• by Tyler Paxton , Op-Ed Contributor, December 15, 2015

With brands and agencies increasingly on the warpath against digital ad fraud, premium publishers had better get their own houses in order -- or risk losing precious ad revenue.

No, not $8.2 billion  -- the figure recently unfurled by the Interactive Advertising Bureau as the annual cost to advertisers from false impressions, infringed content and malicious advertising (“malvertising”).

That $8.2 billion is going to the crooks -- those secretly foisting bots and malware across the Web, stealing and distributing content, and even serving their own ads on your backend.

As the ad industry takes more and more steps to combat these invisible invaders, scrupulous publishers who don’t join in the battle risk massive collateral damage -- because the enemy has already infiltrated even the most high-quality sites.

One example: Bots “scrape” content, stealing it for their own sites, where they interact with a publisher’s former and potential users, thus diluting the value of a publisher’s own site. The prevalence of bot traffic also slows down load times, further alienating consumers. As traffic decreases, you sell less advertising.

Don’t extend your audience. With such loss of traffic, overzealous sellers can tempt publishers to buy more of it. 

But buyers beware!  Some 52% of sourced traffic comes from bots, says the Association of National Advertisers.  

Know your traffic.Publishers must use Web analytic tools to monitor their traffic sources, and then take appropriate actions based on the bots they uncover  -- such as blocking them entirely, or not serving ads on them. They should also set up “honey pots” -- a part of their domain where no human could ever end up. All visitors to these pots are bots, which must be blocked sitewide.

Vet your SSP.Another invisible source of ad fraud can be found in the ad selling process itself. Not all SSPs are created equal. Some will engage in practices like domain masking  (substituting fake URLs for actual ones), hidden iframes (putting unviewable ads on a site), or iframe stuffing (basically, putting even more ads there).

SSPs that invite the most fraud can get a publisher’s inventory blacklisted by the ever-more-vigilant ad community. So vet your SSP before you start using it, and monitor it afterwards. Note what kinds of ads the SSP is sending to you. Talk to other publishers about who they’d recommend.  Talk to your top advertisers for advice.

Monitor placements. Check that inventory is viewable, and make sure no ads are more than an iframe deep. Make sure all the ads aren’t at the bottom of the page.  Overall, conform to industry best practices.  

Turn off autoplay on your videos. Videos that run continuously, as well as videos inside banner ads, are open invitations to fraudulent impressions.  Advertisers are going to start complaining about being charged for ad views every time a video replays, or every time an ad loads. So get ahead of them, and turn off autoplay now.

Secure your site. Some publishing platforms -- Wordpress, for instance -- are more vulnerable to exploitation by fraud purveyors.  Hackers and bots can get administrative access and employ hidden links. Whatever your publishing platform, employ all the latest protective technology. Use secure passwords and change them often.

By securing your site, you’re defending against the fraudsters in the ad industry’s new war. In this case, though, the best defense is also the best offense. Publishers -- perhaps the biggest victims of ad fraud -- need to move into the front lines of the battle.