Understanding Digital Ad Fraud

May 29, 2017

Billions of dollars are flowing into online advertising. But marketers also are confronting an uncomfortable reality: rampant fraud. About 36% of all Web traffic is considered fake, the product of computers hijacked by viruses and programmed to visit sites, according to estimates cited recently by the Interactive Advertising Bureau (IAB) trade group. So-called bot traffic cheats advertisers because marketers typically pay for ads whenever they are loaded in response to users visiting Web pages—regardless of whether the users are actual people. The fraudsters erect sites with phony traffic and collect payments from advertisers through the middlemen who aggregate space across many sites and resell the space for most Web publishers. The identities of the fraudsters are murky, and they often operate from far-flung places such as Eastern Europe, security experts say. The widespread fraud isn’t discouraging most marketers from increasing the portion of their ad budgets spent online. But it is prompting some to become more aggressive in monitoring how their money is spent. The Internet has become so central to consumers, that advertisers can’t afford to stay away. For advertisers and online publishers, combating ad fraud today is akin to a retailer trying to fight shoplifters by catching them in the act. But one ad- tech company has come up with an approach that’s more like bouncing shoplifters before they can even enter the store. Ad-fraud prevention firm Pixalate has built a piece of hardware it’s calling the Pixalate Security Threat Intelligence Dome that serves as a Brita water filter to sift out fraudulent traffic before an advertiser buys an ad against those impressions and wastes its money. Fake traffic has become a big problem for advertisers and publishers trying to coax brands budgets online. Advertisers will waste $6.3 billion buying ads against fake impressions this year, according to an estimate from White Ops, a company that makes money by helping advertisers identify fraudulent traffic. In a recent interview, CBS Interactive’s Chief Revenue Officer and Interactive Advertising Bureau Chairman David Morris said that fraud ranks second behind viewability as the biggest issue facing publishers today. But Pixalate thinks it has come up with a better way of fighting that fraudulent traffic. Instead of trying to figure out whether an impression is fraudulent each time an ad is bought and about to be served, or blocking ad buys to sites that are often home to fraudulent traffic, the company is keeping a running list of ad fraudsters and blacklisting them before an advertiser’s money comes out of its pocket. Here’s how it works: Pixalate has already developed software that effectively creates a TSA no-fly list of ad fraudsters. To build that list, Pixalate constantly keeps an eye out for IP addresses — unique codes assigned to computers and other devices connected to the internet — that match ad impressions deemed fraudulent. An updated list of those fraudulent IP addresses — as well as website domains full of fake traffic — is sent to Pixalate’s hardware every five minutes. That hardware plugs into the data centers that pipe ad impressions through ad networks, ad exchanges and automated ad-buying and ad-selling tools, for a flat fee to the companies operating those ad technologies. Once an ad impression shows up in any of those ad-tech systems, it’s run through Pixalate’s hardware to check if the IP address matches one in Pixalate’s blacklist of IP addresses sending fraudulent traffic. If there’s a match, the impression is kicked out of the system. If not, the impression passes through and an advertiser is able to buy an ad against that traffic through the real-time auctions that sell ads against those impressions. Like any fraud-fighting technology currently on the market, Pixalate’s technology isn’t perfect. Fraudsters can change the IP addresses they use to send fake impressions, and each time that happens it’s essentially a new source of fraudulent traffic that Pixalate’s technology needs to identify. And it happens pretty often; on average fraudsters shed IP addresses after three days of use, or roughly 100,000 impressions, said Pixalate CEO Jalal Nasir, whose company monitors 10% of IP addresses worldwide. Pixalate uses what are called “honeypots” to lure fraudsters to send fake traffic to certain sites that Pixalate surveils in order to make it easier to identify them and then recognize them when they’re running fake traffic around the web.