Although Integral has been on the forefront of the fight against impression fraud in the digital advertising industry, I have been largely silent on the topic. Despite that I’m a battle-scarred ad tech vet with strong opinions, I have been quiet because I know that many will perceive my words as biased due to Integral’s role in fraud prevention. Two recent incidents, however, prompted me to end my silence. Some will be surprised by my conclusions.
For the record, my definition of impression fraud - as recognized by the IAB - is a situation where an advertiser buys a digital ad that has zero chance of being seen by a human. Fraud comes in many flavors, including ad stacking, whole websites stuffed into non-viewable i-frames, and botnets of infected consumers’ computers, which surreptitiously mimic humans’ surfing behavior. Although all cause harm to the advertising ecosystem, I will be referring mainly to bot traffic here as we believe it’s the most common form of fraud and probably the hardest to detect.
The first aforementioned incident that caused me to speak out was a call I received from an old colleague who runs a media company that produces valuable fitness-related content. He called me in panic because he was told by one of his big clients that they were discontinuing advertising with his company. Their reason was that a technology vendor had found that 100 percent of his site’s impressions were fraudulent. Given what I knew of the site, 100 percent fraudulent traffic sounded improbable. I quickly offered to help by running a test on his site. The results showed that my former colleague’s site did have some fraud, but the levels were closer to 20 percent. It became quite clear that the technology vendor measuring fraud was labeling a lot of legitimate inventory (in this case 80 percent) as bad inventory. I thought that this may have been an isolated case, but with further investigation, I found that this was happening to a lot of other publishers as well. Sites that had even a modicum of fraud were being labeled as fraudulent by this well-known vendor.
This issue seemed like a micro-level problem to me. Human traffic was being incorrectly categorized as bot traffic on domains with any level of fraud, and while unfortunate, only impacted those sites affected. The second incident, a call from an investment bank research analyst, made me realize that there is a macro-issue at play as well. This bank was putting the final touches on its special report on the state of digital media and wanted me to verify that the annual loss from impression fraud in the online display ad industry was over $20 billion. Say what? I have read some pretty aggressive predictions around the dollars lost to fraud, but $20 billion? That estimate is way too high.
So, I feel I need to come forward and take a stand. Fraud is a problem in the online advertising industry, but NOT a problem of this magnitude. Whether on purpose or not, the fraud problem is being exaggerated. We have a problem, but it’s been blown out of proportion and it’s not as big as what we read. There, I said it. A year ago, I was concerned because I felt that the industry was not talking enough about the fraud problem, and now, I am worried about the opposite. If we’re not careful, we are going to get carried away and cause irreparable harm to the future of digital advertising.
So how did we get here exactly? I put the blame into a couple of categories. The first category has to do with limitations in technology. The unnamed vendor labeling my former colleague’s website as having 100 percent fraudulent traffic is a good example of technological limitations. In this case, the vendor correctly detected some fraudulent activity, but extrapolated this information to the domain or site level. In other words, bot-related fraud happens at a user level (an infected computer), but due to technical restrictions, it is often tied to a domain level (e.g., fitness-related-site.com). To make matters worse, many solutions only have two classifications of the entire site: fraudulent or clean. Thus, if the solution sees any reasonable fraction of fraudulent impressions on a website, it has to make a decision to label the site as fraudulent or clean. The threshold for fraud is typically set quite low in order to eliminate as much bot traffic as possible. The end result is that a relatively few fraudulent visitors can cause a vendor to mislabel a large percentage of normal impressions fraudulent. And as most fraud appears on legitimate sites that are buying traffic (a portion of which turns out to be non-human), as opposed to whole fake sites with 100% fraudulent traffic, this mis-labeling is very common. When you start to aggregate these mis-labeled statistics and extrapolate on what it means industry-wide on a percentage of total impressions, the amount of fraud present looks downright scary. Then, if you apply industry average CPMs to these extrapolated estimates (despite the fact that fraudulent inventory is usually cheaper than average), suddenly $20 billion appears plausible.
So, what’s the alternative to rolling up fraud statistics and detecting at the domain level? The better option is to intercept the ad call as soon as you detect a fraudulent user and thus only block the one ad from serving to this specific bot. However, you need to do this detection at the ad impression level. It’s the equivalent of using a laser to perform surgery rather than a butcher knife. Here are a couple of things to look out for: If more than 15 percent of your campaign impressions overall are identified as fraudulent and blocked, there is a good chance fraud detection is at the domain level. This means you are using a butcher knife, and this will likely cause friction with partners and needlessly hurt your scale.
Additionally, if you ever hear that blocking is not possible or bad because it tips off the fraudsters, you should know that you have been given false information. If done correctly, there is absolutely NO truth to this claim. It’s an urban myth - similar to one that claims freezing water in plastic bottles release dangerous dioxins - so don’t fall for it! Even if fraudsters were able to somehow detect that a specific bot did not receive the originally intended ad each time (not likely), there is no data that would give them the ability to reverse engineer the reasons why. People claiming that blocking is bad because it helps the bad guys are either naïve, rely on only one method for detecting fraud (like side channel analysis) or are purposely deceitful. In any case, it means that they’re suggesting a solution that does not have the technological sophistication to block at the impression level, and thus not as effective in preventing fraud and saving money for advertisers.
The second category of blame for exaggerating the fraud problem is related more to commercial reasons. The fraud problem has created lots of opportunity and companies have popped up almost overnight to capitalize on it. Many of the companies are made up of people who have never bought or sold an ad and have no appreciation for the media or the technology behind it. They see dollar signs and exaggerate the problem to give their company attention and help them create more demand for their product and services. Furthermore, most of these companies see only a small percentage of the online population - typically the worst stuff. They make the assumption that their tiny sample of media is representative of the entire industry’s media and use these biased samples to wildly extrapolate. Needless to say, the industry’s long-term health is not their top concern.
So, where do we go from here? Well, first it starts with a little perspective. We have a fraud problem. It has been exaggerated, however, and it’s not as big as many of the pundits say. It definitely won’t ruin the industry - we won’t allow it to — and it’s not out of control. That’s the good news. The bad news is fraud is still a problem nonetheless. It’s not only a sell side problem nor is it only a buy side problem. It’s an industry problem. And this problem will not go away anytime soon and may never completely vanish. The bad guys are made up of amateurs and very sophisticated professionals. We can eliminate the amateurs, but the pros are making a lot of money in fraud and they will continue to invest heavily in building better deceptions. Our goal has to be to work together as an industry to shut down all amateur activity and get the professional levels to a very small, manageable amount. The good news is that we are making progress. Despite what you may hear, fraud levels have dropped over the past year. We are at the beginning of the battle, but we’ve got the bad guys on the run.