Supply Chain Transparency Should Have a Buy-Side Twin

Computer Security

Advertising fraud has for a long time cast a shadow over the ad- and martech ecosystem, compromising everything from brand safety to industry finances, with estimates suggesting an annual loss of USD$44bn (£33.6bn) by 2022.

Writing exclusively for ExchangeWire, Michael McNeeley (pictured below), vice president product, demand and UI at Index Exchange discusses progress in the fight against fraud on the sell side, and how this can be replicated on the buy side to combat malicious actors.

Over the past five years, players throughout digital advertising have collaborated to reduce the impact of ad fraud in our ecosystem. We’ve deployed (or are in the process of deploying) everything from sophisticated bot filters to complete supply-path declarations, to cryptographically-signed impressions. It’s been a pretty impressive journey thus far. And, of course, there’s ads.txt, which has arguably been the easiest, most effective means of domain and app self-declaration.

You remember ads.txt, right? The simple text file heard ‘round the world, allowing publishers to declare which exchange seats are authorised to sell their domains’ inventory, giving anyone in our ecosystem the ability to verify relationships.

While not perfect, ads.txt made it substantially more difficult to falsify domains and trick advertisers into believing a sketchy website is a renowned publisher. It also started to hold exchanges to a greater degree of accountability, padding our industry with some much-needed spoof-proof armour.

The war against fraud on the sell side is certainly not over, but in some formats — like display and video — we’re making more progress than ever before. We’re seeing ads.txt being applied to mobile and concepts like public disclosure being pulled into new initiatives from the IAB Tech Lab, like Sellers.json and OpenRTB SupplyChain.

McNeeley Headshot

Michael McNeeley, Vice President Product, Demand & UI at Index Exchange

But we’ve been focusing on just one half of the equation. We have been exclusively focused on bringing transparency to the supply chain, but we still have big gaps and attack vectors that can come by way of buyers and the contents of their bids.

Bad ads and bad actors continue to plague the internet, with auto-directing creative and malware harming our users’ experiences, as malicious advertisers steal their information to fuel fake traffic on the sell-side. Think: Retail ads that quickly redirect and exclaim: “Congratulations! You’ve won a free gift card! Click ‘OK’ to claim your prize!” Even Amazon’s had to deal with these bad actors.

We should start asking questions like, How can we make sure this bid belongs to a real advertiser? How can we verify that advertiser actually uses the DSP that placed the bid? Which advertisers is this DSP actually working with? How can exchanges and DSPs make the distinction between what’s legitimate and what’s not?

Let’s say we borrowed the simple concept of ads.txt and gave advertisers the opportunity to declare to the world who is allowed to buy on their behalf, while also allowing DSPs to communicate who their customers and clients are. Today, it’s all too simple for a self-serve DSP to enable a seat holder to declare an advertiser’s domain and masquerade as that marketer. If an ads.txt-like lookup was available, the exchange could immediately disqualify the bid, and prevent any attempts to spoof their identity, and ultimately violate their trade mark.

This may only protect from one breed of malicious advertising, but it would be an incredibly easy way to verify that an advertiser is who they say they are. No one should be able to spoof a reputable brand.

We all hate bad ads and yearn for a smoother web experience. So let’s do it — let’s take any and all steps needed to create an online environment that doesn’t yank readers from a great article and drop them into a random website. Whether we use simple ads.txt-esque solutions, so legitimate advertisers can make harmful advertisers easy to spot, or create something new entirely, I hope we can take the collaborative discussions we’ve had on the sell-side and apply our efforts to eliminate bad practices across the entire ecosystem, both buy and sell.