Ad Fraud Cannot Be Overcome By Certifications
Thoughts from the MetaX Team
The digital advertising industry is a big fan of programs and certifications endorsed by entities like TAG and the IAB which allow participants to complete courses or audits to declare themselves “certified against fraud.”
It’s easy to see why; facing down a problem as subterraneous and technical as ad fraud is daunting. Subsequently, covering up the dirty work that would be required to really clean up the industry with a certification badge that can be slapped onto a website is an all-too-tempting ‘solution’.
But ad fraud is not a surface-level problem. It requires deep technical knowledge or at the very least a willingness to honestly confront the data head-on.
This is not to doubt the morale of organizations like the Trustworthy Accountability Group (TAG), the American Association of Advertising Agencies (4A’s), Association of National Advertisers (ANA), and Interactive Advertising Bureau (IAB) — whose intentions are good. And we shouldn’t say they aren’t moving the needle at all when it comes to combating ad fraud. If we are to take their studies at face value then they are doing a remarkable job — “84% LESS FRAUD IN TAG CERTIFIED DISTRIBUTION CHANNELS” — according to this one.
But ad fraud is a complex technical mire and untangling it requires matching the technical chops of the fraudsters pound for pound. A seal of approval declaring an entity is ‘ad fraud-free’ is about as effective as waving a flag outside of your home and declaring it to be a sovereign nation.
The IAB defines an impression as a “Measurement of responses from a web server to a page request from the user browser”. If you can dress-up those measurement responses to look identical to the responses generated when a real human visits a page, you have just graduated from Ad Fraud 101. If you can obfuscate the paper trail through legitimate business entities or shell companies to collect payment for those “measurement responses,” then you have just graduated and received your Ad Fraud degree; a degree that pays handsomely we might add.
The 3ve attack, for example,“… involved 1.7 million computers infected with malware, over 80 servers in generating fake internet traffic, more than 10,000 counterfeit websites to impersonate legitimate web publishers, and over 60,000 accounts selling ad inventory via more than one million compromised IP addresses to generate 3 to 12 billion of daily ad bid requests at its peak.”
This is hardly something a certification or seal of approval could have prevented. It was the laborious and tedious investigative work of the FBI, Google, White Ops, and cybersecurity experts to uncover hard data using forensic analyses that exposed 3ve once and for all.
But certifications and programs can take on a life of their own. If everyone is doing something to virtue signal that they are “in the club,” then it perpetuates the social phenomenon and creates a strong incentive to join. You don’t want to be seen as the participant that is lagging behind, “the non-accredited one”, so to speak.
This type of herd mentality is useful on the Serengeti but we aren’t so sure it matters much on the grand savanna of ad fraud. That is because ad fraud is not a predatory lion looking to pick off weak members of the group (that is something the industry does to itself when it starts pointing the finger and ousting anyone who isn’t sporting a seal of approval on their company website.) Ad fraud is much more analogous to the crocodiles lurking underneath the surface of the Nile, the entire herd has to get across to the other side and everyone is an equal opportunity target regardless of the rank and file or the certification they have stamped on their backs.
Perhaps it is time to scrutinize the accreditations more closely as ad fraud is still a multi-billion dollar problem continuing to spread and impact legitimate businesses. In other words, the time and effort that we are collectively spending as an industry to receive a certification could be better spent on building technological solutions to answer the industries most dire questions, such as, “how can we truly stop ad fraud on a fundamental level?”
Our fraud detection solution — adChain Audits — employs real human auditors assigned to every campaign and machine learning that analyzes over 300 data points for every impression. We give our clients access to all of this data so they can grow and learn from the process. As they learn and teach others in their org, the fraud declines. It’s the old mantra of ‘teach a man to fish’.
Our clients don’t have to trust certifications or take anything at face value - they are responsible for their own safety. adChain Audits allows media buyers and their agencies access to audit their own campaigns, allowing for maximum discretion when it comes to redistributing campaign spend to healthy and human channels and away from the fraudulent mire that they are ordinarily subject to when buying through exchanges.
The Audits platform effectively serves up signs that are clearly posted which tell the buyers to “WATCH IT!” because ad fraud is lurking; beyond that, the signs clearly illuminate fraudulent channels via recommendations for the media buyer to avoid. Buyers can have confidence when looking at the evidence in the reports we provide to truly understand what is fraud and what is not. As a result of the transparency, buyers can take the appropriate actions to navigate spend away from these channels and mitigate wasted spend altogether.
Certifications and guidelines are a start but they won’t get us across the finish line. It is going to take more than that to win the fight against ad fraud. Let’s use technology to build bridges so that we don’t have to swim in the crocodile-infested waters of ad fraud any longer.
