We need more tools to cut off ad fraud’s blood supply

Opinion

We need more accountability and regulation in an online media-buying market riddled with information asymmetry.

Open programmatic advertising continues its inexorable march, despite continued questions regarding fraud, poor quality high ad load sites, viewability and brand safety remaining unanswered.

The question for marketers is whether leakage can be dealt with sufficiently through the deployment of third-party adtech, which contains risk whilst also satisfying brand building and performance objectives in the digital economy.

If there is a market failure, will it be addressed by industry initiatives or does the sector need to be regulated?

Equally, do brands care enough about accountability save in the most egregious cases to look at what regulation may already be available to support greater accountability?

Despite all of the content verification and apparently precise targeting tools available, brands still face significant challenges in making sure that ads are placed in appropriate places where they will be seen by the brands’ target audience (and by real people).

Where they can’t do so, brands also struggle to develop a clear traceable line of accountability that stops with an entity within the value chain which is responsible for onboarding the bad inventory or failing to prevent the fake impressions.

Information asymmetry

Recent studies by trade bodies, including Isba, the ANA, and independent analysts, highlight the challenges of ‘information asymmetry’ (i.e. everyone else in the value chain but the people paying have access to the information to understand what is really going on) and the difficulties of obtaining the data to confirm placement.

The vast number of websites and apps that brands utilise in any campaign, the proportion of wasted spend that ends up being hoovered up by poor quality high ad load MFA sites, and the amount of money which advertisers are unwittingly spending outside a premium site on third party partner audience extension domains is all going untracked. This is before we get into brands inadvertently funding disinformation sites, hate speech or ‘adult’ sites through various techniques which essentially mask the real identity of the domain.

Open-web programmatic advertising is estimated to be an $88bn global market. Today’s criminals are constantly innovating to find new opportunities to infiltrate gaps in the perimeter. The World Federation of Advertisers has predicted that ad fraud might become second only to the drug trade for organised crime. Industry bodies, including UK Stop Ad Funded Crime (UKSAFC), are looking at the scale of ad fraud and are now galvanising the industry into action.

For example, UKSAFC recently published an open letter in this publication with a frank assessment, that marketers have for too long hidden behind a ‘tick-box’ and the current approach to combatting ad fraud is not working. They called for collective industry action to tackle the problem. Critically, the letter also mentions that the body is working alongside policymakers, implicitly acknowledging the likely reality that industry initiatives will only go so far.

But before policymakers consider imposing regulations, they will first need to be convinced of the scale of the issue. They will need to be convinced that there is no current applicable law which already holds platforms and digital intermediaries to account.

European regulation

The EU adopted the Digital Services Act (DSA) in October 2022. Obligations on most organisations won’t kick in until February 2024 although ‘very large online platforms’ already have to comply.

The Act regulates digital services that act as intermediaries in their role of connecting consumers with goods, services, and content. It confirms the potential defence that such intermediaries have for illegal content which appears on their service whilst at the same time including various new obligations which vary depending on the type of intermediary service being provided.

Such obligations include supercharging existing processes around notice and takedowns, preventing targeted advertising based on profiling either using sensitive personal data or to children and obligations to ensure that online adverts are more transparent including through ad repositories and information provided about the advertiser and why an individual is seeing a particular ad.

Whilst the attention has been on the large social media platforms and how they are affected by the Act, Recital 50 gives examples of hosting services which may be caught including a direct reference to ad servers and it also hints at their role in cutting off the lifeblood of illegal and nefarious disinformation websites. This would likely only be the case where the ad server is hosting or caching the relevant content rather than the situation in which they are simply serving adverts into the content.

However, given the multiple services, including playout, that ad servers increasingly play, it is possible that the DSA may well make parts of the programmatic buying stack more accountable. Whilst it may be difficult to suggest that operators of ad servers are causing the issues, it may make them more cautious when on-boarding publishers and trigger a greater contractual chain of compliance and accountability than currently exists.

It is unlikely that this, together with a patchwork of other laws to prevent criminal enterprise, such as legislation around proceeds of crime and money laundering, will be enough to ensure the space is effectively regulated and will only likely be deployed in the most egregious of cases.

But the DSA and the intention of asking technical intermediaries to take on a greater role in cutting off the blood supply to online criminal enterprise, is perhaps at least something to build on.