Despite the popularity of mobile applications such as Peace, Blockr and Ghostery over the last year, ad blocking will be the least of digital advertisers’ problems in 2016.

According to a report released by the Interactive Advertising Bureau (IAB) in December 2015 (the first official study of its kind), online advertising fraud now costs advertisers $8.2 billon per year. That’s a nine percent increase from the $7.5 billion figure that The Ad Contrarian Bob Hoffman, the retired CEO and chairman of Hoffman/Lewis Advertising, unofficially calculated in June 2013.

Specifically, the IAB found the following major reasons (the full report is in PDF form here):

$4.2 billion is lost due to “non-human traffic”

$1.1 billion is lost due to “malvertising-related activities”

$2.4 billion is lost due to “infringed content”

Paying for impressions that no one sees

The “non-human traffic” part stems from the fact that few people do not understand the true definition of an “impression.” The term does not refer to one human being seeing an advertisement one time. In reality, it is one web browser making one request to be served with one advertisement from one ad network. That’s all.

For more technical information on server requests, I wrote this informational guide on Logz.io last year on server-log analysis (in the context of digital marketing). Essentially, human eyeballs have little to do with requests — and that fact makes the impressions data in ad reports essentially worthless.

Why is this important? Just under half of all Internet traffic is bot traffic. Every time that a bot loads a webpage, the browser makes a request for an ad network to load an advertisement — and that action counts as a paid-for impression even though no human being will see it. In such an environment, I do not understand why anyone runs CPM campaigns (that charge a price per 1,000 impressions) at all. Advertisers are paying for impressions that no one sees.

Falling victim to massive publisher fraud

The “malvertising-related activities” part refers to website owners trying to maximize ad revenue by doing things that are immoral at best or illegal at worst. As I explained in a talk at Performance Marketing Insights London (PMI London) in late 2015, here are four common examples:

Publishers stacking ad units on top of each other so that only the “top” impression is seen by website visitors (but all of them earn revenue)

Shrinking ad units down to a 1×1 pixel size and placing hundreds on a page so they will be paid for the impressions, even though no one will see them

Buying bot traffic from ad networks, earning a 25-100 percent profit margin on the resulting ad impressions

Automatically redirecting visitors to landing pages or other advertising content

The alleged fraud does not stop at the level of website publishers. A March 2015 Ad Age investigation reportedly found massive amounts of kickbacks between media buyers and ad networks.

Human-based metrics are the numbers to use when considering whether digital advertising is worthwhile.

Advertisers give money to media buyers to buy online advertising — which, as we have seen, is already suspect — and the media buyers purchase ads from advertising networks. Then, the report alleges, the ad networks send part of the money to corporate siblings of the media buyers. To top it all off, media buyers have also been allegedly overcharging advertisers by lying about how much the placements have been costing.

MediaPost contributor Reid Tatoris once crunched all the numbers and found that, as a result of bot traffic and online fraud, only eight percent of digital ad impressions even have the chance to be seen by human beings. But advertisers are paying for 100 percent of impressions.

(The third significant loss of advertiser money in the IAB study was due to “infringed content,” which is people accessing non-free programming and musical content without paying for it. That topic is not a focus of mine here.)

What advertisers can do

This issue is rarely addressed in the marketing and advertising worlds. At PMI London, speaker and after speaker touted the line that programmatic advertising is the future — usually because they represented companies that make money from programmatic advertising in one way or another — but disregarded questions on the fraud that is inevitable whenever machines run ad campaigns.

But the problem goes deeper than that. Most of the entire Internet is funded by a general agreement on this principle: Digital advertising delivers equal or greater ROI to businesses than other available marketing strategies. If 92 percent of online ad impressions are never even seen — thereby proving that the premise may be false — then Google, Facebook, the online news publications that inform our social discourse and countless other online companies are all in trouble. No wonder no one wants to talk about it.

So, before the adtech world catches up, here are a few of the ways I have found that digital advertisers can protect themselves:

Stop doing CPI and CPM campaigns. Cost-per-action (CPA) campaigns are much safer and less susceptible to fraud. Report your metrics in human terms. If you are paying $0.0050 per impression, then the $100,000 that you pay for 20 million impressions will actually result in only 1.6 million human impressions (based on the eight percent viewability rate that I mentioned earlier). So, you are actually paying $0.0625 per human impression — and that’s a 1,150 percent difference! Human-based metrics are the numbers to use when considering whether digital advertising is worthwhile.

Cost-per-action (CPA) campaigns are much safer and less susceptible to fraud. Block countries with high rates of bot traffic. According to Ad Week, the rate of “suspicious traffic” in countries including China, Venezuela, Ukraine and Singapore ranges from 86-92 percent. (For reference, the rate in the United States is 43 percent.)

According to Ad Week, the rate of “suspicious traffic” in countries including China, Venezuela, Ukraine and Singapore ranges from 86-92 percent. (For reference, the rate in the United States is 43 percent.) Install ad–fraud. Forensiq, SimilarWeb, Spider.io, Telemetry, White Ops and similar companies can help detect and prevent fraudulent behavior and activity.

As Director of Marketing and Communications for log management software company Logz.io, I am one of the team members who discusses and determines which marketing activities we will pursue. We have done little online advertising, partly because of the issues that I presented here — and $25 billion in ad spend was under review by big brands in 2015, as well.

Time will tell if others will follow suit in 2016.