Over the three years of its existence, Joom advertising department has changed a lot. From a one-man department we came to a serious structure with multiple partnerships with agencies and advertising networks. Once there, we chose another strategy and gave up on some networks in favour of campaigns’ automation on Google and Facebook.
One of the main reasons for this inversion was fraud, i.e. manipulations demonstrating that the partner has achieved advertising KPIs when in fact he hasn’t. We’ll tell you how we were fighting against fraud, building relationships with partners and what we’ve learned.
Chapter 1. We set up partners’ evaluation process and had no worry about fraud at all
We created an internal traffic department in 2017. We had about 20 partners working with Google, Facebook and myTarget. We used to control fraud with the Adjust’s Fraud Prevention Suite. It not only marks “bad” settings, but also blocks them from attribution. We didn’t even need to deduct something from the payments to partners.
The partners’ evaluation and screening system was arranged as follows:
- We receive a letter from a potential advertising partner.
- We contract with him and set a trial period with a CPI model.
- We generate tracking links, give access to statistics and wait for traffic. In some cases we are still waiting.
- We check the quality of traffic. An alarm was raised only if there were more than 80% installs rejected by the anti-fraud system. Keeping this rate at 40% was ok for us as long as we do not pay for fraudulent installs. We thought so.
- According to the results of the test period, there were two options, whether to disconnect the partner or to implement a revenue sharing model.
All this worked if there were no unexpected challenges.
This was our operational model until the end of 2017. Everything went smoothly and by the end of the year we had 80 advertising partners. The revenue sharing model simplified our method of evaluating installs and saved a tremendous amount of time, while Adjust helped a lot with fraud protection.
Chapter 2. We discovered spoofing
At the end of 2017, we noticed some traffic sources with unusual behavior.
Example 1
Situation:
For each install from the USA and Great Britain we paid $ 0.1 on RevShare. It was suspiciously cheap, but there were many installs so it seemed ok. Everything converged with internal analytics.
Reaction:
The source is good, we will scale. Why not if we pay partners only for active users.
Example 2
Situation:
Installs from Germany showed an interesting ratio of purchases on the first day and in the first week. A lot of purchases are made on the first day after installation.
Reaction:
This is probably motivated traffic. We will not scale this as medium-term payback does not live up to our expectations.
Example 3
Situation:
When we looked at the installs in France, we discovered that 100% of purchases are made on the first day and in extremely large volumes.
Reaction:
Something is wrong, but we don’t really understand what is happening. Our partners neither. It would be better to get rid of this traffic.
The explanation was found a month later thanks to a publication on Adjust blog talking about spoofing. Unlike click spamming or click injection, legitimate-looking installs here are created with real device data without the presence of any actual installs.
An installation or purchase is made by deceiving the tracking system. As a result, we see the data in Adjust, we pay for it, but in reality there are no devices for which we paid.
The above mentioned traffic sources are three types of spoofing:
- Fake installs
- Mixed with real fake purchases
- Completely fake purchases
This kind of fraud made us rethink everything we knew or thought we knew. When we came to our senses after realizing the damage, it was time to act.
Here is what we did:
- We gathered internal analytics to reconcile tracking partner data.
- We stopped working with the tracking partners whose data had significant discrepancies with the actual data.
- We began to monitor these discrepancies daily. This allowed us to find several more sources infected with click spoofing.
- We implemented a new version of the Adjust’s SDK, which includes a digital signature that allows you to block click spoofing.
The flow of fake installs and purchases has stopped.
What we’ve learned?
- One tool is not enough to evaluate anything. You should cross-validate and seek confirmation through other sources.
- You should always ask yourself what you really know and why you think you know it.
Chapter 3. We formed an anti-fraud stack
While we were distracted by the fight against spoofing, the average percentage of fraud according to Adjust increased from 10% to 30%.
First, we treated this as an inevitable evil. Yes, there is fraud, but it is filtered, spoofing installs are not attributed to anyone, so it doesn’t matter how many installs are blocked by the tracking provider: now we are certainly protected from fraud.
Then a suspicion crept in: what if that was not the case?
In March 2018, we sent partners our new KPIs. We stopped accepting traffic with more than 20% of rejects (according to Adjust data) and the conversion rate less than 0.5%.
At the same time, we found another anti-fraud partner, Scalarr, working on a completely different model to additionally check the settings missed by Adjust.
In addition, we began to check strange user behavior. This allowed us to find an advertising fraud. For example, when an unscrupulous advertiser orders goods clicking on his own link simulating user activity.
The number of such advertisers has been gradually decreasing and now there are only a few, but we still check the traffic every week.
Thus, we got a set of anti-fraud stack technologies that we still use:
Adjust → Scalarr → Manual checks.
What we’ve learned?
- Cascading multi-level protection is always better than any single-stage protection.
- At each level you always find something that you didn’t know before.
- And from now on, we were completely protected from fraud. Actually, not.
Chapter 4. We got rid of tricky partners
In 2017, we started working with companies that many would call strange. They had a quite bad reputation, but all analyses showed that their traffic was as pure as a baby’s tear. They were able to adapt to tough anti-fraud KPIs and were showing results completely matching with our internal data.
We talked about these partners with anti-fraud companies. Surprisingly, everybody on the market had problems with them, but they were really clean on our traffic. In other words, there was no reason to disconnect such partners, even though we wanted to do so.
And the reason was found.
In August 2018, anti-fraud industry got an important update. Google decided to switch to a referrer API, thus, allowing for the complete eradication of click injections. This technology was also adopted by Adjust.
The partners mentioned above showed 70–80% of fraudulent clicks each. Of course, we had to say goodbye to them.
What we’ve learned?
If the fraud is not visible, this does not mean that there is no fraud. This means that you are using imperfect tools.
Chapter 5. We managed to clear off all the fraud. Well, maybe
By 2019, we turned off the sources with a high rate of monthly rejects as they were generating such poor traffic we refused to pay for it in full. We also thoroughly cleaned the applications in DSP (demand-side platform) sources.
Compared to the summer of 2018, our conversion rate from click to install increased by 8 times, and the percentage of rejected installs decreased by 90%.
Are we protected from fraud now? We’d like to say “yes”, but our experience tells us that we are still not. And never will. There will be new bots, new ways of stealing organic audiences and, probably, fraudsters will come up with something else.
This race will continue as long as digital advertising exists.
From 2017 to 2019, Joom worked with 204 affiliates . Now, we continue to work with only 26 advertising partners. There are only 5 of them not using trusted sources. The rest are agencies that buy traffic from pure sources on Instagram, myTarget, Twitter.
This does not mean that due to fraud we stopped buying traffic from mobile applications. We just chose companies using transparent strategies and whose fraud rates were consistently lower than indicated in our KPIs. We struggled a lot to get there but it was well worth it.
Getting rid of so many frauds in our traffic allowed us to increase the rate on the RevShare model by almost 2 times in the CIS and 1.5 times in Europe compared to the beginning of 2018.
We do not pay anymore for stolen organics or fraudulent installs from Facebook. So credible partners working with us can earn more, even taking into account the ever-increasing CPM.
We developed our anti-fraud strategy from scratch. It was constantly changing under the influence of new knowledge, threats and opportunities. We did not develop a self-written anti-fraud system, nor did we dig into the raw data to find the discrepancy in TTI (Time to Install).
Instead, we found two reliable anti-fraud partners to help us solve problems so we do not need to have a bigger team and do not get mad with fraud.
Let’s talk about your experience in the comments! What are your anti-fraud solutions and what have you learned developing your advertising strategy?
