PubChecker’s Certification-Centric Ad Fraud Solution

fraudThis is the fourth in a series of interviews with vendors combating the problem of ad fraud. Other companies participating in this series include White Ops, DoubleVerify, Moat,Telemetry, Asia RTB and Integral Ad Science. Read previous interviews with ForensiqIntegral Ad Science and Videology.

 To combat ad fraud, many in the industry have been looking to technology that detects bots and other types of fraudulent traffic. But PubChecker founder Chris Mejia sees a better way: “Preventing ad fraud is not a technology problem. It’s a business rules problem.”

Code that identifies and shuts down fraudulent traffic creates “a game of whack-a-mole,” Mejia described. “It’s so easy to come back as another entity. Until you raise the gates on getting access, that’s going to continue to be a problem.”

His solution is PubChecker. Publishers that want to be verified through PubChecker pass a set of hurdles that are easy for legitimate publishers to jump over but very hard for bad actors to fake. The end goal is to enable programmatic buyers to transact on these verified impressions programmatically.

As founder, he is now in the early stages of signing up publishers and creating relationships with agencies, exchanges, and ad networks.

Mejia recalled his first dealings with the issue of ad fraud, back in 2007, when he was running American operations for a European ad network called easyAd.

“We started noticing unreasonable spikes in traffic,” he said. “As we started investigating this, we quickly realized we were being gamed by a new publisher that had onboarded through an automated process. The publisher had done a bait and switch, and added a bunch of new domains.”

The team began adding hurdles that “would be relatively easy for a good publisher to get over but hard for a bad publisher to get over.” These included sending postcards to the publisher’s business address and requesting a mail back, or contacting banks to examine account continuity and verify information.

Still, the tactics they pioneered then weren’t widely adopted. “Back then, there weren’t a lot of companies that were particularly interested or incentivized to deal with this problem,” he said.

Mejia, who left the IAB to start PubChecker, spoke with AdExchanger.

AdExchanger: What’s changed since then?

CHRIS MEJIA: Right now, I think the climate is right to talk about fraud prevention. Ari from GroupM came out and said, “We’re going to move our money out of the open ad exchanges and ad networks, until you can figure it out.” Randall Rothenberg, president and CEO of the IAB, wrote an op-ed in February titled “The Digital Advertising Industry Must Stop Having Unprotected Sex.”

Two years ago, the IAB put together TOGI, of the Traffic of Good Intent task force. That has not moved the needle on fraud. Instead, it created an industry of fraud detection vendors who are taking money but not fixing the problem.

How far along is PubChecker now?

We’re working on a plan to subsidize the first thousand publishers, and right now I’m coordinating a lot of parties. Part of it is a chicken-and-egg game: It’s getting people in the ecosystem to know about it. The infrastructure side will take a while to build out, but it’s not sophisticated. And adding a field to the OpenRTB standard [which would enable transacting on verified publishers] happens all the time, it just has to go through industry standards making process. To get to that point, I’m coordinating with the buy side and sell side to get their support. I’ve had enough conversations with senior buyers in media who are very excited about it.

How is PubChecker different than tech-focused fraud detection vendors?

If you ask a software engineer how to solve a problem, he’s going to come up with an algorithm, not new business rules. By the time you’re detecting it, it’s too late.

Our premise is that bad actors are easy to spot if you know what questions to ask. In most cases, the only way these botnets, these fraudulent actors, cash out is through publishers. There’s no way to do this without setting up a sham publisher. So being able to identify a sham publisher is the key to reducing fraud.

Our process is so extensive we can tie it back to real people, with real government-issued IDs. As they move through the industry, we can track that.

It seems like every business out there today, you have to clear some hurdles before you start making money in business, and I think it will be no different for the ad industry. Where else can you get a check at the end of the week without having to prove anything about your business? It’s a wide gaping hole, and the fraudsters been gaming it quite effectively for years.

Who is going to pay to get verified through PubChecker?

I’m trying to set up PubChecker as a carrot for publishers rather than a punitive stick. Publishers would pay for their own verification, like you would by paying a fee to Dun & Bradstreet for a credit check.

We’re seeking publishers who need to verify themselves for the brand dollars from the GroupMs of the world. We’re more talking about the mid-tail to long-tail of the Internet, who I think will pay a reasonable amount of money to verify themselves as good actors.

Why the publisher?

One, it means the ad networks don’t have to bear the cost. Two, it allows the cream to rise to the top. Good actors have no problem with verifying themselves. If they spend a day to collect all that information and submit it, they will be rewarded for going through that process.  When the buy side says, “I only want to go through folks who have been verified,” they will be rewarded.

What will the pricing be for publishers to get verified?

We haven’t announced any public pricing yet. We’re in an early beta stage with our PubChecker verification product, and at this point where we are working with our other vendors to drive down the price point, where it becomes palatable to publishers and a no-brainer, but the pay-to-play is a barrier to entry that makes non-serious players go away. That’s a delicate, fine balance to find that right price that offers us the most ability to offer a service with integrity.

How would the process of signing up publishers and having advertisers transact on certified publishers work?

From a more mechanical and operational point-of-view, we see a couple of points of integration. One is on the supply side, with publisher onboarding. We’re in talks with ad networks and exchanges to supplant their current publisher on-boarding process or put our process in-line with theirs. Currently we’re doing it on a partner basis: an ad network signs up with us and in some cases subsidizes new publishers signing up. Today, they apply, get approved in a few hours, and they’re off and running. With this, it might take a week or so to get out, or more, depending on how cooperative they are. The certificate is a lot like an SSL certificate. The ad networks we’re talking to today, they’re not looking to kick anyone out. They think this is a reasonable process to make new publishers go through.

At the end of the day, if the advertiser decides to buy inventory that’s not verified, they can do that, and they could be buying fraudulent traffic. But if they do buy verified inventory, they’ll have more confidence in serving ads on the domains managed by that publisher.

Won’t there still be sophisticated, well-funded fraudsters who get past these checks?

Yes. But my experience tells me that a lot of the fraud out there is low-hanging fruit, and people who don’t think they’re that bad for doing what they do.

Many publishers have display ads running on their sites, but don’t necessarily have a ton of impressions to make that cost of getting verified worth it. What about them?

In any business you have to reach a certain stature before you can do business with other people from another size and stature. You don’t even get onto exchanges until you have a certain amount of traffic. Right now we’re working with our supply side folks to know what their minimum requirements are in terms of impressions and their average CPM, and finding out if our verification fee is reasonable according to that information.

Also, let’s talk about the give and take – they have to pay, but then they start getting real brands. That’s something that doesn’t happen today. Brands pay higher than belly fat ads and dancing cowboys, and they look better too.

How would PubChecker’s certificate work in an exchange?

Think of it as any other piece of data that you transact on. What we’re trying to do is get some critical mass to get it baked into the OpenRTB standard, so it could be its own field. That’s something we’re in talks about. If not, we could stick it into the query string, and then it’s parsed. The advertiser can make a programmatic decision based on that data.

We would also have a pointer back to our database, which is a real-time database, to make sure it’s valid, and tie it back to domains we have on file under management by that publisher.  That further check of the validation is not necessarily a real-time handshake. Instead, you would likely do an audit on traffic once a day to see if a certificate is bogus, and report that to the moderator of the network.

What do you hope will happen if the industry moves to using PubChecker?

We’ll have raised our collective wall around our walled garden, which is what IAB president Randall Rothenberg called for, and start having integrity in our business relationships, tracing everything back to real people. I also fully anticipate we will have competition as soon as this issue is widely known. But that will be a good thing. The NYSE and NASDAQ are heavily regulated exchanges, with the SEC evaluating them, saying you can sell on these exchanges. We’re like the SEC. The rest of the folks, the fraudulent actors out there, they’ll be relegated to operating in a smaller and smaller pool of unregulated spaces.

Enjoying this content?

Sign up to be an AdExchanger Member today and get unlimited access to articles like this, plus proprietary data and research, conference discounts, on-demand access to event content, and more!

Join Today!

1 Comment

  1. Hi Chris

    Thanks for sharing your view.

    Although certifying publishers seems like a good idea, I don’t believe this would solve Ad Fraud problem at scale.

    From my knowledge there are three categories of fraud:

    1) Ad stacking – impressions concealed behind other content or ads displayed in a tiny 1×1 pixel i-frames or whole websites stuffed into non-viewable i-frames
    2) Laundering fraud – resell low quality site high volume ad impressions through phony content sites
    3) Nonhuman bot traffic – botnets of infected consumers’ computers, which surreptitiously mimic humans’ surfing behavior.

    Bot traffic is the most common form of fraud and probably the hardest to detect. Any publisher including certified with PubChecker seal can be infected with bot traffic, thus defeating the purpose of certification as it simply allowing botnets to feed of “good guys”.

    For the record, my definition of impression fraud – as recognized by the IAB – is a situation where an advertiser buys a digital ad that has zero chance of being seen by a human.

    Good intention but unfortunately not a holistic solution; it doesn’t prevents all type of fraud and fights botnets/farms.

    My two cents