• by Colin Jeavons , May 14, 2013

Online advertising's days of Wild West-like lawlessness will soon come to an end as new validation technology, human vigilance and the improved security of smart devices are coalescing to significantly reduce the risk of click fraud that is impacting digital campaigns.

Click fraud became a costly and pervasive problem as advertising networks evolved from bootstrapped operations into multibillion-dollar businesses. Most fraudulent clicks can be attributed to a few bad actors that disingenuously register as advertising network affiliates or portray themselves as publishers. Fraudsters can make lucrative returns by utilizing botnets -- large groups of malware-infected desktop PCs -- to generate clicks. This charade has cost stakeholders untold millions.

There have been many well-publicized instances. Security researchers at Spider.Io found that a botnet called “Chameleon” had infected over 120,000 desktops in the U.S. and could net over U.S. $6 million in a single month. Last year, SophosLabs determined that ZeroAccess, another bogus botnet, was generating over $3 million per month. ZeroAccess infected over nine million PCs worldwide during its lifespan, the SophosLabs researchers found. Facebook also recently had to refund enraged advertisers after it discovered that a massive fraud campaign was targeting its network.

Advertising networks have responded by programmatically examining IP traffic. Those fraud mitigation techniques include crosschecking IPs with known spammers, blacklists and proxy lists. Traffic analysis determines whether a click is from the same IP that generated the impression. If there are clicks that are close together (seconds) from the same IP, it will be considered as a duplicate click. Deeper analytics scrutinize clicks to uncover patterns that may not be generated by human behavior. For instance, it is assumed that there may be fraud if conversions do not align with normal spikes in traffic. These analytics help to update blacklists and identify spammers in real-time.

The latest approaches have evolved to combine human intelligence with technology. Programmatic optimization can look for certain variables, but common sense tells us what consumer behavior actually looks like. If a click begins to come through in certain groupings, there is some programming type of activity happening on the back end. A seasoned ad ops team can decipher between -- and deliver -- what looks real and what looks programmatic from an audience perspective.

People can pass through the unique URL of where a click took place as well as assess clicks and their origin to ensure that the audience is made up of real people. Some ad networks will ensure that a human reviews every ad in addition to permitting the advertiser to physically view where the clicks originated. Human assessment coupled with technology can dramatically mitigate click fraud.

Pay-per-click advertising has also benefited from emerging trends in consumer buying behavior. In April, the technology analyst firm IDC noted that quarterly PC sales had fallen at the highest rate in over a decade as consumers embraced tablets and smartphones. Click fraud is decreasing organically, because smart devices are not as vulnerable to malware as desktop PCs. Most invalid clicks come from PCs, so mobile technology is making click fraud less likely. Studies have shown that mobile advertising is not totally invulnerable to server-side attacks or users accidentally clicking, but the stats have been very encouraging.

Click fraud is a problem that is common to all stakeholders including ad networks, advertisers, brands, and publishers. This understanding led to the adoption of the hybrid approach outlined above. Some sporadic instances of fraud may be inevitable, but it will soon be far less pervasive. U.S. Marshalls reined in outlaws in the old West; fraudsters --  today’s digital highwaymen -- will also fade into obscurity.