How to maintain hygiene in the dirty world of ad fraud
Ad fraud has not only infected the vast body of the online space, but continues to rapidly mutate into ever more damaging strains, writes ABC’s commercial director Jan Pitt
In the midst of a pandemic, hygiene is on everybody’s minds. So what constitutes good hygiene? Well in the case of COVID-19, we’re advised to ‘wash hands, cover face, make space’ at a bare minimum.
Are we 100% guaranteed to avoid catching or spreading the virus if we take these measures? Sadly not, but the purpose of these steps is to reduce the likelihood of the virus infiltrating our systems. It also focuses our minds on actions within our control that can help to reduce the spread.
The ad fraud pandemic
There are parallels to be drawn between this situation and the ever pervasive presence of online ad fraud. Ad fraud has not only infected the vast body of the online space, it continues to rapidly mutate into ever more damaging strains that are often difficult to diagnose, let alone treat.
The impact on the ad industry’s health has been well documented – although, as with Covid-19, the predictions can differ wildly depending on who you ask. The 2019 ANA/White Ops Bot Fraud study estimated that advertisers lost $5.8 billion globally to bot-generated invalid traffic alone. < a href="https://www.emarketer.com/chart/228585/digital-ad-spending-lost-fraud-worldwide-2018-2019-2023-billions" rel="noopener" target="_blank">eMarketer says that, in the same year, advertisers lost $42B to ad fraud worldwide. Even more worryingly, it predicts criminals could be siphoning off $100B of ad spend come 2023.
The perfect storm of 2020
This year’s events have made a challenging situation even worse. Digital piracy, for example – just one face of online ad fraud – has increased in the ‘perfect storm’ of the pandemic. One stat from the Trustworthy Accountability Group (TAG) revealed that overall ad impressions on the top 5k high-risk pirate websites in the US, UK, Germany, France, Italy and Spain saw an alarming 50% increase in the first quarter of 2020.
Even larger fraud rings have recently been unveiled too. April 2020 saw researchers expose ICEBUCKET, the largest Connected TV (CTV) related ad fraud operation to date, where, at its peak, bots impersonated more than 2 million people in over 30 countries. More than 300 advertising brands have been affected, losing unspecified amounts of money into these cyber criminals’ pockets.
If one were to ask how this particular fraud scheme became so malignant, the White Ops blog explains that, ‘The operation started in a part of programmatic advertising where the supply chain is less transparent, sellers are not reported in sellers.json files, and buyers and sellers typically don’t have a direct relationship.’
It’s apparent from this account that, when the healthy components of transparency, industry-agreed best practice and direct accountability aren’t present, ad fraud can infest and multiply very quickly.
So what can be done?
It comes back to hygiene measures; in other words, following our industry-agreed standards. The ad fraud equivalent of ‘hands, face, space’, if you will. But we need to keep our finger on the pulse because, as the situation evolves, so industry recommendations change too, with new insights and technology that can further reduce the spread of fraud.
Here’s the latest reminder of what the industry is advising to keep us safe:
Ad fraud hygiene guidelines
1. Become TAG certified and work with TAG certified partners – The Trustworthy Accountability Group (TAG) is a global initiative increasing trust in the digital advertising industry. Achieving TAG’s Certified Against Fraud Seal proves that companies are consciously implementing the minimum industry recommendations to combat fraudulent and invalid traffic.
Companies applying for the Seal have to demonstrate, via an independent audit, that they abide by TAG’s Certified Against Fraud Guidelines. As an approved TAG auditor, we work closely with companies to ensure they have the right processes in place and are able to submit the evidence needed to demonstrate compliance.
The requirements differ slightly depending on where a company sits in the digital eco-system, but examples include employing domain threat filtering, implementing or honouring ads.txt and app-ads.txt files and undergoing annual TAG training.
Added reassurance comes with knowing TAG guidelines are updated regularly by its Anti-Fraud Working Group, ensuring the requirements demanded of participating companies remains at the cutting edge of industry best practice.
For example, the next iteration of TAG’s Guidelines requires more stringent measures for the filtration of invalid traffic. Companies must ensure 100% of monetisable transactions are filtered in a manner compliant with the Media Rating Council’s (MRC) Invalid Traffic (IVT) Detection and Filtration Guidelines or another TAG-recognised standard for IVT detection and removal. This rule currently only applies to general invalid traffic (GIVT), which is traffic that can be identified through routine filtration methods like applying lists.
This requirement becomes more stringent for TAG 2021 submissions, when companies must also demonstrate the same level of filtration against sophisticated invalid traffic (SIVT). As the name suggests, SIVT refers to more difficult to detect situations that require further interventions in order to identify them, such as advanced analytics and significant human analysis.
As we evolve in our understanding of ad fraud, so TAG’s standards will develop, ensuring a continual forward movement of improved safety across the digital advertising ecosystem.
2. Use industry guidelines to stay updated on the latest anti-fraud tools – Because industry guidelines evolve in line with new anti-fraud developments, they’re a great place to look for advice on the latest recommended technologies.
For example, the second iteration of the IAB UK’s Gold Standard, known as GS 2.0, includes expanded ad fraud requirements so that, in addition to ads.txt and app adds.txt, companies must now implement or encourage the use of ‘sellers.json’ and ‘supplychainobject’. These are all IAB Tech Lab provided standards.
‘sellers.json’ enables buyers to ‘discover and verify the entities who are either direct sellers of, or intermediaries in, the selected digital advertising ‘opportunity for purchase’. It’s a bit like the Supply Side Platform’s (SSP) version of the publisher’s ads.txt file.
‘sellers.json’ offers a reliable way for buyers to identify authorised reseller partners, along with details such as their seller ID.
‘supplychainobject’, alongside ‘sellers.json’, provides a way to help buyers remove anonymity in the supply chain. Essentially, the tool shows all intermediaries involved in the sale of a particular impression. So if included in the bid request, that request would show the full chain of payment all the way back to the publisher.
Effectively, inclusion of these files help to minimise ad fraud by bringing more transparency and control to advertisers.
3. Apply the IAB/ABC International Spiders and Bots list – A basic hygiene measure, this list covers all known non-human activity that can significantly inflate ad impression and site traffic counts.
An ongoing focus on cleanliness
Ad fraud is a very present reality, with no definitive cure in sight. But by implementing basic hygiene measures as outlined in our industry’s guidelines, it is possible to minimise the chances of becoming victims of online ad fraud while enjoying the many benefits of programmatic advertising.
By adhering to industry best practice, working with trusted partners and establishing more direct relationships, we make it a lot harder for fraudsters to infiltrate and take hold.
And everyone doing their bit to prevent the spread will continue to make the online space safer for everyone.
Jan Pitt is commercial director at ABC