Ad fraud is one of the fastest growing cybersecurity issues in the world today. 2019 data showed that ad fraud is now costing advertisers between $23 Billion to $30 Billion a year and is expected to surpass the $50 Billion mark by 2022. A 2020 study by fraud expert professor Roberto Cavazos of the University of Baltimore suggested that 14% of all ad clicks are non-human, fraudulent or just completely invalid. For obvious reasons, this criminal activity continues to grow as it is a high-reward low-risk endeavor for hackers and fraudsters. Another reason the problem is spiraling out of control, is the fact the traditional legacy ad fraud and click fraud prevention companies are essentially AdTech companies, who lack cybersecurity expertise. In this blog, we’ll detail the 3 key failures of legacy ad fraud / click fraud prevention and explain how cybersecurity is being utilized effectively to replace these dated practices.
1. Impression sampling | Using probabilistic methods over deterministic methods
Before we even touch on the quality of ad fraud analysis out there, it is absolutely crucial to understand that many vendors don’t even examine all of their clients’ incoming traffic. In fact, they don’t even analyze most of it. Many companies will only take a small sample of the impressions (as little as 1%- 5%) and perform their analysis on that sample. From this analysis, they will derive an estimated fraud rate and report back to the client. From a cybersecurity perspective, this is a very bad practice leading to highly inaccurate results. After all, this is not an election poll. Ad fraud and click fraud are highly volatile activities, differing vastly between different geos, devices, browsers, times and even dates. For example, ad fraud typically rises around the end of the quarter, while advertisers are looking to more actively spend their budgets and ensure there is no surplus. Different devices attract different levels of attention from fraudsters, as an iPhone is often viewed as a more lucrative target, commanding higher CPMs. Even the time of day during which you take your sample matters, as some activities tend to spike late at night rather than during peak daytime hours. The problem with sampling, is that it is almost impossible to build a sample that assigns accurate weight to each one of these factors, making most samples completely irrelevant and out-of-touch. When CHEQ entered the space, we brought with us one of the most common principals in cybersecurity and bot mitigation – Check every impression, every time. Why do many vendors avoid this? Because they lack the technology to accurately analyze users at scale and in absolute real time, within the real-time-bidding protocol of 120ms. This is exactly why it is important to entrust your ad fraud and click fraud prevention to a real cybersecurity company, not an AdTech company.
2. IP blacklists | Blocking based on procured IP lists, rather than real user analysis
3. Zero Transparency | Ad fraud detection and prevention is a complete black box
Finally, there is an issue of trust, as ad fraud prevention vendors typically operate as a complete black box. One thing any advertiser should be privy to, is the data and reasoning behind the blocking. When you entrust your traffic in the hands of a 3rdparty vendor, giving authority to block users they deem invalid, you should have maximum transparency into that process, without of course divulging the actual filtration techniques. Yet legacy ad fraud / click fraud prevention vendors do not disclose any of this information to their clients. When a vendor tells you that 10% of your traffic was invalid, you just have to take their word for it. Was it higher and the missed a ton of fraud? Was it actually lower and they’ve been accidently blocking real authentic users? Without transparency, these questions remain unanswered and the client is left in the dark. We realized at CHEQ that transparency is everything, so we built all of our products with this principal in mind. We let our clients download raw, log-level data directly from the platform, so that they may vet our decision making externally. We provide granular and detailed fraud reasoning behind every single blocked user, to make sure the client understands why we blocked certain users. This is crucial in building trust around such a sensitive topic.
Ultimately, it’s all about technology. To ad fraud and click fraud prevention properly, you need a vendor with real cybersecurity and bot mitigation expertise, not an AdTech company that runs IP blacklists. With the technological accuracy comes the transparency, as companies who are doing a good job, typically don’t mind sharing data and showing the clients how they operate.