ADOTAS — Ad networks and search engines face challenging conditions when dealing with click fraud, the practice of generating clicks or impressions that have no economic value to the advertiser due to malicious intent on the part of the clicker.
The rate of adaptation for fraudsters often exceeds the ability for a given ad network to keep its detection methods up to date. While most ad networks today are equipped to address unsophisticated methods of fraud, existing vulnerabilities create lucrative opportunities for a large population of sophisticated fraudsters to refine their trade. And as ad networks, search engines, and ad agencies slowly but surely plug holes in their existing detection methods, click fraudsters adapt to stay one step ahead. Click fraud is an arms race, and the online advertising industry would do well to learn from other industries that have experienced similar challenges.
One industry that has experienced similar parallels is email. As Internet usage grew and email became ubiquitous, so too did email spam. Fraudsters actively used spam to exploit unsuspecting individuals by launching phishing attacks to mislead them into providing access to their financial information, or malware attacks to install malicious code on computers. This activity became so prevalent that nearly every major email service provider was intimately familiar with active perpetrators behind schemes such as the Nigerian fraud scam.
Spam volume has grown exponentially in the last decade and currently outpaces email volume. In fact, spam accounts for 97% of all email sent online, according to a recent report byMicrosoft. Email service providers like Yahoo!, Microsoft, Gmail, and AOL initially tried to fight spam independently, but eventually recognized that spam filtering could be more effectively managed through partnerships with companies that specialized in it.
As a result, each turned to third party solutions providers like Brightmail, TrendMicro, ReturnPath and IronPort, which had developed expertise in identifying and filtering spam. By leveraging third party technologies to fight the spam arms race, email service providers were able to provide a safer inbox experience while focusing more of their efforts on core email features and functionality. Meanwhile, the industry moved towards establishing standards for email authentication in order to improve reliability and transparency. Email providers rapidly adopted DomainKeys and Sender ID, thereby demonstrating an industry-wide collaboration to fight the scourge of spam.
Like spam, click fraud will not go away as long as there is economic gain to be had by the perpetrators. As a greater share of advertising budgets shift online, and vulnerabilities continue to be exploited at the expense of advertisers, click fraud will continue to be a significant problem for the online advertising industry. And while spam still exists, for most consumers, its impact has been minimized to an annoyance factor rather than a dangerous threat.
We can learn a lot from email service providers to alleviate the negative impact of click fraud. First, coordinated, standards-based collaboration is needed to address click fraud. Perpetrators are extremely active in sharing data via blackhat forums and IRC channels about vulnerable networks and the means with which those vulnerabilities can be exploited. Meanwhile online ad providers share little to no information.
In much the same way that fraudsters compare notes on how to exploit the system, legitimate industry players should share data about fraudster identities and discuss how to stop them. Google’s groundbreaking paper, “The Anatomy of Clickbot.a” from 2007 and more recently, the IAB standards from the Click Measurement Group represent a couple of great first steps towards sharing and collaboration. However, we need even more collaboration if we want to attack the problem of click fraud head-on.
The second lesson we should learn from email providers is the necessity of leveraging third-party providers. If incented correctly, these solutions providers are motivated to provide the highest level of protection to grow their customers’ business in the long term. The competitive advantage third parties have against others who fight this battle alone lies in their ability to analyze and derive insights from multiple ad providers and their advertisers’ ad traffic.
As a result, each partner benefits from the collective intelligence of that third party network. For example, many large scale perpetrators have their own unique fraud signatures that third parties can identify across their networks of clients. As soon as that fraud signature shows up in traffic data, the third party can stop the attacks before they have a chance to inflict any damage.
I strongly encourage ad networks and search engines to engage in timely information sharing to discuss best practices on how to address threats from fraudsters. Anchor Intelligence has recently created a resources section on our website to facilitate just that. There, among several other resources, you will find the Click Fraud Glossary, which provides a set of definitions for the industry to ensure that everyone speaks the same language when discussing issues pertaining to click fraud. I also encourage the industry to review the IAB standards for Click Measurement.
Finally, I encourage industry participants to partner with third party solutions providers to collectively establish a strong front line of defense against the threat of click fraud. If we collaborate as an industry and develop a true, shared set of standards while collectively building a secure line of defense, we can put up a worthy fight in the click fraud arms race and ultimately force the perpetrators to give up on making money at the expense of online advertisers.
— Express your opinion, comment below.