In his latest exclusive piece for ExchangeWire, Dr Augustine Fou, ad fraud and cybersecurity researcher, explains why ad fraud hasn’t been solved yet. And it’s down to every industry stakeholder.
Ad fraud is solved. Or so claims a trade body that tweeted it has “a monumental breakthrough on a method that can cut online fraud by more than 83%” (2017) and they can “reduce fraud by more than 94%” (2019). Another trade body thinks that fraud in mobile is “virtually non-existent”. So everyone should take a chill pill and just keep buying digital ads – as much as possible.
Except that ad fraud isn’t solved. On the contrary, it is at its highest level ever, both in absolute dollars and in rate – percent of impressions that are fraudulent. Don’t take my word for it; look at your own data and analytics for things that simply don’t make sense. I’ve outlined a few things to look for in this playbook.
And look at these ‘biggest ever’ botnet discoveries year, after year, after year. We are up against hackers whose job it is to hack your defences and cover their tracks, so they can keep making tons of money by stealing from your ad budgets. Do you think there’s no fraud just because you can’t see it or that there won’t be yet another ‘biggest ever’ fraud scheme this year and for years to come?
So, why hasn’t ad fraud been solved yet? There are countless committees, working groups, transparency watchdogs, trade organisations, standards-setting bodies, accredited fraud-detection technology companies, etc. Ad fraud hasn’t been solved because most parties in the current ad-tech ecosystem don’t want to. Think about it, in the early days of the internet, there were buyers and sellers – marketers who bought ad impressions and publishers who had ‘inventory’ to sell. Over the years, more and more middlemen have inserted themselves between buyers and sellers and every single one of them are companies out to maximise their own profits – i.e. extract as much value as possible from the supply chain. So there are inherent conflicts of interest and deeply rooted incentives to keep this money-making machine going.
What follows are not indictments of any individual company or person, but the exposing of some of the hidden motives of which most are not aware. I should note too that there are individual people, working in companies, who are trying to do the right thing to reduce ad fraud, but who are not allowed to expose the fraud they see or take action to stop it. Here’s why different parties in the supply chain would prefer ad fraud to continue rather than reduce or solve it.
These parties can increase their own revenue by increasing traffic to their sites, increasing video views, increasing time spent with their apps, etc. Conveniently, there are many sellers of all these things, some that even claim to sell ‘clean’ or ‘valid’ traffic. Hmm, I wonder why they have to claim that the traffic is valid? Perhaps there simply aren’t a whole bunch of humans sitting around with nothing to do but to go to those specific sites, view those specific videos, or use those particular apps. So most, if not all, of this is manufactured, not actual humans viewing ads – i.e. fraud. Unfortunately, there are also fraud-detection tech companies that can’t detect the fraud, so the traffic is marked as ‘valid’. But remember, ‘valid’ does not mean it was a human. And then there are sellers that are outright fraudulent – they set up fake sites or apps, stick ad tech on them to run ads, and buy all fake traffic and users. They have every motive to keep fraud going, to make more money for as long as possible.
These parties are paid by marketers to buy their digital media. Agencies make more money when larger budgets are given to them to spend. So they want more impressions to buy, not fewer, so they can spend more of their clients’ budgets. I have also seen agencies use flawed fraud-detection tech (from their own holding company) that incorrectly shows very high levels of fraud, to extort refunds from publishers. They keep the refund for themselves, instead of passing it back to their client – they want fraud to continue so they get more profits. And agency holding companies set up trading desks and forced all their agencies to use them, so they could rip off their own clients – they give the clients some nominal discounts on media, but buy the same media for far cheaper on open exchanges, without telling the client – i.e. arbitraging the difference to keep as their own profits.
These parties are the marketplace for trading between buyers and sellers and they make more money the more impressions that pass through their system. So they have every incentive to maximise this ‘flow’ and minimise anything that would jeopardise that – i.e. finding ad fraud and having to kick out the offending sites and apps. Of course they are all aware of fraud and may even be ‘looking into it’. But the fact that exchanges are not even blocking data centres, and have nothing in their software that allows their clients to do this, reveals their true intentions. Many are not even blocking the bots that tell them they are bots, unless and until clients insist on it.
These companies may have started with good intentions. But don’t let those good intentions get in the way of revenue and growth; just sell, sell, sell. In fact, media buyers tend to select fraud-detection companies that tend to find more fraud because it helps them get bigger refunds on their media, lowering the average costs. Sellers, on the other hand, tend to select different fraud-detection tech that tends to find less fraud; because that helps them defend against refunds and make-goods. Neither ever ask about the accuracy of the measurements. Shocking! Then there are those outright fraudulent sellers, they love that the fraud-detection tech keeps labelling everything as ‘valid’, so they can keep selling too.
These companies have enabled ad fraud to flourish and scale like never before, because the bad guys’ cost of entry is practically zero. They don’t even need to buy servers and set up internet hosting; they only need to pay for what they use in the cloud. And folks who create software bots on cloud platforms are paying customers, and there is no law against ad fraud anyway. So, even if cloud platforms could inspect every packet for bot activity, why would they (and reduce their own revenue)? They’d likely take the stance of ISPs back in the 90s when the music industry came to them for help in catching individuals for pirating music. ISPs said it’s not their job and they won’t do it. Same here.
Over the years, procurement departments have increasingly stepped in to help find efficiencies, better vendors, and ultimately lower costs. But procurement teams are putting so much pressure on vendors to buy as many impressions as possible, at the cheapest possible price, that the only way those vendors can deliver is to buy low-cost fraudulent impressions and mix them in. And don’t believe that heinous myth that ‘fraud is priced in’ because of the lower CPMs. When buyers reduced CPMs from USD$30 to USD$3, they also bought 10x more ad impressions. So their overall spending never really went down and they were exposing themselves to more fraud, not less, precisely because they were buying the low-cost stuff. Now they are addicted to low-CPM inventory like crack cocaine. If ad fraud were reduced, there would be less such inventory to buy. Multiple sources have confirmed that they are actively and knowingly buying fraud, because they know it’s cheaper, just to get their clients’ procurement off their backs.
Sadly, even the advertisers/buyers whose budgets are getting stolen have incentive to cover up ad fraud. This is known as FOFO: ‘fear of finding out’ (a term coined by Mike Donahue). Marketers are afraid of finding out there is fraud in their campaigns, so they choose to believe the flaky fraud-detection reports and industry trade bodies that tell them everything is fine. Not only would finding out be embarrassing, it would mean they actually have to do additional work, to clean it up and buy better. There may also be far less ‘ad inventory’ to buy if fraud were actually solved. So, for the many advertising executives whose badge of honour is how much they spent, the continuation of ad fraud is critical to their performance bonuses and even their jobs. Anything that makes it harder for them to ‘spend it all’ is something they don’t want to hear.
Most are cheerleaders for the industry. Indeed, because they make money on membership dues, they must keep their members happy and promote their interests, even if those companies are committing fraud. Some go as far as to set up standards and processes that give the appearance of ‘fraud fighting efforts’, but that are entirely toothless and actually useless because they enable fraud to continue on broad daylight. This is not the only industry where this is true. Think back to the financial crisis of 2008. The watchdog agencies that were supposed to prevent that sort of thing were later revealed to have been complicit, or simply looked the other way, so the parties could continue to operate in broad daylight.
Who thinks that venture capitalists want ad fraud to continue? You should, because those VCs invested in ad-tech companies and are looking for the ‘hockey stick’ growth that allows them to make tons of money and cash out. This so-called ‘hyperscaling’ is just a euphemism for today’s get-rich-quick schemes. In digital, companies can scale even faster, without the constraints of the physical world, because they can just fake everything: users, traffic, engagement, etc. Look at the last 20 years of the ad-supported internet. The numbers of users spending time online, using mobile apps, viewing videos – on top of watching TV, listening to radio, playing games, etc. – has far outstripped the waking hours of the actual humans on planet earth. Humans don’t move quickly enough or dramatically increase their usage enough to support the insane growth rates VCs are looking for. The only thing that scales that fast is ad fraud – bots can hyperscale traffic, video views, app usage, ad impressions, etc. So even VCs would love ad fraud to continue. But note that the first crash was a soap bubble. This one’s a balloon. ‘Pop’ is in its near future.
Since no one in the industry wants to solve fraud, if you care about ad fraud, you have to solve it or reduce it yourself. There is no need to try to solve it for the industry, because no one wants to hear it and everyone wants to maintain the status quo, so they can keep making money.