The rate of adaptation for fraudsters often exceeds the ability for a given ad network to keep its detection methods up to date. While most ad networks today are equipped to address unsophisticated methods of fraud, existing vulnerabilities create lucrative opportunities for a large population of sophisticated fraudsters to refine their trade. And as ad networks, search engines, and ad agencies slowly but surely plug holes in their existing detection methods, click fraudsters adapt to stay one step ahead. Click fraud is an arms race, and the online advertising industry would do well to learn from other industries that have experienced similar challenges.

One industry that has experienced similar parallels is email. As Internet usage grew and email became ubiquitous, so too did email spam. Fraudsters actively used spam to exploit unsuspecting individuals by launching phishing attacks to mislead them into providing access to their financial information, or malware attacks to install malicious code on computers. This activity became so prevalent that nearly every major email service provider was intimately familiar with active perpetrators behind schemes such as the Nigerian fraud scam.

Spam volume has grown exponentially in the last decade and currently outpaces email volume. In fact, spam accounts for 97% of all email sent online, according to a recent report byMicrosoft. Email service providers like Yahoo!, Microsoft, Gmail, and AOL initially tried to fight spam independently, but eventually recognized that spam filtering could be more effectively managed through partnerships with companies that specialized in it.

As a result, each turned to third party solutions providers like Brightmail, TrendMicro, ReturnPath and IronPort, which had developed expertise in identifying and filtering spam. By leveraging third party technologies to fight the spam arms race, email service providers were able to provide a safer inbox experience while focusing more of their efforts on core email features and functionality. Meanwhile, the industry moved towards establishing standards for email authentication in order to improve reliability and transparency. Email providers rapidly adopted DomainKeys and Sender ID, thereby demonstrating an industry-wide collaboration to fight the scourge of spam.

Like spam, click fraud will not go away as long as there is economic gain to be had by the perpetrators. As a greater share of advertising budgets shift online, and vulnerabilities continue to be exploited at the expense of advertisers, click fraud will continue to be a significant problem for the online advertising industry. And while spam still exists, for most consumers, its impact has been minimized to an annoyance factor rather than a dangerous threat.

We can learn a lot from email service providers to alleviate the negative impact of click fraud. First, coordinated, standards-based collaboration is needed to address click fraud. Perpetrators are extremely active in sharing data via blackhat forums and IRC channels about vulnerable networks and the means with which those vulnerabilities can be exploited. Meanwhile online ad providers share little to no information.

In much the same way that fraudsters compare notes on how to exploit the system, legitimate industry players should share data about fraudster identities and discuss how to stop them. Google’s groundbreaking paper, “The Anatomy of Clickbot.a” from 2007 and more recently, the IAB standards from the Click Measurement Group represent a couple of great first steps towards sharing and collaboration. However, we need even more collaboration if we want to attack the problem of click fraud head-on.

The second lesson we should learn from email providers is the necessity of leveraging third-party providers. If incented correctly, these solutions providers are motivated to provide the highest level of protection to grow their customers’ business in the long term. The competitive advantage third parties have against others who fight this battle alone lies in their ability to analyze and derive insights from multiple ad providers and their advertisers’ ad traffic.

As a result, each partner benefits from the collective intelligence of that third party network. For example, many large scale perpetrators have their own unique fraud signatures that third parties can identify across their networks of clients. As soon as that fraud signature shows up in traffic data, the third party can stop the attacks before they have a chance to inflict any damage.

I strongly encourage ad networks and search engines to engage in timely information sharing to discuss best practices on how to address threats from fraudsters. Anchor Intelligence has recently created a resources section on our website to facilitate just that. There, among several other resources, you will find the Click Fraud Glossary, which provides a set of definitions for the industry to ensure that everyone speaks the same language when discussing issues pertaining to click fraud. I also encourage the industry to review the IAB standards for Click Measurement.

Finally, I encourage industry participants to partner with third party solutions providers to collectively establish a strong front line of defense against the threat of click fraud. If we collaborate as an industry and develop a true, shared set of standards while collectively building a secure line of defense, we can put up a worthy fight in the click fraud arms race and ultimately force the perpetrators to give up on making money at the expense of online advertisers.

– Express your opinion, comment below.

More than ever, marketers around the country are taking a closer look at their advertising expenditures and asking, “What did I just get from this?!” They are facing reduced budgets and looking for the biggest bang for their advertising buck. They are increasingly intolerant of low-performing and hard-to-measure ad campaigns. They want answers today, and they want better answers tomorrow. And since CPC and CPA advertising provide more measurable ROIs than do other forms of brand advertising, marketers are expected to allocate a higher proportion of their reduced budgets to online advertising. The result is that online advertising is expected to be fairly resilient in the coming year. But that resiliency will be matched with intense scrutiny as marketers seek to maximize ROI to the fullest possible extent. As a result, marketers are expressing a renewed interest in the subject of click fraud (a.k.a. unwanted traffic) and how it is distorting their ad campaign’s performance.

Click fraud can be defined as clicks or impressions that have no economic value to the advertiser due to malicious intent on the part of the clicker. A click may be fraudulent when the clicker has no intention of converting, giving the advertiser no chance to reap a return on their investment in that click. Unfortunately, intent is difficult to determine and quantify leading to confusion in the industry as to what constitutes fraud. For instance, Seth Godin’s blog post on “thank you” clicks sparked weeks of online debates about the differences between “thank you” clicks, click fraud, and invalid clicks. Putting semantics aside, click fraud matters because fraudulent clicks reduce the ROI of an online advertising campaign, and when shrinking ad budgets become increasingly concentrated online, that sort of reduction in ROI is not acceptable.

Click fraud is already a concern among search marketers. In fact, 76% of advertisers believe that at least 5% of online advertising activity is fraudulent, according to June 2008 Canaccord Adam’s Online Ad Survey. Furthermore, according to cybersecurity researchers at the Shadowserver Foundation, more desktop machines are becoming infected with malicious software than ever before. Over the past year, the number of PCs ensnared in botnets – herds of users’ computers infected with malicious software that sends spam or performs click fraud – has more than quadrupled. Advertisers are right to be wary of click fraud.

Given that click fraud drives down advertiser ROI, marketers will become increasingly concerned with click fraud in 2009, and this could adversely affect online advertising growth much the way ID theft affected online commerce in the early days of the Internet.

As online advertising continues to account for a greater percentage of advertising spend and the economy continues to find its way, the issue of click fraud will shape how marketers choose advertising networks. However, ad networks are in a position to capitalize on this unique opportunity. By aggressively filtering out bad traffic and instilling a sense of confidence among advertisers during this time of economic uncertainty, secure ad networks are finding they can draw new advertising dollars their way. Networks looking to attract these ROI-focused marketers will recognize that third-party traffic quality solutions with the means to identify click fraud are not just helpful, but vital to their success. The revolution is underway, and it is incumbent upon all of us to ensure the online ad industry matures and reaches its potential of becoming the largest ad-spend medium in the world.