02 April 2020

In plain English: What can we do to reduce ad fraud?

By Thomas Cotton - head of trading development, MiQ

A blog series explaining some of the concepts, processes and technologies we need to do our jobs - in plain English. 

Let’s start by admitting the obvious. Fraud is a major problem in online advertising. 

A report conducted last year by White Ops and the ANA projected that marketers would lose almost $6bn globally in 2019, down from $6.5bn in 2017, but still an eye-watering level of wasted budget. 

It’s an issue we care deeply about. Ad fraud is bad for our business, bad for our clients and, most importantly, it’s bad for every one of us who benefits from a free, ad-supported internet.

But it’s not a problem that can be solved by one business. Reducing ad fraud means ad tech companies, media agencies, publishers and advertisers themselves all need to work together - and that’s where organisations like TAG (Trustworthy Accountability Group) come in. 

The Trustworthy Accountability Group (TAG) is an initiative that builds relationships between companies across the advertising industry to increase transparency and help us all collaborate on initiatives to fight ad fraud. We’re proud to work with TAG and were recently reawarded their Certified Against Fraud Seal.

But before we dive into the solution, let’s take a look at the problem.

What kinds of ad fraud are there?

There are many methods that criminals and unscrupulous vendors use to defraud clients. Some of the most common are...

1) Bots and other forms of non human traffic

Fraudsters use a complex system of cloud servers and proxies, or users’ computers that they’ve hijacked, to run automated scripts (bots) that mimic the behaviour of human web traffic. It’s important to remember that there are non malicious bots (such as web crawlers used by search engines) but the bad bots are out there to generate fake site visits, clicks, video views, with the more advanced ones faking site actions and app installs, all in order to drive revenue for the fraudsters.

2) Ad or click hijacking

This happens when a browser has been hijacked through malware. Genuine ads can then be replaced by counterfeit ads without the publisher knowing, so the fraudsters receive the credit - and the money. Clicks can also be intercepted and redirected to different locations to make it look like traffic to an advertiser’s site is coming from a different source.

3) Pop-unders

Again, these are caused by hijacked browsers. Pop-unders are where a browser opens windows in the background that navigate to pages that generate ad revenue for fraudsters.

4) Domain spoofing

Domain spoofing means a fraudster creates ad requests that looks like it comes from a legitimate publisher but really are coming from a fraudulent site, so that advertisers will spend there.

5) Hidden ads

This is where fraudsters infiltrate the website or the ad serving process to serve ads that are invisible to the user. These can be in 1x1 pixels (pixel stuffing) or hidden behind other ads (ad stacking).

How can we tackle ad fraud?

There are a number of companies who specialise in identifying and mitigating exposure to ad fraud. Most ad tech platforms and providers partner closely with these companies as well as employing their own techniques. 

We’re no different. We have partnerships with anti-fraud specialists and use our own fraud-prevention strategies. We’re happy to share more detailed information on all our anti-fraud practices. But as a general overview, to earn ‘Certified Against Fraud’ status from TAG, a business like ours has to prove it’s doing things like…

- Bot traffic filtering – using our technology and that of our partners to filter out any traffic we think is non-human before bidding on an ad, and blocking ads where IVT is detected after a bid has been made. 

- IP threat filtering – maintaining a dynamic exclusion list of all the IP addresses that we deem suspicious.

- Domain/App threat filtering – using fraud prevention technology to root out domains and apps before bidding on an ad, blacklisting any that we identify as a direct risk of generating fraud.

Industry initiatives

But fighting fraud means that everyone across the legitimate advertising landscape has to work together. There have also been some powerful industry initiatives developed by IAB Tech Lab to combat ad fraud:

- Ads.txt – (stands for authorized digital sellers) This is the major weapon against domain spoofing. Legitimate publishers all use ads.txt files to declare who is authorised to sell their inventory and to differentiate themselves from fraudsters. (The Ads.cert initiative goes a step further and allows publishers to sign bid requests cryptographically so that buyers can tell it is coming from an authorised seller )

- Sellers.json - This is the equivalent of ads.txt but for sellers, rather than publishers. It’s a file where all the SSPs and exchanges list all their authorized reseller partners along with their seller IDs so fraudulent actors can’t enter the process. 

 - Supply chain object - This gives buyers a record of what sellers and resellers have been involved in each bid request and identifying whoever was the final reseller in the chain. Buyers can match the seller IDs provided by publishers (in their ads.txt files) so they can see they’re working with bona fide partners. 

Good buying practices

Finally, there are things buyers can do themselves to guard against fraud. For buyers, it’s best practice to:

  • Buy only via reputable ad tech platforms and providers who you can trust, and who are signed up to initiatives like TAG and the IAB Gold Standard.
  • Gain a better understanding of the publishers and supply partners you’re working with to identify where real buying relationships exist
  • Prioritise private marketplaces where appropriate and use industry initiatives such as the ones listed above when buying through the open market 

Each of these elements in isolation, being done by just one company, might not be all that effective. But when multiple companies across the advertising ecosystem sign up to these rules, share their fraud-fighting knowledge, and encourage transparency between good-faith actors, life starts to become much more difficult for the fraudsters.

Does fighting ad fraud work?

Fraud will continue to be a battle as fraudsters follow the money and develop more sophisticated methods to do so. But we’re seeing the industry making gains through technical advances, and better practice and awareness across buyers.

To keep ahead, we require the industry to work together and increase standards to not allow the fraudsters any wriggle room, which is why we are such big supporters of TAG and other initiatives.

A study conducted by The 614 Group, showed that on average 88% less fraud is observed across TAG certified channels compared to non-certified channels.

As long as digital advertising makes money, there will be people trying to gain access to that money illegally. But groups like TAG show that with collaboration, a commitment to transparency, and constant innovation to tackle fraud, we can make the ad-assisted internet a better place for everyone.