Due to the flurry of follow-up questions to last week’s article on the Blind Spots of Fraud Detection, Dr Augustine Fou, ad fraud and cybersecurity researcher, shares in this piece ‘plays’ that marketers can run themselves to reduce ad fraud while their campaigns are still running – this means fewer dollars going to cyber criminals and more dollars going towards ads that are shown to humans. As Dr Fou explains, this is far better than using fraud detection reports to try to get your money refunded afterwards.
The following ‘plays’ can be run with marketers’ own analytics and media buying reports. The objective is to identify websites and apps (also referred to as publishers or sellers) who are cheating – committing fraud – by finding anomalies or strange artifacts in the analytics. Trust your gut. If something looks strange or too-good-to-be-true, then investigate it further. Then decide whether you want to buy from these cheaters any more and turn them off in your media buying campaign interfaces. Once these are turned off, then the rest of your media dollars go towards better sites and apps so the overall effectiveness of your campaigns goes up.
Brand (B2C) marketers’ ‘Anti-Ad-Fraud Playbook’ excerpts
For brand marketers who are looking for reach and frequency, and using digital display and video ads to accomplish this, you should look at the following. 1) bids won versus ads served by domain or app; and 2) ad serving volume by hour and domain.
1. Bids won versus ads served – In digital programmatic of all kinds (exchange, network, PMP, direct buys, etc.) each impression is auctioned. When an available ad slot opens up, the seller asks for bids from buyers and then selects a winning bid. For each bid won, there should be an ad served. This should be a 1-to-1 relationship. But often it is not – i.e. some discrepancies can be huge. For legitimate publishers, the discrepancies are small; but for fraudulent sites and apps the discrepancy between bids won and ads served can be up to 100% – i.e. NO ads are even served.
We’re not even saying if this is fraud or not. But something is certainly wrong here. The question is whether you want to continue to buy from these domains, where you are paying for bids won, but your ads are not even served. So you can run this “play,” make sure you ask for domain or sellerID based reports from both your DSP and your ad server in order to do this domain by domain comparison. The ones that have greater than 10% discrepancy should be investigated and/or turned off at your discretion.
2. Ad serving volume by hour and domain – Another thing to look at is ad serving reports by hour. The key here is to see when your ads are being served and if those times match when humans are awake and going online and using their mobile devices. In the following hourly chart, you will notice that the green volume bars at the bottom show that all of the volume is blown out by the first hour of the day (the midnight hour) and there are no more ad impressions left to run for the rest of the day. In the right side of the chart, most of the volume is used up between midnight and 4am, again with none left for normal waking hours.
Again, without saying if this is fraud or not, do you think this is an optimal allocation of your ad impressions, when few humans are likely to be awake? Right. Identify the exchanges and sellers where this is happening and decide whether you want to keep paying them. If not, turn them off in your campaign interfaces.
Performance (B2B) marketers’ ‘Anti-Ad-Fraud Playbook’ excerpts
Some marketers are optimised for performance already and no longer buy media on a CPM basis. These performance marketers pay for clicks or outcomes. But they too are not immune to ad fraud. As is better known now (with the FBI arrests of several cybercriminals), fraud bots can be very advanced – i.e. they can click on things, scroll the page up and down, and create fake mouse movements and touches too. So even though B2B marketers only pay when they get clicks, those clicks could be faked by the fraudsters to earn the CPC revenue. What can you do about it?
1. Abnormally high click-through-rates (CTRs) – Get line item details in your campaign reports and look for abnormally high click rates by domain or app. For example, 100% CTRs. Humans are just not that interested in your ad; but fraud bots that make money for each click will definitely click on it. Global averages for paid search ad click through rates are in the 1% range.
To run this play, marketers should be sure to get line item details in their analytics reports. Otherwise, all of this obvious fraud will be hidden in averages – and continue eating up your budgets. When you get this level of detail in your reports, you will see which domains and apps are committing fraud so you can turn them off in your campaign interface.
2. Abnormal data consistency – When something is too consistent, something is wrong. For example, sites that have 100% Android users or 100% iPhone users. Real humans visiting sites will use different devices so there should be a mix. Humans don’t coordinate with each other when visiting websites; they don’t move that way; but it is easy for an entire botnet to follow the exact same instructions.
Here are examples you look for in your own website analytics. In the figure below, looking at the traffic coming from the top 4 referring sites, you will notice that the pages per session are almost identical across all four, the bounce rates are also abnormally low and similar to each other, and the visits are almost all Android devices. And the daily fluctuations in the time series chart are also nearly identical, even though the volumes are different — i.e. the shape of the curves of he 4 coloured lines are the same. Do you think the audiences of four entirely different sites could coordinate their visits to your site every hour of every day? Of course, human audiences don’t. But again this is easy for botnets.
So the question is whether you would continue buying or placing ads on these sites.
In conclusion, do it yourself
Bad guys have had it so easy for so long when it comes to committing ad fraud and getting away with it, that they are literally ‘asleep at the wheel’. The data presented above are examples from campaigns where fraud detection tech was already in use. But as you can see, there are still artifacts in the data that don’t make any sense and could not possibly be real. This is your window of opportunity to find the fraud and beat them at their game; or at least make them work harder to steal your budgets.
As marketers, you can run these “plays” from the playbook to reduce ad fraud. You don’t need specialised fraud detection technology to detect it. If you insist on the right reports, and get the right level of detail (e.g. hourly, by domain, etc.), you will be able to see the fraud and mitigate it yourself. You also don’t need specialised tech to mitigate it — you can manually turn off the most suspicious sites and apps in your own campaign interface.