Published May 2016
The digital advertising ecosystem is built on trust, working at its best when all participants are good, and when no one tries to deceive anyone else. That’s why ad fraud is potentially damaging – it can erode trust. Advertisers need assurance that their ads will be visible in the right places, and publishers want to be sure they aren’t losing revenue when fraudulent ads are sold in their name. But eradicating ad fraud is a collective effort and success will hinge on collaboration by all players in the industry. We’ve worked closely with TAG, the IAB, and other key players in the industry to tackle many of the issues around ad fraud, and we are committed to continuing and building on these efforts as the industry moves forward.
At Google, we have a global team with more than 100 people dedicated to fighting ad fraud through a combination of engineering, operations, and policy. Our mission is to make the Google ecosystem safer for those who use it – including advertisers, agencies, and publishers who choose to use our platforms to support their digital marketing efforts – creating greater integrity and more transparency.
We’ve worked hard to protect our ad systems, and we will continue to do so. This article highlights some of the key areas we’ve focussed on in the past year, with the aim of showing some of the ways that Google is fighting ad fraud. We’re also sharing these insights to spur other players in the industry to take action against these threats.
1. We cut out injected ads. Unwanted ad injectors are rogue applications/software that insert new ads, or replace existing ones, into the pages that users visit while browsing the web (often showing ads that are not interesting or relevant to users). This harms advertisers, publishers, and users, while providing a bad user experience (we received over 300,000 user complaints about them in Chrome in 2015). We added to a growing number of ad traffic filters by extending protection for DoubleClick Bid Manager against injected ads using an automated data filter based on several blacklists produced by our operations team. Approximately 1.5% of the inventory across multiple exchanges is excluded as a result.
2. We shared data to help filter bot traffic. Created by automated bots and spiders, bot traffic is artificially generated traffic that originates in data centers (facilities that contain large computing and storage systems). We partnered with the Trustworthy Accountability Group (TAG) to produce a pilot program to share blacklists of data center IP addresses and domains associated with non-human ad requests or “bots,” (generated via automated data centre traffic). Back in May 2015 when the program launched, we found the blacklist filtered 8.9% of all clicks on DoubleClick Campaign Manager alone. Without filtering this invalid traffic from campaign metrics, advertiser click-through rates would have been inflated (vastly for some). This in turn would have had an impact on true campaign performance, and ultimately, return on investment for the advertiser.
3. We expanded our defenses against botnets. These are the huge families of infected computers that work together across the web in a coordinated dance aimed at generating massive amounts of invalid traffic by mimicking human behavior. Our team of engineers (or warrior scientists, as we sometimes like to call them) have been fighting ad fraud botnets and the malware that allows them to thrive for years. As with other defenses, we expanded protection of our ad systems by launching an innovative type of filter. This filter works by excluding traffic from three of the top ad fraud botnets (each comprised of more than 500,000 infected machines) and is also resistant to ongoing changes, aimed at making it hard to detect the malware that drives these botnets.
4. We boosted protection against falsely represented inventory. Ads showing up on illegitimate sites may be harmful for brands and are usually the result of falsely represented inventory (which occurs when the seller intentionally makes it look like their traffic is coming from another website). In some instances we’ve seen this type of activity account for up to 40% of inventory for a particular exchange purchased by DoubleClick Bid Manager. In addition to our ongoing operations work to exclude illegitimate and shady web sites, we launched a filter that extends this protection in an automated way, making it even harder for this type of abuse to occur, protecting brands’ and publishers’ best interests. Advertisers know their ads are being seen in the right places, whilst legitimate publishers aren't being cheated out of revenue from ads sold in their name.
5. We worked with others in the industry to forge a common language for our ecosystem. The industry needs to strive for precision when discussing these issues. With this in mind, it’s important to agree on a common language, which is why we’ve worked closely with the IAB TechLab and the Transparency Accountability Group (TAG) to create a taxonomy that organizes fraudulent traffic into five groups. Having clear labels about ad fraud means we can reduce confusion and communicate consistently.
6. We’ve collaborated with the industry on transparency. As an industry, we have a responsibility to promote transparency in the work that we do. At Google, we’ve been public about many of our projects in the fight against ad fraud, including putting into place policies to tackle hidden ads, injected inventory, and falsely represented inventory; processes to exclude automated data centre traffic; and robust defenses against botnets. We are also collaborating with key industry players on the new Payment ID system that makes it hard for fraudsters trying to cheat the system. We’re fully committed to improving ad traffic quality for players across the digital ecosystem, making the web a safer place for everyone.
In light of the positive changes to come, we’ve asked two of our collaborators to share their outlook on combatting ad fraud in the coming year. Here are perspectives from publishers FT.com and buyer MediaMath.
"A high-profile agency for a bank approached the FT about buying some home page roadblocks. During discussions they mentioned that previous roadblocks for the client had under-performed. Our records showed no recent spend from this particular client. It turned out they had purchased two home page roadblocks programmatically and not one single impression had appeared on FT.com as they were purchasing fraudulent inventory on open exchanges rather than via FT managed private marketplaces.
The detrimental impacts included the agency needing to repay the money, no revenue to FT for two roadblocks the client had tried to run, and no uplift to the advertiser. This highlights the importance of direct conversations between buy side and sell side in programmatic.
There needs to be a focus on where the money is flowing to in programmatic. For example, there’s no excuse for money flowing to a non-FT bank account for an impression that has the ft.com domain. A secure database of publishers with correct identifiers for payments will help. The measurement platforms need to provide enough details to publishers to allow them to act on fraud, which may include the ability to communicate with users who have malware on their devices. Tech vendors measuring non-human traffic need to be audited, and there should be a way for publishers to flag concerns to them with regards to the accuracy of their measurements.
– Anthony Hitchings, Digital Advertising Operations Director, FT.com
"Fraud is the one thing that can completely destroy our industry, because it breaks the trust of the market. Ad fraud makes buyers unwilling to commit dollars to programmatic because they don’t believe they’re getting what they’re paying for. And if there is fraud, how can they believe the results they’re being shown? Fraud also makes sellers unwilling to commit inventory that the industry needs in order to grow. If fraudulent ads have a negative impact on site traffic, user experience, and monetization, then publishers will allocate to other channels that don’t risk their core business. It’s extremely important for the industry that marketers have the utmost confidence in the programmatic revolution of ad buying, and are not having to trade innovation and effectiveness for quality.
Blocking fraudulent actors really starts with the sales process – including rigorous screening of prospective clients’ reputations, histories, and business practices – as well as ongoing monitoring of client activity and a strict policy to penalize malicious behavior, up to and including permanent deactivation. There needs to be an industry database of known bad actors, with individuals bearing as much scrutiny as IP addresses. Having a better chain of custody is also necessary – knowing where things came from and where they are going. From a global industry point of view, we need stricter regulations, bigger penalties, and global initiatives."
– Dan Larden, Senior Manager, Media Partnerships EMEA, MediaMath
2016 will be marked by increased collaboration, awareness, and trust in the industry. Despite efforts by fraudsters to cheat the system, we and others in the industry are making strides towards making the digital ecosystem a safe place for brands, publishers, and users.
Be sure to check out our report ‘How we fought bad ads in 2015’ for additional information on how we also kept bad ads out of our systems.