Last summer, the pixelverse was in a dither over online ad fraud. The Financial Times issued a widely-quoted squib with the menacing headline: “Mercedes Online Ads Viewed More by Fraudster Robots Than Humans.” So ad fraud affects more than 50% of impressions, right?
Looking under the hood, the figure came from an investigation of a particular display campaign run for Mercedes-Benz by the ad tech player Rocket Fuel, which later came out with an aggressive counterpunch. It called the FT story “non-news” and stressed its ace “bot-screening technology.”
So maybe half is an overstatement. Another widely-cited figure from last year claimed that the number was more like 36%. This alarming one-in-three squeal came from the Interactive Advertising Bureau, which is usually sober. Assuming that about $50 billion was spent on digital advertising in the U.S. last year, the implication was that somewhere north of $15 billion is wasted on phony ads.
Then a more measured estimate came out from the Association of National Advertisers and the security firm White Ops. Their investigation put fraud at about 11% of display impressions and 23% of video views, and it set total losses at just over $6 billion. But the media players with the most to lose from advertiser mistrust — particularly Google — came out with mouse pads blazing, acquiring security firms and running PR blitzes assuring the world the problem was firmly under foot.
Is it, really?
Which brings us to the Times Center under the New York Times HQ just south of 42nd Street in Manhattan, last week, as Mercury was sliding into retrograde. The event was the first Clean Ads I/O sponsored by ad tech powerhouse AdExchanger. As we’ve said in the past, no trade pub-hyphen-research firm has done more to bring light to the hot house of ad tech than AdExchanger. And if anyone could pull off a full day of speakers and canapés around the theme of pixel stuffing and ad stacking, it’s them.
After a rousing welcome from AdExchanger’s slim founder-publisher, John Ebbert, the day was keynoted by Mary Engle from the Federal Trade Commission. The FTC’s remit is wide and deep around ad fraud, leaning on Section 5 of the FTC Act, which addresses unfair and deceptive trade practices. Surveying the recent history of enforcement actions, from infomercials through acai berry-slinging hucksters, Engle put the entire ecosystem on notice:
“Remember the consumer, think about what they’re going through — how they’re consuming the ad.”
She avoided bots and focused on misleading messaging, which has clear implications for so-called “native” advertising. Although she made clear she did not think native ads, folded into the flow of the content surrounding, are “inherently deceptive,” Engle did say that publishers who “participated in the creation of ads” the FTC deemed deceptive could indeed be held liable for “ill-gotten gains.” Lest we think the government has gone soft, we learned that the FTC is currently pursuing 140 actions under Section 5. So there.
Having been braced against two-legged legerdemain, the day turned to the bot menace and the vexed question: Is our ad ecosystem infested by an evil that dare not show its face? And: Who is to save us from these invisible hordes?
Before we go there, let’s pause a moment and ask a more basic question: What is ad fraud? AdExchanger’s intrepid researchers, including Catherine Oddenino and Melissa Parrish, laid some science on us:
- Bots — software scripts loaded into legitimate computers and run in the background; an estimated two-thirds of bots use legitimate (meaning, real-people or real-company) IP addresses; once in the game, they can do whatever they were designed to do, including trolling the internet “looking at” and “clicking on” ads.
- Pixel stuffing — the fraudster sells an “ad” that is basically just a 1×1 (invisible) pixel, or loads an entire website into a pixel and claims credit for the ad views.
- Ad stacking — advertisers pay for multiple ad slots but only one is shown; in an example given, six ads were sold and served to a website in a slot that could only accommodate one; the rest were not seen.
- Domain spoofing — quite common, this method lets a fraudster sell ads that appear to be for a legitimate valued publisher’s URL but actually run elsewhere; it can be done by manipulating ad tags in real-time bid (RTB) exchanges, embedding good URLs into ad slots on bad sites, and other methods.
- User-agent and location spoofing — evil invades the mobile ad-verse; ad tags are manipulated, once again, this time to pretend that a device is in a certain desirable location (e.g., Times Square) or is a desirable device type.
Given that ad fraud is a widely dispersed, destructive and well-known problem, why is it not Topic A on the Adweek cocktail circuit? Two big barriers surfaced at the conference, one technical and the other rather tragicomic, at least for those of us from ad agencies. Both were exposed in sinister detail during the day’s most lively panel, hosted by AdExchanger’s rakish Ryan Joe and featuring Google’s Douglas de Jager, formerly of Spider.io (a security firm Google acquired last year), White Ops’ master blaster and ad fraud’s worst nightmare Michael Tiffany, and John Nitti from ZenithOptimedia, who held up the agency’s POV.
As de Jager and Tiffany described it, in at times Big Bang Theory-ish jargon, the technical problem of fraud is pretty bad. Like two bros beamed in from a smarter planet, Tiffany and de Jager described the process of hiring hackers “competing with nation-states” to “reverse-engineer malware” created by brilliant multimillionaires in shifty republics. They painted a Hollywoodesque portrait of a gang of stressed-out hackers holding a line of defense against deep-pocketed oligarchs, which may not be far from the truth. Like all cybercrime, indeed all crime, ad fraud is lucrative and can never be eliminated. It can only be battled. Day after day.
As Ron Amram, Heineken USA’s media director, put it in an earlier session:
“There is no fraud police. If we’re going to stop this thing, we’re going to have to come together as a community.”
And now the second barrier: the issue of incentives. Who is the real victim of ad fraud, and who benefits? The victim is clear enough: the advertisers, who overpay for media and waste money on ads that don’t run, or aren’t what they thought they were. Some people find it hard to stir up much sympathy for billion-dollar brands who have been wasting their ad dollars since the dawn of television, but still — they are harmed. Who benefits? The criminals, of course, but a lot of other people, including the ad networks and exchanges that distribute the ads, big media companies that want to encourage more spend, the vendors who service ad tech, and — most vividly — media agencies, who generally get some commission on media dollars and so have an incentive to use them.
That said, I know of no case where an agency has been proven to turn a blind eye to fraud from selfish motives. (If you do, please let me know @martykihn.) But the impression lingers that agencies have been as quick as Rocket Fuel to minimize the danger here, pointing up and down and sideways for a culprit. Ultimately, it will probably be the advertisers themselves prompting their agency partners and security firms to do whatever can be done to hold off the robot army.
And for white hats like AdExchanger to keep shining the strobe.