Since the dawn of time, man has been defrauding his fellow man. One can only wonder what the first instance of fraud was. Did a caveman lie about the quality of his fire-hardened wood spear? Or maybe he traded two older fruits for two good ones without telling the other party.
At any rate, fraud predates written history by a long, long time and, in all likelihood, even predates language. Every civilization, every city, every community, no matter how big or small,
So it should come as no surprise that fraud exists in online advertising.
What might come as a surprise is the extent of the fraud.
Here, fraud is everywhere
Fraud may be everywhere, but it’s
That is a truly staggering amount for any business sector. For example, retail stores, where one can simply pick something up and (try to) walk out with it, have lower rates than digital advertising.
In the US, “shrinkage” or “shrink” (loss due to fraud and theft) is generally around two percent of gross revenue. Compare that to the over 33% reported above for the online advertising industry!
Why is it so bad in this industry?
The internet is a kind of reflection of the real world. However, it’s also a reaction that magnifies.
It’s an anonymous world that spans borders, timezones, language, and, well, jurisdiction. Between its international nature and the anonymity provided by the internet, the more negative aspects of humanity are often on full display.
We all have experience with this to a certain extent online just through social media – wherein people say things that they would never say to someone in person.
Unfortunately, this magnification is not limited to language. Rather it extends to crime as well.
Criminals are bolder online. Both because they’re further removed from the damage they’re causing and because they are often outside the jurisdiction that should protect the offended party.
If you’re in Iceland and some guy in Burkina Faso swindles you out of 1000 dollars, good luck getting it back!
Retrieving your money is equally tricky for advertisers as it is for individuals. If a bad actor manages to defraud your CPA campaign of several thousand Euros, then you’re going to have a hard time getting it back.
Even if you can get to the source of it and can prove that it was fraud, good luck in court – you often have no recourse. And even if you do, the cost of pursuing the fraudster is likely to exceed the value significantly lost.
So, in this case, the best offense is a good defense.
There’s no need to deal with any of that if you don’t let yourself get defrauded!
So here are some tips to help you avoid fraud in the future.
Know what it looks like
How can you protect yourself from fraud if you’re not even sure what it looks like?
Knowing the signs is the first step. So before we begin with how to fight fraud, let’s look at the major indicators.
- A Conversion Rate (CR) that is way too high.
This could be an indication of Click Injection or other forms of conversion capture. This is essentially a kind of fraud that occurs when a bad actor realizes that a conversion is happening and quickly claims the conversion.
- A Conversion Rate (CR) that is way too low.
This could be an indication of Clickspam. Clickspam is a kind of fraud that involves the frequent reporting of fake clicks whenever someone is using a malicious site or app. The hope here is that some of these random people that they’re claiming have clicked on their add will convert. These conversions will then be attributed to the publisher reporting the fake click and, eventually, they will be paid for it.
- Click to Install Time (CTIT) monitoring
Click to Install Time can also be an excellent indicator of both clickspam and click injection (as well as of various other forms of online fraud).
This is the time it takes for a user to download a mobile application after clicking on an advertisement (hence the name Click to Install Time!).
If the time is short, it is a good indication of Click Injection. This is because Click Injection generates a click and claims a conversion right after it detects that an installation has occurred.
This means that the CTIT is going to be very, very low – often impossibly low.
Likewise, CTIT can be impossibly long with Clickspam. A very long CTIT often doesn’t make any sense and is very suspect (exceptions are large applications with long download times or that require one to wait until connected to Wi-Fi).
Because clickspam is based on the almost random capture of organic events, the distribution of conversions will be even. That is to say, as many should have a 4 hours CTIT as 24. With non-fraud CTIT, the vast majority should occur in the first couple of hours and then slowly trail off throughout the rest of the day
1. Blacklist
Blacklisting is one of the most common ways of tackling online ad fraud. It involves simply banning subIDs and publishers that you determine to be sending you fraudulent traffic.
One of the most effective ways to use this technique is to automate it. Your campaigns don’t stop running when you go to sleep or go home from work, so your anti-fraud vigilance shouldn’t either.
With Mobinner, you can automatically set Conversion Rate parameters. If a subID starts posting a CR that is either too high or too low, then it will be automatically blacklisted.
Naturally, this only occurs after a certain number of conversions so that the computer can make a statistically sound decision.
You can learn more about blacklisting and good strategies for its use here
.
2. Whitelist
The whitelist uses more or less the same strategy as the blacklist, just reversed. Instead of taking away the bad, you selectively add the good.
This is an excellent strategy for launching new campaigns, especially particularly sensitive campaigns.
So with new clients or brands that don’t want to appear on sites that could damage their image, you might whitelist. If you have an offer that will be revoked if the initial traffic isn’t up to snuff, then whitelisting might be the best move.
With whitelisting, you can take the subIDs that have performed the best historically and assign them to similar, very sensitive offers.
3. Post-conversion anti-fraud
Another way of dealing with Fraud is post-conversion an anti-fraud system. These systems analyze everything conversion that you receive and either block or allow it based on whether or not it looks like fraud.
These services can check against a variety of things including but not limited to CTIT, IP Address, known device farms, bad HTTP User Agent, and a host of customer behaviors that can tip the AI off that it’s dealing with a bad actor.
If it does determine a conversion to be fraudulent, then the conversion is blocked – this means that it is not reported back to the publisher or subID. The subID, the contracting party that would be paid, is generally responsible for directing the fraud since they’re usually the only ones that stand to gain.
Fraudsters, in general, will recognize when they’ve been had and stop wasting resources on an advertiser who is effectively blocking their attempts.
This style of anti-fraud system is particularly cost-effective because it only spends resources checking conversions rather than clicks. And there are generally a lot more clicks than conversions.
4. Click-level anti-fraud
This is the second kind of fraud protection that is available to internet advertisers.
Click-level anti-fraud technology moves the line of defense up a ways. Rather than fighting fraud only when a conversion happens and blocking it there, click-level anti-fraud technology stops the fraud before the click is even registered.
This can significantly increase the quality of traffic that comes downstream and further decrease the total percentage of fraud that is paid out.
Many services check at both the click and the conversion level, giving the system two chances to recognize the fake traffic.
The primary downside here is that this kind of service is significantly more expensive than just checking at the conversion level.
However, for the price, you get a significantly higher degree of protection.
5. Pick GEOs carefully
This one cannot be overstated. Carefully picking your GEOs is one of the best and most cost-effective ways of avoiding fraudulent traffic. Certain GEOs are responsible for a large amount of fraud, and by only selecting them when it is necessary for a given campaign, you can greatly limit your exposure to fraud.
The best place to start when determining what GEOs to avoid is to look at your history with the partner network that you have. General percentages of total traffic fraud are significantly less useful than your own experience with your network of publishers.
That said, it is worth looking at the GEOs that have the highest percentages of ad fraud. Pixalate provides an excellent overview here.
The fact that India is at the top of the list with 39% fraud should come as no surprise to anyone in the industry. Nor the high placement of Indonesia, Russia, or Colombia. That said, it’s not just relatively large, poor countries that are responsible for fraud.
As you can see in Pixalate’s graph, a large percentage of the worst offenders in terms of ad fraud are actually very developed countries. In fact, the United States comes in 9th place.
Since users there are so valuable, a lower volume (and therefore lower profile) of fraud is required to make a lot of money.
So depending on you’re goals, it might be worth avoiding these GEOs that have demonstrably high levels of advertising fraud.
There’s always more that can be done
The fight against fraud is ceaseless.
It’s a neverending process of observing your faults, adapting, and improving. Otherwise, the fraudsters will eventually beat you at your own game, and your hard-earned cash will become theirs.
Mobinner is a High-Performance Demand-Side Platform. Since 2017, we’ve been helping our customers build brands, drive conversions, and acquire users.