How do you make sure you’re serving ads to real connected TVs and not spoofed devices? Get the manufacturers to confirm they’re legit.
The IAB Tech Lab announced on Tuesday a new device attestation feature for its Open Measurement (OM) SDK. The feature provides a scaled way for original device manufacturers to confirm that ad impressions are associated with real devices.
Getting that confirmation directly from manufacturers helps advertisers avoid serving ads to devices that are only pretending to be CTVs or that may not have real people viewing the ads.
And, because the confirmation is a deterministic signal provided by the manufacturer, it’s more reliable than the probabilistic proxy signals ad tech platforms usually rely on to catch fraudulent devices.
Manufacturers that have signed on so far include Google, Apple and Amazon, and device attestation is currently supported on Apple and Fire TV devices. Participating ad tech companies include AdsWizz, Amazon Ads, DoubleVerify, Google, HUMAN and IAS. The new feature will be available through publishers that adopt OM SDK version 1.6.
Device-level verification
The tech works simply enough: First, a publisher integrates OM SDK 1.6. Then, when an ad creative is served to a user in the publisher’s audience, code embedded in the creative triggers an attestation call to the measurement provider. The measurement provider then requests an attestation token directly from the manufacturer.
The manufacturer provides the token using IETF’s Privacy Pass Protocol. The protocol offers a safeguard against bad actors reverse-engineering the attestation, because the manufacturer must confirm that it provided the token.
OM SDK’s device attestation is device-agnostic, and it could be used to verify both TV and mobile ad impressions, said CEO Anthony Katsur. However, fighting CTV fraud is the main motivating factor and the focus at launch.
For bad actors looking to siphon ad revenue, spoofing CTV devices is appealing, said Geoff Stupay, SVP of Product at HUMAN. It’s not just because CTV ad prices tend to be higher than other media channels, he said. It’s also because CTV tends to be a “low-signal environment” when it comes to pre-bid transparency, which means it’s harder for platforms to verify devices in real time.
Although device attestation could theoretically work pre-bid, Katsur said, the number of API calls required would bog down page loading times and ruin the user experience.
However, even if it is impractical to use pre-bid, device attestation is another useful signal for verifying devices post-bid, Stupay said.
And, Katsur said, verification providers like HUMAN could use post-bid attestation to inform their approach to pre-bid verification. For example, if a supply chain gets flagged too many times for sending unverified devices, platforms can weigh whether it should be blocked pre-bid. He added that individual brands, DSPs and SSPs should all be more active in applying those post-bid findings to their pre-bid filtering.
In addition to preventing waste, having a deterministic signal provided directly by device manufacturers can go a long way toward helping the industry wrap its head around the scope of CTV device spoofing in the first place, said Ron Pinelli, SVP of digital research and standards and associate director at the Media Rating Council (MRC).
Currently, neither the IAB Tech Lab, the MRC nor HUMAN could say with confidence that they have a strong grasp on the scale of the problem.
It’s hard to pin down how much wasted ad spend goes to these CTV spoofing schemes, Pinelli said, because of the lack of transparency in the CTV channel and the fact that ad platforms often have to rely on proxy signals and pattern analysis for catching spoofed devices.
But one thing that’s clear is that “device spoofing can be scaled very easily,” Pinelli said, and “it’s a problem that needs greater telemetry to address.” Device attestation, he added, helps fill that signal gap.
Adopt or not?
Plus, Pinelli said, the solution addresses some of the mistrust that buyers have when it comes to publisher-provided audience signals. After all, this is the device manufacturer confirming the impression is legit, not the publisher.
For that reason, Pinelli said, the MRC “highly encourages” publishers to adopt the IAB Tech Lab’s OM SDK and update to the version that has device attestation enabled.
But, he added, the solution is not a silver bullet for combatting invalid traffic (IVT) in CTV, since it only addresses spoofed devices, which is just one form of IVT among many.
Also, Stupay said, it doesn’t prevent situations in which a bad actor is using legit devices to create fraudulent ad impressions. For example, if a scammer had hundreds of Fire TV sticks running that weren’t actually connected to TVs, Amazon could end up confirming that those are real Fire TV devices. In that case, HUMAN would need to rely on other signals to determine whether a display was connected and people actually saw the ads.
With all that in mind, Pinelli said, the MRC does not require OM SDK adoption for companies to receive any of its accreditations for IVT filtration.
However, Stupay added, the device attestation feature will only work in the long run with widespread OM SDK adoption by publishers, and with more device manufacturers signing on to provide attestation.
Once adoption of the device attestation feature reaches critical mass, Stupay added, it would make more sense to closely scrutinize publishers and manufacturers that refuse to provide that attestation.
Katsur echoed that assessment. “We are talking to other OEMs right now about standing up an attestation mechanism, and that’s a business decision,” he said. “If within a year there’s more adoption, then you’ve got to question who’s not adopting. Who doesn’t want to say these are legitimate devices?”
