January 25, 2017 AudienceScience

Stopping The Next Methbot Requires New Rules For Fighting Fraud

[This article originally appeared in AdExchanger on January 25, 2017]

Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.

Today’s column is written by Michael Greene, vice president of product strategy at AudienceScience.

The recent report from online ad fraud-detection vendor WhiteOps about the millions of dollars lost to the Methbot fraud operation was the holiday gift that keeps on giving. Many brands, agencies and tech vendors spent their holiday breaks in a sweat, hoping that they weren’t affected by the Russian fraud ring.

But while Methbot’s gains – to the estimated daily tune of $3 million to $5 million in advertisers’ lost budget – are certainly noteworthy, they’re simply the latest chapter in a long fraud story that the ad industry continues to write year after year.

The truth is that as long as the industry continues to buy into fraud-fighting myths, stories like this will continue to break. The only way to prevent the next Methbot is for all of the players – buyers, publishers and tech vendors – to completely rewrite the rules on how we approach fraud detection and avoidance. Doing that starts with debunking some of the biggest myths about fraud.

To Avoid Bots, Just Buy ‘Premium’

After the Methbot revelations, pundits have advised agencies and brands to protect themselves by buying only from a small number of known high-quality publishers. If only fighting fraudsters were that easy.

Analysis has revealed that Methbot was largely spoofing some of the most desirable – and highly priced – ad inventory out there, including desktop and in-stream video on seemingly premium US publishers. Moreover, as pointed out by WhiteOps, Methbot also worked its way into private marketplace deals.

Buying on a strict whitelist or running only private marketplace deals wouldn’t have protected advertisers from Methbot, and it certainly won’t protect them from the next sophisticated bot net. Likewise, retreating into social “walled gardens” doesn’t provide protection, as fake profiles and click bots abound. In fact, with their higher CPMs and potential payouts, premium domains and ad formats provide the biggest incentives for fraudsters and will most likely be targeted by future bot nets.

Domain And IP-Address Blocking Are Enough To Stop Fraud

Have no doubt, blocking domains and IP addresses deemed to be hubs of nonhuman traffic remain core to effectively fighting fraud. There is a reason why the Trustworthy Accountability Group’s Anti-Fraud Working Group has made these functions core to its efforts. These are critical capabilities that – when communicated effectively across advertisers, agencies, publishers and technology vendors – can cut out major sources of nonhuman traffic and fraudulent activity.

That being said, these are inherently reactive mechanisms often requiring advertisers to suffer from significant volumes of nonhuman traffic before tech vendors can identify offending domains or IP addresses and apply the appropriate protections. Relying on these protections alone is akin to relying on antibiotics while ignoring basic hygiene and a healthy diet.

Needed: Better Preventative Medicine

To effectively minimize the effects of fraud and nonhuman traffic, the digital ad industry needs a new, proactive approach baked into every part of the ad buying and serving process. I see two major components of this solution which, if applied correctly, can help minimize the impact of nonhuman traffic on advertisers and the dramatically reduce the incentives for fraudsters.

One is sorting legitimate from nonhuman impressions using demand-side platforms (DSPs) – which have access to massive volumes of bid-stream data – and major ad exchanges – which have extensive tag or SDK-level visibility directly onto the publisher’s page or app.

Beyond examining domain and IP-level signals, tech needs to filter through massive volumes of bid-stream and device-level data to identify user-level patterns to help distinguish real humans from bots. In contrast, relying on reactive approaches alone leaves buyers highly exposed for weeks, if not months, to sophisticated bot nets.

There must also be financial transparency across the supply chain.

Fraudsters will continue to ramp up their efforts and grow in sophistication as long as it pays. While preventative and reactive blocking are key to any solution, advertisers, agencies, publishers and tech platforms should be collaborating on other ways to cut off payments to fraudsters.

Today, complex supply chains help fraudsters hide behind legitimate inventory sources. Moving forward, industry initiatives, such as a payee ID, will reduce incentives for fraud by helping agencies, DSPs and exchanges more easily identify companies making money off fraud and withhold payment from these nefarious actors. Additional collaboration between exchanges and verification providers to share information on sources of nonhuman traffic will allow advertisers to withhold media payments to those inventory sources.

Retreating to the media-buying strategies of the past won’t stop the next Methbot. Leave no doubt: Digital advertising will never be bot-free. But with the right technologies, transparency and collaboration among buyers and sellers, digital advertising – including open exchange programmatic buying – could soon become safer and more accountable than virtually any other media type.

Follow AudienceScience (@audiencescience) and AdExchanger (@adexchanger) on Twitter.