Why RTB networks are most susceptible to ad fraud

Dissecting a “Six-Figures-A-Month” video ad fraud operation
December 6, 2014
International cooperation in the fight against robots
February 23, 2015

Some history

Anyone who’s even slightly involved in online marketing and advertisement eventually faces the problem of fraud nowadays. The issue is deeply rooted in the ecosystem.

For years, salespeople negotiated for ad spots on individual websites, but that soon proved to be inefficient and labour intensive. Fast forward to today and you’re in the potentially murky waters of gigantic advertisement networks, ad-exchanges, and RTB platforms.

It’s all great and we like new three-letter-acronyms as much as the next guy, but what do they mean for you as an advertiser?

Before I continue, I saw a few eyes twitch upon hearing ADX, SSP, DSP, RTB, etc. Follow these links for an explanation in plain English of how ad-exchangesDSPand SSP relate to one another if you’re not entirely familiar with the terms.

Advancing digital-advertising to 21st century standards through technology

Joe the advertiser tells the ad-exchange he needs an ad slot for his Tasty Doggie-Food™ ad so it’s shown to people who:

  • are dog owners,
  • are adults between 25 and 59, and
  • are from the same area as Joe’s small business

He’s willing to pay say 1,5 cents per impression with a daily budget of $50.

The ad-exchange (through a DSP) picks it up from there and takes care of the rest. It’s simple enough. Joe is happy and heads home satisfied. (Even happier when he finds out his lovely wife Sarah made his favourite dish — shepherd’s pie, yay!)

Praise automation technology and market efficiency: supply and demand connect in an automated manner, in real time and without any human intervention for all practical purposes.

Hold on to your hat: the above all happens in a few dozen milliseconds for each ad slot. That is what computers do best after all — simple tasks at blazing speeds.

Rise of the machines

We’ve covered the most common forms of ad fraud before. So you’re armed with knowledge on how impressions are generated, inflated, hijacked, and how they can be manipulated in countless ways.

If you’re still with me, you’re probably seeing the pitfall: there is no human intervention. Joe, as an advertiser, never says he wants his ad to show on any specific page. Nor does he actually know, for that matter, where they appear most of the time.

Joe thinks his Tasty Doggie-food™ ad is shown on websites that have the visitors he requested from the exchange. In reality though, his banner appeared on a page of no particular interest to dog owners by visitors from all areas. Indeed, the ad ended up on a page that merely pretends to have such visitors.

Here’s how.

There’s a less than honest player, around — let’s call him Butch.

  • Butch is operating several thin websites, one of which is www.hungry-doggie.com. But this website does not have the volume nor the type of visitors that is says on the tin.
  • Instead, Butch buys dirt-cheap inventory (say a thousand impressions for under a dollar) on www.how-to-crack-copy-protection.org — a blog focused on software piracy.
  • The impressions Butch buys there are redirected to his other thin website, www.my-2-happy-dogs.net. And then to www.hungry-doggy.com.
  • The referrer is laundered through aggressive use of javascript.
  • And these visitors are recycled: Joe’s Tasty Doggie-food™ advert gets served to random people who actually originate from a piracy site.

A  prime live example we uncovered recently is described here. And it doesn’t necessarily end there:

  • Butch also generates artificial traffic through malware and malicious toolbars (a great write-up on the topic here).
  • He then has the audacity to pour the freshly created bot traffic onto www.my-2-happy-dogs.net further diluting the value of traffic that Joe and many others are receiving.

Once a flourishing jungle, nothing grows on this barren land anymore

It’s not all that grim. Most large networks do employ technologies that measure ad visibility. And they track and analyse traffic for bot behavior. But not all of them do. There are countless examples of networks which I am not going to point out here that allow advertisers to run any kind of code, and are too profit-oriented to care about the quality of all the publishers they allow in. Worse, some deliberately mix it with more decent traffic so it’s less conspicuous and can be sold more easily.

Oftentimes publishers are only screened one single time — and in exceptional cases not even that!

Read that last sentence again and pause as you pounder on the consequences.

Once such a network is part of the exchange, the DSP eventually orders it to serve ads. As discussed already, ads and publishers are connected in fractions of a second by machines negotiating with machines. The following issue arises: when a malicious source makes its way into an exchange, it spreads almost freely from network to network until it’s shut down. The global inventory handled by ad-exchanges ranges in the billions per day, so it’s easy for Butch to fly under the radar for a while if he’s only serving a few thousand or million fraudulent impressions per day. Particularly so if Butch properly fans this traffic out over multiple domains. Each day we see more pages than we care to count that claim daily impressions in ranges that are — by far — incompatible with reality.

Bonus fact: the first banners in web history yielded clicks in two digit percentages. A banner usually gets less a fraction of a percent of clicks per impression nowadays. That low click-through rate and the billions of impressions per day make it much easier for fraudulent publishers to get away with their malicious operations.

Fraudulent traffic and malicious publishers in this ecosystem are very much akin to toxic spills. They enter a stream, dilute within it, ultimately reach larger rivers, and eventually end up in oceans. Advertisers don’t all realize that they’re drinking tainted water every day.

I’m painting a dark picture here, but you need to understand that many conflicts of interest are rampant in today’s digital marketplace. There are standardization initiatives but no global “active law enforcement”.

It is the responsibility of all of us.

Today — not tomorrow.

Back to Joe, the person who from our point of view is positioned at the top of chain and pouring money into the system. He can choose to work with networks and ad-exchanges that can present a valid proof that they are proactively filtering bad traffic. Or he can only work with sources that allow him to use a specialized anti-fraud tool himself in his campaigns.

Or, as things are today, Joe can’t expect to get what he paid for. :(

Last word: it is very naïve of Joe’s to expect that everyone is trying hard to make sure his ads are shown to the right people — or for that matter to real people — just because he pays for it. But he can do something about it.

Leave a Reply

Your email address will not be published. Required fields are marked *

Contact Us