Why It’s Time for an Ambitious, Global Standard for Tackling Ad Fraud

March 13, 2017
The media and marketing sectors are in the midst of a fierce technology arms race against the malware and sophisticated machine learning driving ad fraud; unfortunately, it’s a battle our industries are currently losing.

You’ll probably be familiar with the most common types of ad fraud (botnets and fake domains), but it’s the newer types emanating from all around the world that are really testing our defences. Forced mobile auto-refreshing, hijacked tags, falsified location data, domain spoofing, or ‘methbot fraud’, are just some of the countless types of malware that roam the internet.

With growing evidence that ad fraud is helping to fund organised crime and terrorism, you’d think the industry would have got its act together and created an aggressive global standard to tackle it. You’d be wrong. Most resources have gone into fighting ad fraud at the regional or country level, with organisations such as Jicwebs, Tag, and the Digital Trading Standards Group, which outline best practice in viewability, brand safety, and fraud for the UK and Ireland.

A lot of progress has been made through these organisations in promoting higher standards and increased awareness of the dangers of ad fraud. However, even these well-funded groups are struggling to keep up with the constantly evolving and global nature of the threat.

Part of the reason for this has been the mistaken belief that simply reporting on website domains is going to catch the super-smart cyber criminals. The fact is, up to 80% of the invalid traffic online is hiding at a user (not website) level, yet most of the tools on the market don’t offer this deeper reporting; and the organisations monitoring ad fraud don’t enforce these standards. It’s no surprise then that fraud is increasing, not decreasing, and advertisers are starting to demand answers and more accountability.

Thankfully though, one organisation is taking a lead in enforcing the kind of premium model and benchmark of capability that could form the basis for a more international approach. The US’ MRC has been ruffling more than a few feathers with their accreditation standards. Some have criticised the organisation for needlessly adding complexity to the process by constantly adding new reporting requirements. Even Google were suspended for not complying with the required standards.

Adloox have just become the first European tech company to be accredited for Sophisticated Invalid Traffic (SIVT desktop) detection by MRC; so we know more than most just how tough the process is. Far from complaining about it, we fully support a more aggressive benchmark, which can evolve as the ad fraud threat does and looks at the deepest level to rout out malware.

In fact, we’ve been beating the drum on the need for deeper auditing for some time. Our clients are seeing less than 1% of fraud rates on their campaigns, where the UK average is anywhere between 20-60%, once you realise it’s hiding at the traffic level. It’s actually shocking seeing the ineptitude and lack of transparency monitoring (viewability) tools are offering the industry.

Agencies are trying to optimise against top-line viewability scores, suppliers get the same non-transparent report for free, so claim they are covered, whilst the brands themselves are left in the dark (that is until they get roped into a frontpage exposé story).

The complacency that lies behind recent criticism of the MRC’s approach is exactly what’s allowed the current situation on ad fraud to arise. We all need to accept that quality comes at a cost. Worryingly, this quality has been widely and negligently missing across digital and its measurement to date.

This needs to change though, and fast. The army of developers creating these new types malware are some of the most talented on the planet, who constantly look for weaknesses in our defences that they can exploit. They don’t think in terms of regions or national borders, so why should we think in those terms with our response?

There will always be criminals looking to make a fast buck from the system. But, if we can pool our resources and develop a truly global and robust standard, we might not win the battle entirely, but at least we can stay one step ahead.