Digital Ad Fraud

50 %
50 %
Information about Digital Ad Fraud

Published on February 27, 2014

Author: Integralads



A look into a prevalent but growing problem in the Digital advertising space. What is Digital Fraud?

Digital Fraud What’s all the fuss about? 1

An Advertising Industry Epidemic: Everyone is affected Fraudulent Impressions: Exchanges: 25% Bid Requests: 30% Networks: 20% Total Advertising: 15% Publisher Direct: 2% In 2013 over $6 billion dollars were pocketed by fraudsters! Source: Integral Ad Science based on ~80 bn impressions/month 2

Fraud: Why Does It Take Place? 1.  Supply and Demand 2. Poorly defined success metrics: Eyeballs (CPM) Action taken (CPC, CPA) 3. Because it’s cheap and easy for hackers Simple economics: Supply and Demand 3 3

Back To The Basics Digital Fraud Dictionary Click fraud noun ˈklik frȯd imitation of legitimate click-through events on advertisements with no interest in link target Impression fraud noun ˈim-ˈpre-shəәn frȯd 1. imitation of legitimate impression views with no interest in ad content. 2. Solicitation of impressions with no opportunity to be viewed by a human Bots noun ˈbäts a device or piece of software that can execute commands, reply to messages, or perform routine tasks, or perform routine tasks with minimum human intervention Illegal bots noun (ˌ)i(l)-ˈlē-gəәlˈbäts computers that are compromised and whose security defenses have been breached and control conceded to a third party Botnet: noun ˈbät net a collection of bots communicating with command centers in order to perform tasks What fraud is not: •  Web crawlers •  Poor viewability; below the fold •  Collisions •  In-banner, autoplay, muted video Pixel stuffing: noun ˈpik-səәl ˈstəә-fiŋ stuffing an entire ad-supported site into a 1x1 pixel Ad stacking: noun ˈad ˈsta-kiŋ placing multiple ads on top of each other in a single ad placement 4 4

Who Are The Participants? Profile Hacker: Botnet Operator: Sex: Male Sex: Male Age:18-35 Location: Eastern Europe, Asia Background: Good computer skills Age: 34+ Typical Infected Computer Owner: Technologically challenged Location: Eastern Europe Owns a dated computer and software Characteristics: Disregard of the law, confident, driven by money Suburban, rural, household without kids Unlikely to own a smart phone/tablet 5 5

How Does It Work? Follow the bot Once upon a time Joe Schmo turned on his computer and installed At that very moment a Trojan downloaded and installed a bot engine on Joe’s computer, and Joe didn’t even know about it! Later that day, unbeknown to Joe, the bot communicating with a botnet center. which sequence a cleanup software. engine started Joe’s bot was instructed on which sites to visit, in and at what frequency. According to instruction, Joe’s bot activated and performed the script assigned by the botnet center through visiting high value audience sites to profile Joe as an ideal candidate for advertisers. The bot was also instructed to go to sites that sell bot traffic that generate millions of fraudulent ads. Meanwhile, the botnet operator sat back and counted his money, and Joe…well he didn’t read this story. And they all lived happily ever after. 6 6

Heat Map See the action 7 7

So What Can We Do About It? Fighting Back Policing – FBI or private companies Pros: Bringing the criminals to justice Cons: Inefficient and ineffective – every botnet that is shut down is soon replaced by a new one Technology – The only way to cut the flow of cash Black lists – When fraud is detected a site is added to a blacklist Pros: Reactively shuts down supply to fraudsters Cons: Lists are not updated frequently Impression level detection and prevention Pros: Proactively shuts down supply to fraudsters Detection at the impression level allows for scale Dynamic 8 8

How Is Fraud Detected? First we look at behavioral patterns We flag the following non-human signals: Cookies that are deleted at the end of activity cycle Intense activity Reoccurring activities patterns/levels At this point: some bots are detected, others are able to go undetected Behavioral Pattern Next – we look at each impression •  •  •  •  •  •  •  Signals that are atypical for a human Density of page loads Density of page visits Atypical distribution of browsers Browser spoofing Conflicting measurement results Was the impression traded in a suspicious way Cross-validate all of the above and determine validity of signals and patterns 9 Bot …or not 9

So Who Is To Blame? Guilty: Innocent bystanders: Botnet operators Legitimate advertisers and publishers Those who knowingly buy/sell bot traffic 1 0 10

How Is The Industry Dealing With Fraud? Passive Pretend the problem Knowingly or unknowingly buy and sell bot traffic doesn’t exist Proactive Partially address the problem: Able to eliminate •  Use a subpar solution some of the bot traffic •  Run the technology only on part of the inventory Are serious about fraud: Eliminate all bot traffic •  Use cutting edge technology to vet 100% of inventory 1 1 11

The Integral Ad Science Solution Proactively Block Fraud 1 2 Benefits: –  Proactively block fraud before the ad is served –  Dynamic data used to cross reference fraud signals –  Not relying on outdated, rarely updated black lists –  Pre-bid fraud solution prevents bidding on fraudulent inventory 12


Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...