to cut the money off.”

But where does one begin cutting off the cash flow? Casale argues that it needs to be throttled at the exchange.

“If you look at our contract today with a DSP, it’s very clear: If you submit a bid, it’s binding,” he said, adding there’s plenty of time before anybody gets paid once the bid is submitted to stop payment. And this process entails not just cutting off the fraudster, but also cutting off the media buyer who purchased a lot of fraudulent traffic for nothing.

Google’s Bradstock, however, argued that the better solution is to simply take the money away from the publisher and dish it back to the buyer, even if the fraudulent activity is detected months later – a policy Google enacts.

“Just give the buyers back the money,” he said.

In the end, ad fraud is a never-ending battle. There’s too much money at stake and too few punitive consequences for perpetrators to give it up. As Casale pointed out, the fraudsters have billions of dollars to build better systems designed to skate beneath fraud detection solutions.

Tiffany recalled one botnet his team at White Ops reverse engineered. They discovered it was also, on the side, making $7,000 a day doing Bitcoin mining, ultimately a $2.5 million business for the fraudster. This activity made the bot easier to detect and when the fraudsters realized this, they shut off that $2.5 million function, simply because it put the more lucrative ad fraud business at risk.

An additional problem, Tiffany said, is that as anti-fraud solutions become obsolete, they start to believe they’re winning simply because they can no longer detect fraudulent activity.

This is why it’ll take an entire ad community village to combat this problem, even if it will never be weeded out entirely.

“The exchange has a responsibility to detect fraudulent impressions and not sell them,” Rubicon’s Richter said. “And buyers have the responsibility to detect signals, so we can set up this ecosystem.”

Photo by Geoff Green

Enjoying this content?

Sign up to be an AdExchanger Member today and get unlimited access to articles like this, plus proprietary data and research, conference discounts, on-demand access to event content, and more!

Join Today!