You’ve heard of ad fraud, right? Of course you have. But...

Marketers Don’t Think Ad Fraud Affects Them

A recent study from TribeOS confirmed that 77% of marketers have heard of ad fraud. But did you know that only 1 in 10 have a working knowledge of what ad fraud is and how it works? And the majority of marketers still don’t think ad fraud affects them and that it’s a “someone else’s problem.”

Well, it’s not someone else’s problem. The biggest loser is the marketer. Any marketer spending any ad budget in digital is affected by ad fraud. Ads are not being shown to humans. Also, less than 40 cents of every dollar spent by marketers goes towards showing the ad -- i.e. “working media” -- because 60 - 70 cents of the dollar goes into the pockets of the ad tech companies, agencies, and other digital middlemen who are maximizing their own revenues.

The larger problem is that of ad fraud. So, let’s take a step back and clearly define what that is. Ad fraud in digital marketing is simply ads being shown to bots (software programs) instead of to humans. When marketers buy digital ads they think the ads are being shown on websites to humans. But instead bad guys set up fake websites and use fake bot traffic to generate fake ad impressions out of thin air. This is literally like counterfeit handbags or watches. Marketers are buying large quantities of digital ads and their marketing budget is going straight into the pockets of these cybercriminals. Marketers are not getting what they paid for and there will be no business outcomes from these marketing activities.





How Did Ad Fraud Start?

Source: https://www.slideshare.net/augustinefou/how-brands-are-solving-ad-fraud-themselves

In the early days of digital, marketers would go to large websites, i.e. publishers, that had vast human audiences and buy media inventory. This meant that ads would show on those web pages when humans visited.

Over the years, more and more ad tech companies started to claim that marketers could use their magical technology to show the right ad to the right person at the right time, no matter where they showed up -- i.e. on the large numbers of small, long-tail websites. This meant that marketers would no longer have to buy inventory from big publishers; they could buy it from the ad-tech companies, which would serve the ads on vast numbers of websites.

In this way, ad-tech created the incentive and the opportunity for bad guys to create large quantities of websites for the sole purpose of carrying ads to make money. The problem was, few to no humans would know about these sites or visit them, nor could they be found through search. There was no traffic to generate the pageviews needed to generate ad impressions. So the bad guys went out to buy the traffic from traffic sellers.

Common sense will tell you that there aren’t a whole bunch of humans sitting around with nothing to do but to go to websites you tell them to go to. So all of this so-called “sourced traffic” is created out of thin air by bots - software programs instructed to load specific webpages, X number of times. Bot creators get paid for this traffic by the sites that needed the fake traffic.

As more dollars poured into digital from other channels, the large bucket of dollars attracted more and more criminals to “get in on it” - i.e. ad fraud. They started to automate the creation of fake websites and vastly scaled their botnets to create more traffic, more ad impressions, and more revenue for them. An MIT Technology Review study showed that ad fraud and click fraud were by far the most lucrative uses of botnets. The scale of ad fraud quickly hockey-sticked and by 2015, a large ad exchange was forced to eliminate 92% of its “inventory” because the sites selling ads through the exchange were so obviously outright fraud that the exchange would go bust if it didn’t clean it up.





How Do Bad Guys Get Paid?

If the fraud were this obvious, you might be wondering why it isn’t caught and stopped long ago. Well, it’s because of misaligned incentives. In other words, ad exchanges make more money when more ad impressions flow through their platforms. Agencies that buy digital media get rewarded for buying larger and larger quantities, at lower and lower CPMs (cost per thousand impressions). If the fraud were caught and stopped, these middlemen would make less money, so they are incentivized to keep it going, or at the very least look the other way and let it continue. So you could consider them as complicit to the perpetuation of ad fraud as the hackers and cybercriminals, even if these middlemen didn’t make and maintain their own botnets.

This leads to a very frequent question - how do the bad guys get paid? It’s hard to imagine hackers walking into banks to deposit checks for all those good bots they made. They don’t need to.

Follow this money trail: The marketer gives the media-buying agency a large chunk of ad budget to spend. The media agency buys ad inventory from large ad exchanges. The exchanges pay their member sites for ads shown. The sites pay the traffic brokers that sent them the bot traffic. The traffic brokers pay other traffic sellers upstream from them. And they all ultimately pay the botmaster for their portion of the traffic - kind of like timeshare on a botnet. There doesn’t even need to be many hackers who are advanced enough to make bots and maintain botnets to drive the massive scale that drives ad fraud. Just a few will do. The rest are middlemen, just “arbbing” the opportunity -- buy low, sell high (CPMs).





Don’t Certifications Help Cut Out the Fraud?

No, not if the certifications are fake too.

Do you think a certification given to a company that “self-declares” they are honest, clean, and fraud-free is going to really protect you? In fact, it may have just the opposite effect -- it gives marketers a false sense of security, because they think they are protected, when the opposite is true -- i.e. criminals continue to operate in broad daylight. Some even have real, registered companies in the U.S. and may even have set up offices as cover -- it would be too obvious if their company address were a P.O. Box. Checking that a company exists is not the same as checking if they are committing fraud, ad fraud or not.





Don’t Fraud Detection Companies Catch and Eliminate Ad Fraud?

Yes, but not all of it.

If the tech is tuned to look for bots -- a.k.a IVT (invalid traffic) -- then it will find IVT. But it will miss other forms of fraud which it is not looking for, like mobile apps continuously loading ads in the background or fraudulently clicking on ads.

April 2019 - https://www.buzzfeednews.com/article/craigsilverman/google-play-store-ad-fraud-du-group-baidu

March 2019 - https://www.buzzfeednews.com/article/craigsilverman/in-banner-video-ad-fraud

November 2018 - https://www.buzzfeednews.com/article/craigsilverman/android-apps-cheetah-mobile-kika-kochava-ad-fraud

October 2018 - https://www.buzzfeednews.com/article/craigsilverman/how-a-massive-ad-fraud-scheme-exploited-android-phones-to

Etc.

And by the way, none of these fraud detection tech companies measure for humans; they only look for IVT, which is like doing “half the job” because “not IVT” does not necessarily mean “human.” It could be something that was not measurable; or there was not enough information to label it a bot or not.









So What?

Now that you have some background on ad fraud, ask more questions; ask hard questions. Don’t assume “everything’s fine.” It’s 2019 after all; how much longer will you allow ad fraud to continue to line the pockets of cybercriminals, instead of getting what you paid for - ads being shown to humans. It might have been true in the past that you would lose your job for exposing ad fraud; today it’s more true that you will DEFINITELY lose your job for allowing fraud to continue or covering it up.

#marketers #defendthespend