Ad fraud is on the rise, and marketers should do their part to prevent it rather than rely on third party ad fraud detectors.
Dr. Augustine Fou, cybersecurity and anti-ad fraud consultant and researcher led the recent CMO Club virtual roundtable, Digital Ad Fraud: It is at an All-Time High! where he shared his research and insights on digital ad fraud, why it’s notbeing detected, and what marketers can do.
With the evolution of programmatic digital marketing over the past few years, Fou said fraud has gone up, encompassing everything from bots to click farms.
“With the automation of media buying, it’s allowed the bad guys to automate the committing of the fraud,” he said, adding this has allowed them to scale up their operations and steal more money.
Ad Fraud: What it is and why it’s bad
Ad Fraud equalized impressions caused by bots, and not shown to humans, Fou said. Bots are used to repeatedly load web pages, causing more and more ad impressions, yet none of those impressions are shown to humans.
“They’re of no use to you the marketer, because you’re not even going to achieve branding, let alone any kind of performance goals from it,” he said.
What’s more, ads can end up on less than savory websites, which impacts brand safety. And, for the publisher selling legitimate ad space, it means lost revenue in an industry that’s already struggling, he said.
At the same time, those committing ad fraud are making big profits.
“Fraud is rampant and lucrative, but I won’t put a number on it because I’m only seeing a slice,” he said.
That said, the spend on digital advertising in the U.S. is expected to pass $100 billion, and all of those dollars are subject to ad fraud, he said.” Ad fraud is basically the bad guys ATM,” Fou said.
Today’s CMO may think ad fraud isn’t his or her problem, because fraud detection firms give us reassurances. But the reality is, fraud is there, it’s just not being detected. We’re up against skilled hackers and cyber criminals who are very good at getting by without being detected.
B2C Marketers’ Anti-Fraud Playbook
Marketers need to take a detailed look at their own analytics to work to prevent ad fraud, Fou said.
- Ask for line item details. If you only see aggregate numbers on a monthly or daily basis, you’re not going to see fraud as easily, he said. For example, when an ad slot opens up, the site will announce it’s open for bidding, and the algorithms that represent ad buyers will bid, with someone winning. Win rates are usually about 10 percent, Fou said. If you’re seeing win rates of 90 percent, something is wrong. Legitimate publishers can’t let every site win. Marketers can turn off that fraudulent website and not buy from it anymore.
- Examine bids won vs ad impressions served. For each bid won, an ad impression should be served. Look for discrepancies. Compare your DSP reports for bids won, by domain, to your ad server reports, by domain, Fou said. Look for data discrepancies where the impressions served is far lower than the bids won, by domain. Identify domains that have greater than 10 percent discrepancy and study them further; then turn them off if you agree it is fraud.
- Look at your ad serving volume by hour. Be sure quantities on your ad server report are reported by hour, and look at whether all of the volume is spent in the first hour or during sleeping hours. If that’s taking place, you have no impressions left for the day and your budget is wasted, he said.
Fou also provided some suggestions on questions to ask your fraud detection vendors, including, do they differentiate between in-ad measurement and on-site measurement; do they measure for humans; and do they check for other fraud, and if so, how?
Anti-fraud tips for B2B Marketers
For B2B marketers, where segments of the budget can be based on paying for clicks, there are other red flags to look out for.
- Run detailed reports by domain. Examine your campaign reports, with details by domain to look for click-through rates that are 100 percent, then identify the sites that exhibit these abnormal click-through rates and turn them off in the campaign interface, Fou said.
- Be on the lookout for abnormal data consistency. When analytics are too consistent, something is suspicious, he said. Examine hourly analytics reports, such as Google Analytics and ad server reports, to see if select parameters look too similar across multiple domains,, for example, the same pages/session, ultra-low bounce rates, or 99% Android visits.
- Zero conversion sources. Within your own analytics reports, select metrics that are not quantity metrics easily faked by bots, and look for large volume sites/referrers that yield zero conversions. Identify sites that show zero conversions; pause or turn off ad spend and see if there is any change to overall conversions or conversion rate. If no change, then leave off, because this means it wasn’t driving anything anyway, Fou said.
In closing, Fou emphasized that it’s important for marketers to take control and find ways to prevent ad fraud themselves.
“Hopefully this has given you a glimpse of what marketers can do for themselves,” he said. What ad fraud is, how you can detect it in your own analytics so that you’re less reliant on third party fraud detection, and examples of actions you can take to prevent the fraud while your campaign is still running, and not try to get your money back afterwards.