The Cat-&-Mouse Game of Mobile Ad Fraud

A recent study by mobile app marketer AppLift, in conjunction with fraud detection expert Forensiq, concluded that a staggering one-third of mobile traffic is at risk of fraud. With mobile programmatic on the rise, media buyers are concerned.

Ad fraud affects advertisers – and gives publishers a bad name. But whose responsibility is it to prevent ad fraud, the supply side or the demand side? In this Q&A with ExchangeWire, AppLift’s CEO and co-founder Tim Koschella, and David Sendroff, co-founder and CEO, Forensiq, explain some of the issues of ad fraud and argue that all stakeholders need to get involved in the fight against fraud. Their prediction is, that with growing awareness, more sophisticated anti-ad fraud measures will be developed, and fraud will decline.

Your findings are mostly quantitative – what about the qualitative conclusions from the study?

Tim Koschella, CEO and co-founder of AppLift

Tim Koschella, CEO and co-founder of AppLift

Tim Koschella: The study we conducted is quantitative. Our goal with the study is to raise awareness about the issue of fraud within the mobile programmatic ecosystem, as this specifically hasn’t been touched on before. In the future, we plan on releasing similar studies on a regular basis, in which we will most likely also publish qualitative conclusions.

David Sendroff: We have certainly seen cases where most or all of the apps produced by a particular publisher were turning out massive amounts of fraudulent impressions. There are industry initiatives, such as TAG, that are taking measures, such as producing hosting provider blacklists. In time, perhaps such initiatives could be expanded to include mobile app or mobile publisher blacklists.

You list a number of fraud types in your typology; which types of fraud (i.e. click fraud, install fraud, etc – or digging even deeper into the individual types of click fraud, install fraud etc) are particularly prevalent, and why? Can any conclusions be drawn from this?

TK: Fraudsters usually try to understand what KPIs advertisers are looking and optimising for, and then develop an approach to ‘game the system’, which is why this type of fraud is typically linked to the pricing model. For example, if the advertiser is buying video ads for a CPM brand campaign, the fraudsters will try to emulate more views, making the advertiser believe that their videos are shown to more people.

Most of programmatic traffic is run on a CPM basis. With our programmatic media buying platform, DataLift, we are running performance campaigns (i.e. app install campaigns) for our clients, and we’ve noticed a clear drop in fraud levels when campaigns are optimised towards clicks or installs. This is due to the fact that we optimise the campaigns for performance, selecting the best app placements and publishers, thereby reducing the likelihood of impression fraud.

David Sendroff Headshot

David Sendroff, CEO and co-founder, Forensiq

DS: All of these types of fraud are prevalent today, and they will be as long as fraudsters can turn a profit. The commonality is that mobile ad fraud is still a ‘new’ frontier; the methods to detect such fraud are still being developed and documented. For example, ad exchanges such as AppNexus made great strides in detecting and cutting botnet fraud over the past year. MRC is deep in the process of creating a certification for non-human traffic detection. Both actions are shaping the industry, yet neither address mobile ad fraud specifically.

Who is responsible for fraud prevention? Publishers? Advertisers?

TK: There is an increased awareness of the issue, and tolerance towards fraud is rapidly decreasing from all sides of the ecosystem. We believe that every stakeholder of the ad tech ecosystem should be held accountable in the fight against fraud. As a demand-side platform, our advertisers’ interests are most important. However, ad exchanges and supply-side platforms also have their share of responsibility in rooting out fraudulent publishers. The supply players we work and are integrated with are taking measures against fraud, such as immediately banning fraudulent publishers blocking payouts, even retroactively. As for every criminal activity, we will never be able to totally eradicate fraud but, if all parties work together, we can seriously curb it.

DS: Everyone is responsible for preventing ad fraud. We all must share in the commitment to creating a healthier, more stable, advertising ecosystem.

What can advertisers actually do to prevent fraud?

TK: One way for advertisers to help fight fraud is by sharing first-party data in real time with their advertising solution, and in particular post-install events. It is much easier to detect fraud, especially bot traffic, as measuring post-install activity is a great way to determine if the install is genuinely human. As stated above, keeping a close eye on performance metrics, even for CPM-based programmatic campaigns, helps a great deal.

In general, advertisers should work with advertising solutions, be they networks or demand-side focused players, who are transparent and offer fraud-prevention solutions.

DS: To prevent fraud, advertisers must be vigilant at all times. Some practical steps advertisers can take include: getting assurance from publishers that they are not buying third-party traffic and keeping an eye out for suspiciously low pricing; e.g., discounted offers for price-per-volume may be cause for concern. If the price per impression is not going up, then it is possible the value of those impressions is going down due to bot activity. In addition, look out for extremely low conversion rates, as this may also be an indicator of non-human traffic. Overall, the best solution is to enlist a partner capable of picking out fraudulent activity as it happens. While blacklists are a helpful way of identifying apps that are known to be infected, the ecosystem of publishers and sellers is vast and ever-changing, making it impossible for blacklists to be comprehensive in ensuring that every source of traffic is clean.

As investment in mobile advertising continues to increase, the only way to protect that investment is to combat ad fraud head-on. With that in mind, Forensiq is committed to building better protective tools and collaborating with all industry stakeholders to neutralise this threat.

The study claims that RTB enables prevention strategies. Is that not a contradiction, if RTB also shortens the learning curve?

TK: As we mention in the study, RTB has the advantage of ‘listening’ to bid requests before spending any money, detect fraudulent patterns, and thereby enabling prevention instead of ex-post detection. One thing to add is that, once the patterns have been detected, they can then be applied to detect any type of traffic, even non-RTB. In this sense, RTB shortens the learning curve for the whole mobile advertising industry.

DS: RTB gives more decisioning power to advertisers, but this is not to say that the learning curve is shortened. In some ways it is riskier to buy from a programmatic exchange than directly from an established publisher; but with the right data in place, advertisers can make better decisions and increase their reach and campaign effectiveness.

What are your predictions for the future? Will there be more fraudulent traffic?

TK: Fraud will always remain a cat-and-mouse game. However, mentalities are changing fast and many ad tech stakeholders, advertisers first, are becoming more sensitive and less tolerant of fraudulent activity. Moreover, fraud detection and prevention technologies are improving, giving gatekeepers a head start. The shift towards the RTB ecosystem, which enables fraud prevention at the impression level, makes ad fraud decreasingly attractive.

DS: Fraud as we know it will decline and more sophisticated tactics will become more widespread. Tactics to generate fraud, like using scripts in data centers, will become unacceptable and the speed with which bot fraud is generating impressions will have to go down to keep bots under the radar. New vehicles, like ad injection and mobile apps, will rise. This is an area where most anti-fraud vendors are still in the process of formulating detection techniques, especially in mobile. Moving forward, it will be important to consider other types of devices, like home security, smart TVs, etc, part of the IoT, which is a prime target for future exploits.

Comments


  • Jean Plaid

    Great post, thanks.
    How would Ad Injection work on mobile devices though? Isn’t that only relevant to desktops?