Traffic Fraud Crisis Forces Spotlight on Digital Marketing

by Samuel Prokop in Fraud
dv563013
Are You Part of the Solution? Or Part of the Problem?

There has been an elephant in the room with the Digital Advertising Industry for some time now.  Recently, the conversation around online traffic fraud has grown from a whisper to a shout – to front-page news: Massive Web Traffic Fraud is Crisis for Digital Advertising Industry.  What began as an article in the Wall Street Journal has multiplied into a series of WSJ articles, with other magazines and newspapers following suit with a litany of articles and a call-to-action to address rampant traffic fraud.

Just the Facts

When we discuss traffic fraud in our industry, we are usually referring to bad bots, specifically click-fraud bots.  But what are they?  A bot is a script or a ‘robot’ that crawls through websites, primarily as a means for search engines such as Google and Bing to find the content on your website and serve it in relevant search results.  A bad bot doesn’t follow rules and has malicious intent – a bad seed, if you will.

Historically, it has been presumed that the vast majority of bad bots originate in countries like Russia and India with inferior internet security.  However, Distil Networks, a web services provider that specializes in anti-bot security, disproves that theory.  In their recent report: The Bad Bot Landscape, countries considered to have cutting-edge internet security like the US, the UK and the Netherlands, top the list. This finding is significant; it demonstrates that blocking traffic based on its country of origin is an ineffective method that bot creators easily bypass. The question isn’t where these are coming from, but rather, how they are being introduced to my traffic streams.

Traffic Fraud: From Dirty Secret to Public Crisis

With over 25% of display advertising attributed to bot fraud and a growing number of Ad Tech companies looking the other way, the million dollar question has to be, ”Are you part of the solution, or part of the problem?” Our industry relies heavily on self-regulation. Relationships with ad exchanges and partners are predicated on the notion that being transparent with traffic sources and traffic acquisition provides a checks-and-balances approach to maintaining quality. But in many instances, this just isn’t happening.

Digiday’s Jack Marshall interviewed a former publishing executive for his article: Confessions of a Fake Web Traffic Buyer.  Under the cloak of anonymity, the publishing executive confessed that he knowingly purchased fraudulent traffic and sold it to advertisers in the past year. He bought dirt-cheap “bot” traffic and profited by passing it on.  Far from being the exception, it was the rule.  It was his former company’s business model, and it doesn’t seem to be an isolated case.  Networks, exchanges and other ad tech companies said nothing, despite having the knowledge that traffic fraud was taking place.  He recalled a major supply-side platform partner pointing out obvious red flags such as the majority of their traffic coming from one operating system or sharing the same user-agent string, and rather than being confronted, he was met with reassurance.  The publishing exec points out, “[they] understood what was going on and were happy to take the money.”  “In theory they maintain the quality of their traffic.  In reality they just turn a blind eye.”

“… fraudulent bot traffic will cost the global display advertising industry
$11.6 billion this year
where do we point fingers?”

The Damage to Digital Advertising

The amount of traffic fraud in Digital Advertising is alarming.  It is unrivaled in any other industry and is leading to a crisis of consumer confidence.  If this were the US Treasury, and we were talking about an influx of counterfeit bills, it might be easier to picture the collateral damage; the flood of counterfeit bills drives down the value of the dollar, consumer confidence shrinks, the economy takes a hit … you get the picture.  The scenario in our industry is not much different.  The collateral damage may not seem as far-reaching, but I assure you, it spans the entire Digital Marketing industry: advertisers, agencies, affiliates, brokers, and networks. Aside from billions in wasted revenue for buyers, partners who find that TOS agreements have been violated, terminate relationships; networks and brokers can be discredited and in many instances, are left holding the bag.   Those who engage in traffic fraud, whether directly or indirectly through an affiliate’s fraudulent activity, will eventually pay the piper – and I hear him warming up.

“.. the smart money is on clean-up.
Incentive or not, change is coming.”

At the IAB’s Annual Leadership Meeting last month, the only subject on everyone’s lips was traffic fraud. From hallways and podiums, to a town hall meeting, the traffic fraud crisis and how to address it took center stage.  When the curtain fell, there was a clear industry mandate to enact swift damage control; a task force was assembled to address the online traffic fraud and clean up of the Ad Tech landscape for the benefit of all upright publishers and advertisers .

I admit, I have a bit of a wait-and-see attitude; skeptical of reform in the Digital Marketing industry until I see it.  Combating traffic fraud costs money, and though there is true value in it, at this time it is a tab primarily picked up by the ad networks, with little incentive.

(pay attention here… )

However, with all of the recent press amplifying the discussion of traffic fraud, a bright light of scrutiny is sure to swing over all of Digital Marketing very soon.  Traffic fraud undermines the self-regulation standard of our industry.  In layman’s terms, it shows that we cannot police ourselves, can’t be trusted – and invites government intervention.  And nothing screams government regulation like a bunch of unruly ad marketers (see CAN-SPAM Act of 2003 or Enron scandal circa 2001).

“[ad buyers should be asking] .. Where are ads placed?  Where will they run?  Who are partners and what do they do?”

Click Forensics 101

It is useful to know that there are 4 general bad bot types, designed to carry out varying types of malicious behavior: scraper bots, hacker bots, spam bots, but it is the 4th, the click-fraud bot that is relevant to our traffic fraud discussion.  They mimic human behavior, mechanically clicking links and producing false ad impressions/clicks.  Whether mixed with legitimate traffic to seemingly “pad” results, or run en mass to ensure buyers meet or exceed their budget, they are destructive to all areas of online advertising.

The first step to safeguard your organization is to know who you’re working with. Pay close attention to the reputation of individual affiliates as well as publishers. Never neglect this, as affiliates who have multiple terminations result in a lower approval rating and represent a risk to you.  Know your traffic partner(s): Insist that partners disclose traffic sources, especially if acquired by a third party.

Bot traffic that mimics human behavior is difficult to distinguish.  There is no magic bullet to effectively eradicate fraudulent traffic, without blocking legitimate users.  However, examining the following red flags, especially in conjunction with one another, is the most effective means of identifying fraudulent traffic:

  • Bots should follow the rules that you place in a robot.txt file, which requires a valid user-agent string, indicates how frequently page requests are allowed, which directories are accessible, etc.  Bad bots typically ignore robot.txt rules.
  • When examining analytics, take note of spikes in impressions/clicks.
  • Take note of spikes in impressions/clicks which aren’t accompanied by any increase in conversions.
  • Take note of any drop in the number of page views during peaks of impressions/clicks.
  • Take note of a higher bounce rate (user returning to search results) occurring during spikes of impressions/clicks.
  • Look for patterns or large groups of clicks that share attributes such as IP address, time of day, browser version (especially if outdated), and user-agent string.

While the Digital Marketing industry is projected to grow considerably, with organizations like Facebook and Amazon increasing their budgets for online ad spend, it is an industry still struggling for credibility.  The writing is on the wall, from an industry-wide mandate and IAB task force, to Google’s acquisition of spider.io – change is coming.

Decision-makers in Ad Tech are drawing a line in the sand and sounding off; blasting participants of click fraud and demanding reform. Ted Dhanik, CEO of Engage:BDR, an online ad tech company, was featured in Ad Age earlier this week with an article which clearly illustrates the growing frustration in our industry. Networks and brokers who have failed to foster mutually beneficial relationships with brands and advertisers, or failed to cultivate quality affiliates will likely start to feel the burn as regulations are imposed and a shift to secure media becomes the rule.

[Ted Dhanik on Click Fraud crisis] “Today, we cannot pin individual brands on click fraud or prosecute it yet. So, let’s take the fairest approach to the problem: Let’s assume that we are all responsible for click fraud, and let’s talk about how to eliminate it.” – Nicely put.

Tagged with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,