The stories and examples of digital ad fraud that I’ve seen over the years could fill encyclopedias. The amount of money wasted on it could end world hunger many times over. But those were neither practical nor actionable. So let’s get practical and actionable.
You can’t solve digital ad fraud or even reduce it if you don’t understand what it is or where it’s coming from.
If you’ve learned about ad fraud from trade associations like the ANA (Association of National Advertisers), IAB (Interactive Advertising Bureau), or TAG (Trustworthy Accountability Group), you’re not even in the same forest, let alone the right hiking trail for making progress against ad fraud. They may even have led you to believe that fraud is low and that they solved it through the various initiatives over the years. Those were for “optics purposes” to make sheeple believe they were doing something about ad fraud, so they would keep paying membership dues. In reality, most of those were good ideas, but had little to no effect in the real world. See: Good Ideas, but IRL Not; Trade Associations Fought Fraud, But Accidentally Helped It Get Bigger
Where to Focus the Fight Against Ad Fraud?
Digital ad fraud may seem to be many-faceted and complex. So where do we focus our attention to have the greatest impact? For that, we should study where the bad guys are focusing their attention. The following chart, using data from IAB’s FY 2019 Internet Advertising Report, shows that CPM (impressions) and CPC (clicks) represent 92% of digital ad spending. Display ads, video ads, and search ads on desktop, mobile, and apps are the primary formats of ads in these two buckets. Since the vast majority of the $125 billion in U.S. digital ad spending is concentrated in these two buckets (CPM and CPC), the bad guys are most active here too. By also focusing our attention here, we can have the greatest dollar-value impact when we reduce ad fraud.
What Are the Types of Digital Ad Fraud?
Most marketers think there are dozens of types of ad fraud. They’re not wrong; but often having too many different problems to solve means some will just put off trying. What if I told you there are only two major forms of digital ad fraud? And we can attack both of those directly. Having studied ad fraud continuously for many years, I have a framework (a simple spreadsheet) that groups everything you’ve heard of into two major forms of fraud — CPM and CPC fraud — and many supporting techniques.
See: Fraud Technique and Purpose Matrix (Google Spreadsheet)
CPM (Impressions) and CPC (Clicks) Fraud
If you think about digital ad fraud with this framework, it may help you make sense of a seemingly complex topic. The two largest buckets of ad spend are also the two most common revenue models of digital advertising — CPM (cost per thousand impressions) and CPC (cost per click). The bots that fraudsters deploy do exactly what they need to do to get paid – nothing more, nothing less. If the ads are paid on a cost per thousand basis, the bots focus on generating more ad impressions. If the ads are paid on a cost per click basis, the bots click, so they can get paid. It’s as simple as that.
Techniques Supporting CPM and CPC Fraud
Everything else can be thought of as techniques to 1) amplify quantity, 2) earn higher prices, or 3) cover their tracks. For example, generating larger quantities of ad impressions can be done by reloading webpages, refreshing ad slots, stuffing ads in hidden iframes, using bots from data centers, or using mobile apps that load ads continuously in the background or load webpages that contain ads. Getting paid higher CPMs for ad impressions can be accomplished by pretending to be mainstream sites (domain spoofing), pretending to be iOS devices (advertisers think iOS users are more affluent), passing fake geolocations (advertisers bid higher for ads that have location info), or pretending to be high value audiences like doctors (which pharma companies pay extra to target) or disguising data center traffic (residential proxies), and tricking measurement technology into marking the traffic as valid and viewable when it is actually non-human and non-viewable. Click farms (low wage humans clicking on real devices), click jacking, click injection, and click flooding (hijacking clicks or tricking last-click attribution systems into giving credit to the wrong party) are all in service of CPC fraud.
How Do We Reduce Ad Fraud?
Now that you have a framework for understanding digital ad fraud, we can move on to solutions and techniques to reduce it. Again, you won’t believe me when I tell you these are simple too, and don’t require specialized fraud detection tech. But the fact is, small businesses are doing far better at mitigating and solving ad fraud than major advertisers spending millions through their media agencies. This is because small business owners actually look at the data, some more closely than others; while the biggest advertisers hand off their money for someone else to spend. That disconnect from the real data makes it easy for fraud to slip by unnoticed. I was shocked to learn that advertisers simply get excel spreadsheets from their agencies saying everything is awesome, after spending millions.
Solve Most Fraud by Buying From Good Publishers, Directly
Good mainstream publishers don’t have a bot problem. They have real human audiences because they have real content written by real journalists and editors. These are publishers you have heard of or visit regularly. I call some of them “good” too because they also have good business practices — e.g. they don’t buy traffic, they don’t use Taboola/Outbrain on their sites, and they generally don’t do shenanigans like refresh the ad slots every 5 seconds, or reload the page every 20 seconds. If you buy from these publishers, you won’t be exposed to rampant amounts of ad fraud. And if you buy directly from them you avoid the 50% tax/toll taken by ad tech middlemen and the possibility of fraud coming from fake sites pretending to be those mainstream domains. That is literally it. That’s how you solve most of the ad fraud. You don’t need me and you certainly don’t need to pay for expensive fraud detection tech that doesn’t work anyway.
Oh, you’d get less reach, because your ads are not being sprayed out across 100s of thousands of websites? How much of that “reach” is real, and human? Chase reduced the domains showing its ads from 400,000 to just 5,000 (a 99% decrease) and showed NO change in business outcomes. Oh, you’d pay higher CPMs? Great, because those real publishers deserve it. And you’re buying 1/10 the quantity of impressions so you’ve saved significant dollars in the process too.
Reduce Fraud Yourself with Common Sense
What about the rest of you who are still too timid to buy from real, good publishers? And prefer to continue to buy through programmatic ad exchanges and place your ads on long tail sites? Fine. You can still reduce ad fraud in your campaigns. Think of it as progressive cleaning — kicking out the most egregious domains and apps that are ripping you off. Most marketers cannot stomach the fact that 90% of their exchange-bought ad impressions could be fraudulent. So we just block 5 – 10 domains and apps that are committing the most obvious fraud first. Would you continue to buy ads on a domain that shows 100% Android 9.0.0 traffic? Do you think that is a real site with real human visitors? Would you continue to buy ads on an alarm clock app that is loading the thousands of ad impressions every hour of the day, whether the app or even the phone is in use or not? Common sense will tell you something is screwy; so you block those domains and apps in your buying interface. That’s it. Is this simple or not? You tell me.
CMOs and #marketers, in the span of 1,400 words (6 min read), I’ve told you where to focus the fight against ad fraud, what ad fraud (really) is, and how to solve fraud or reduce it yourself. Your move.
Are you the CMO who wants to believe there is low to no fraud (because the ANA told you so)? Are you the CMO who overpaid for fraud detection tech that detected no fraud? Are you the CMO who bought a ton of quantity and are too embarrassed to tell your boss a good chunk of it could have been fake? Are you the CMO who covers up knowledge and evidence of ad fraud, so you can get through your (short) tenure?
Or, are you the CMO that has the courage to step up, proactively find the fraud, and reduce it, because others (e.g. agency) had not found it before? I hope you are the latter. I am happy to help, if you need.