The issue of click fraud is endemic in the online advertising business, with estimates over the scale of the problem varying wildly, with some parties claiming that up to 50% of all billed-for ads are generated by non-human traffic.

Last week, this publication spoke with IPONWEB’s Thomas Servatius who explained the market dynamics that permit click fraud to continue at its current levels. This week, ExchangeWire speaks to experts in the field to gain further insight on just how the fraudsters operate, and possible methods to combat them.

Click fraud is the method of generating ad impressions either using non-human sources - such as lines of code that automatically click on brands’ ads - or hiring vast swathes of users to manually click on the same ads in order to increase the amount of revenue.

Almost everyone in the ad tech sector are willing to acknowledge it, but few are keen to go on record given that many secretors of the industry profit from the sector (albeit in many cases inadvertently so). But with the number of voices calling for reform is growing in both number and volume – for instance the IAB’s establishment of the Traffic of Good Intention (TOGI) Task Force – with more and more parties are starting to tackle the problem head on.

Andrew Goode, COO, Project Sunblock, says: “Click-fraud can be perpetrated on both PPC ads, creating an artificial price hike for specific search terms, and on display ad impressions, where fraudulent clicks create a false economy in which advertisers’ think they’re getting higher click-through rates than they are in reality.

As mentioned above, the click fraud can be generated both by manual ‘click farms’ – where human beings repeatedly click on ads purely to inflate traffic volumes – while more technically accomplished fraudsters use software to do their bidding. Both present a different set of problems when it comes to detection.

Goode explains: “Fraudulent clicks can be carried out by automated systems or by simply asking real people to do it manually. Manual click farms are one practise that can be incredibly difficult to track as there’s no real way of identifying them, or separating them from real people. A bit like an advertising sweat shop, they’re created by prolific fraudsters who employ low paid workers to click links, browse websites or sign-up to newsletters.”

Niall Hogan, Integral Ad Science, managing director, UK, describes how ‘bots’ are employed to similar ends: “Malware is downloaded onto a user’s laptop, without the user knowing, and the bot takes command of a browser on the user’s machine. The bot is controlled by a third party and given instructions to build an attractive looking cookie profile; which then generates fake impressions on a designated site that is only there to generate advertising revenue from the bot’s activity.

“A single bot on a single machine might not cause too much damage, but we typically see networks of up to 100,000 bots all being controlled and instructed by one person - their combined activity on the fake site that is generating impression and clicks is communally known as a ‘click farm’.”

James Collier, AdTruth, general manager, EMEA, highlights telltale signs that advertisers can look out for in order to detect when click fraud is occurring as part of their campaigns, although many sources concede that fraudsters are often a step ahead of the game.

“Environments that show very low uniques and very high conversions should be scrutinised. High conversion rates are often a sign and if you can access more data from those sites and see a high degree of 'collisions' in terms of the same user visiting the site often and clicking all the time, it's probably going to be fraudulent,” he says.

“There's a non-linear jump between a genuine user (at most 30 visits in month, unless its social) and a bot (500+).”

Integral Ad Science’s Hogan adds: “Black and white lists [of websites that advertisers approve of] are no good at solving the problem. As soon as you have recognised a problem site and added it to your black list, the fraudsters have renamed it or spoofed the URL and all of the activity has moved onto an identical site with a different dominion.”

However, Project Sunblock’s Goode explains that some technology is in place to help minimise the effects of click fraud: “One example is ad verification, which can help to tackle impression fraud by finding imitation publishers that are just stacking ads on a single web page to drive revenue and then blocking the impression purchase before the transaction goes through.”

With the scale of click fraud widely accepted as endemic in the industry moves are being made to tackle it at an pan-industry level, as indicated by the IAB’s TOGI project in the USA, but Collier explains, that as long as many in the industry profit from it, there is little will to change things.

“Things are being done, but not nearly enough. It is extremely hard to mitigate as fraudsters constantly change tactics, develop new ways of attacking the system, and dealing with it is very expensive in relation to performance based advertising,” he says.

“There are also a lot of people that profit from it, directly and indirectly, so in some cases there is a question of being seen to do enough, but not rocking the boat. And ultimately regulatory boards are fairly toothless when it comes to imposing tighter restrictions.”