Fraud-day With Forensiq: Detection Requires A ‘Holistic’ Approach

fraudThis is the third in a series of interviews with vendors combating the problem of ad fraud. Other companies participating in this series include White Ops, DoubleVerify, Moat, PubChecker, Telemetry, Asia RTB and Integral Ad Science. Read previous interviews with Integral Ad Science and Videology.

There’s fraudulent inventory out there. That’s just a fact of online advertising life right now. But if you don’t bid on it, then you don’t buy it. And if you don’t buy it, then you don’t get burned.

That’s Forensiq’s approach to fraud detection: Prevention is better than cure, especially in programmatic. Although Forensiq does provide a reporting service, its focus is on trying to deflect a risky bid before it’s made.

“We have a proactive solution that can sit in a pre-bid environment and return a risk score in five or 10 milliseconds to say, ‘No, don’t buy that impression,’” said David Sendroff, founder and CEO of Forensiq, which rebranded from CPA Detective back in March. “We also have JavaScript that can sit alongside an ad and allow us to gather aggregate details around things like viewability and traffic sources.”

Clients  Forensiq works mostly with DSPs and agencies, although it does have relationships with some brands  can also create automated triggers to block bad traffic. “If this traffic source or that domain-level reputation goes above X and your risk threshold is lower, you can say, ‘Block them,’” said Sendroff, who listed Integral Ad Science and DoubleVerify as Forensiq’s main competitors.

Of course, fraudsters are clever. Sometimes, everything might look kosher, but there’s actually ham under the table.

In mid-July, Forensiq launched a tool that enables advertisers to see the real domain where an ad is being served. What looks like a legitimate publisher might actually be a spurious web page whose sole purpose is to generate impressions. If a domain looks legit but isn’t, there’s the chance an advertiser might waste even more money on retargeting after the original buy.

“Let’s say your ad is running within a nested iframe which makes it look legitimate, but it’s actually a torrent site or an adult side,” said Sendroff. “It’s the difference between where you think your ad is running and where it’s actually running.”

Sendroff spoke with AdExchanger.

AdExchanger: How does Forensiq work?

DAVID SENDROFF: We have a simple line of JavaScript code that evaluates elements from the browser. We look at the browser type, the user agent, the plug-ins, etc., and check for anomalies. Browser type, for example, is often spoofed by bots or fraudsters. The browser may look like Internet Explorer, but we know it’s Firefox. Our data science teams are always looking for these inconsistencies to update our algorithms for detection. We also have proxy-piercing capabilities. We can see beneath the fraudulent IP to the real IP, so we know if they’re tunneling through botnets, proxies, high-risk data centers or malware-infected computers.

Give me a thumbnail sketch of Forensiq’s history.

We started the company four years ago focusing on the performance marketing space at the bottom of the funnel. We worked with companies like insurance carriers and online universities to evaluate the forensics of a device for someone submitting a lead to, for example, receive an online degree or get an insurance quote. We could build a risk profile to say, “Someone just entered John Smith’s information, but it wasn’t John Smith who filled out the form.”

How did you evolve from detecting conversion fraud to online ad fraud?

We became very accurate and predictive at the bottom of the funnel, but we were also getting quite a lot of disposition data, conversion data and revenue and performance-type data back from these advertisers and lead-buyers. Taken together, that data allowed us to keep really low levels of false positives and get a true metric and feedback to tell us when actions weren’t turning into revenue. We’d created a very predictive system that we were able to pivot into the top of the funnel to look at impressions and clicks.

What is Forensiq’s differentiator?

I’ve been building fraud detection for 10 years, but some of the other larger players in the space started in brand safety and over time realized there was a need for fraud detection and created a solution. But we are being told that we catch more fraud than the other solutions. The other folks who were just looking at the display side of things don’t have that same feedback system around revenue.

It’s also about being holistic. If you’re only looking at bots, for example, but you don’t see that somebody’s hiding pixels, stacking or stuffing ads or engaging in some other sort of fraud, then they may be missing out on that detection. We look at the entire funnel: impressions, clicks and conversions. That means if someone is managing an affiliate campaign, a pay-per-click campaign and a display campaign, they can have one consolidated platform for anything fraud-related.

How much fraud do you catch related to how much fraud there is, roughly?

There’s a pretty large gap between different types of clients and we haven’t necessarily segmented them all, but I’d say we do see between 10 and 50%. It’s quite a large gap, but there are a number of factors that can go into that.

First, it depends on the risk tolerance that some companies may allow to flow through if they’re working with more remnant inventory or lower-tiered ad networks or exchanges. The other question is around what we have access to in the ecosystem. Anyone’s measurement of fraud is based on their exposure to the industry or their client base. There are plenty of companies that either don’t have fraud detection or don’t have it installed across all of their inventory. Those that have it installed might turn it off for a period of time and that would obviously shift the percentage of fraud detected.

That’s why the statistics aren’t necessarily always accurate.

What is a “tolerable” amount of fraud vs. the amount of fraud that’s happening overall?

Regarding what’s acceptable, everyone has a different risk tolerance. If I’m a brand, any sort of fraud would cost money and represent a loss. If I’m anyone in between, there is a certain benefit to any impression that touches my system. And then there are the companies that are extremely proactive even though they could, on the surface, benefit from fraud. But they have no tolerance because they don’t want to risk their reputation with advertisers.

Is your technology cookie-based?

It’s not. Cookies could eventually go away, which is why we thought it was very important to build our technology without any sort of reliance on them. Our technology is algorithm-based. We look at the packet level data that’s in communication with a browser to see if there are any spoofing characteristics and we keep that information in a global fraud intelligence database of historical patterns we’ve uncovered. We’re very careful about what goes into that database because we don’t want to flag the wrong IP. Mobile is a good example, where IPs are in a shared pool and tend to repeat.

Do you have a viewability solution?

Yes. We follow the IAB standards – two continuous seconds for video, one second for display – but we’re also looking at maliciously hidden ads, like what happens in ad stacking, where ads are stuffed into a one-by-one pixel. We isolate how we flag that sort of traffic from the botnet side of things. If a publisher has hidden an ad and real people are going there and loading those impressions, you need a holistic solution that can evaluate and separate that sort of fraud.

What’s the bigger problem, nefarious publishers or bots?

Sometimes they sort of go hand-in-hand. There are actually some publishers that buy botnet traffic.

Are publishers incentivized enough to deal with the fraud problem?

Fraud is revenue and, frankly, the lower you get in the funnel, the less transparency there is and the more blended your traffic becomes, which makes it more difficult to isolate the singular source and understand where the fraud is coming from.

What other patterns are you seeing?

For one, video is the largest target for bots because the CPMs are so high. To combat that, we infect computers with malware to see how botnets behave and where they go. They might visit a site that’s packed with a ton of ads and videos and it’s clear that the site was never meant for a human to visit.

And then there’s the audibility issue. We have an audio detection solution that not only looks for videos that are muted, but also videos that are playing below a certain volume. While the latter isn’t necessarily fraud in and of itself – a publisher might have placed a video so you can’t hear it – there’s certainly less value in that for a brand.

What about mobile?

We’ve seen spoofed user agents and spoofed header information where bots are able to make traffic appear as if it’s mobile, but it’s just a desktop faking mobile traffic. In some cases, we’ve seen virtual machines simulating mobile, which means the mobile operating system is actually generating bot traffic. It has all the characteristics of a mobile device.

It’s not easy to spoof every characteristic, though. A fraudster might be able to, say, spoof the resolution and the operating system, but then they might not be able to come up with clean IP addresses. Because we’re looking at so many variables as part of our scoring, it allows us to catch things even when they’re pretty sophisticated like that.

How does programmatic come into play?

While it obviously creates more efficiencies in the market, you are losing some transparency. Our technology scores each impression in a pre-bid environment, which creates the opportunity to buy more fraud-free inventory.

What are you working on right now?

We’re working our way towards getting integrated into all of the exchanges. We’ve done that with AppNexus, for instance. We score every impression that flows through AppNexus. Anyone can just flip a switch and have us validate the impressions they’re about to buy in a pre-bid environment. We’re integrating into more and more exchanges, it just takes time to get all those pipes in place.

Enjoying this content?

Sign up to be an AdExchanger Member today and get unlimited access to articles like this, plus proprietary data and research, conference discounts, on-demand access to event content, and more!

Join Today!