Two things dismayed me: to hear that no one actually knows the size, or the sources, of the problem; and to see technology vendors pitching a “solution” to the problem. Nobody wants to admit where the problem is, nor how large it is, so maybe this is the dirty little secret where most everybody is making money.
From our experiences, fraudulent/phony/nonexistent traffic almost always occurs for one reason: money! That is, someone perpetrates this action to make money, either independently, in cooperation with other parties, or by taking advantage of someone/company or technology. Years ago, we saw venture capitalists being the objects of fraud, then search marketers/advertisers, and most currently display marketers/advertisers. Suffice it to say that fraudsters will always be looking for opportunities and exploit illegitimate ways to make money.
We have seen that, most often, the fraudster is a “publisher” who manufactures traffic in a number of ways. Bot nets are one of the more nefarious methods used, but there are other ways as well to creates a large volume of inventory for unsuspecting advertisers, inventory that will not be seen by people or will be mis-targeted to an unintended audience.
Our investigations have concluded that in all cases, the fraudsters have developed techniques to perpetrate the fraud or have taken advantage of internal control deficiencies. When controls are improved, the incidence of fraud decreases.
Fraudulent/illegitimate traffic can be detected in a number of ways:
1. An advertiser/agency can review reporting and observe impression/click volumes that are disproportionate to expectations.
2. An advertiser/agency can review attribution reports and observe low performing or non-performing advertising.
3. A network/SSP can observe reporting that reveals disproportionate impression and dollar remits to partners (usually publishers).
4. An advertiser/agency or network could run pattern analysis software to analyze impression logs for indications of abuse.
5. An advertiser/agency or network could employ some form of fraud detection service/technology which could detect nefarious activity.
One of the problems we, as an industry, face is that even “innocent co-operators” make money from the fraud. As such, unknowing IAB members are profiting from fraud, and many may be unwilling to ask questions from fear of impacting their bottom line.
I think it is worthy to point out that the industry will never be able to completely eliminate outright fraud. Also, the upcoming viewability standards might slow down fraud for a time, but will not deter it in the long term. For instance, there exists technology today that will emulate a browser and the actions that users perform. Many of these emulation packages are perfectly legitimate.
That is not to say that nothing can be done. There are several ways IAB businesses can address the problem. First, the industry can work to eliminate the fraud by instituting a number of standard controls (business/operational/financial) that will deter or detect fraudsters:
1. Publishers must initially vet, and then monitor, all traffic sources to ensure high-quality traffic, particularly those sources that are contracted and compensated for traffic increases.
2. Publishers must employ internal controls to prevent (or monitor) employees who are compensated/rewarded for traffic increases.
3. Advertisers/agencies/networks/SSPs must initially vet all business partners (publishers) before agreeing to do business with them, and then monitor them for unreasonable increases, poor-performing campaigns, or erratic traffic fluctuations. Discrepancies can then be investigated.
4. Technology companies can be certified to IAB/MRC/AICPA standards to ensure that adequate systems and internal controls are in place. The IAB certification standards are for both measurement and quality assurance guidelines.
5. Technology companies can employ technical and statistical tools, both contracted and internally developed, that can assist in uncovering fraudulent users and traffic sources.
6. IAB can play a role by incorporating strict language into its Code of Conduct, and then enforcing such a code.
In my opinion, this problem can be considered a measurement issue, and should be addressed with IAB members embracing the current measurement standards, combined with best practices for internal control (MRC and AICPA standards). Certification to IAB standards would go most of the way in addressing the problem.