Solving Ad Fraud: Algorithms & the Human Eye Test

Stuart Macdougall, SourceKnowledgeTypically our editorial policy is clear on the issue of whether contributions from ad tech companies shouldn’t promote their own platforms or methodologies, as readers can usually do without the sales pitch. However, sometimes it’s both necessary and useful to allow companies to talk about what they’re doing internally, especially when it comes to issues like fraud, where the wider industry could benefit from a more transparent discussion. In that spirit, Stuart Macdougall, CTO SourceKnowledge, a DSP that focuses mainly on the North American market, explains his company tackles fraud.

The worst kept secret in digital advertising is bot traffic is still a major problem. Recent projections have estimated that more than $7 billion in advertising spend will be wasted this year. It’s a problem that doesn’t look like it’s going away anytime soon. Before looking at a strategy to remove non-human traffic from the advertising ecosystem, as an industry we first need to acknowledge and understand the issue in more depth.

As a demand side platform (DSP), SourceKnowledge does not work directly with publishers. Rather, we act on ad opportunities through partnerships with supply side platforms (SSP) who are integrated with hundreds of millions of websites. While there is a level of abstraction between our company and publishers, our team is still very much aware that fraud is an issue that requires solutions at every level of the ad stack.

We know that relying on technology solutions alone is simply not enough. Our operations team works in conjunction with our tech team to combine manual and algorithmic detection techniques. When a questionable source is identified, it is flagged for investigation and shut down temporarily. If we confirm a source is indeed fraudulent, we do not pay the supply side partner for this traffic or charge the advertiser. In general, this is done on the site-page level and detection occurs before a campaign runs a substantial amount of impressions. We maintain an internal list of banned sites which we maintain diligently. We don’t publish the list in the town square publicly, but we share the list with our partners in the interest of maintaining a healthy, transparent ecosystem. In fact, operationally it’s beneficial to us to only receive traffic we will actually bid on. Eliminating bot traffic ultimately reduces our cost of operations.

I believe good reporting systems and applying an 80/20 approach to identifying fraud can dispense with the most blatant examples. We keep a very close eye on the top 20 or so domains supplying traffic. If any new sites shoot up unexpectedly, this is an automatic flag. Sites driving a large amount of traffic that do not seem to turn up when you query a major search engine are also immediately suspicious. Our team can eliminate a lot of questionable sources just by looking at this type of observational data. Fraudsters try to run big numbers, so most of time they are not subtle. The best strategy is to develop transparent and easy to use reporting so our operations team can monitor traffic quality closely. If you know what to look for it is not really that difficult.

We also have our own proprietary automated security suite called RunSafe, but I think most major ad tech companies likely have similar solutions. I say “likely” because no one will reveal exactly what they do and they all claim to have some technology secrets. I was a programmer and I have a strong development team, so I don’t really believe in these kinds of secrets. We work with exactly the same technological building blocks everyone else is working with. If you know how to use them and you know how they work it isn’t a secret anymore. There’s only so much any company can do with the technology to solve these types of problems. Our systems, especially the run-time ones, work very well for us when measured against other solutions.

At SourceKnowledge we use business outcomes and marketing metrics related to conversions to evaluate the success of campaigns. It makes you view the whole fraud situation differently. You are most vulnerable if you are running large, loosely targeted campaigns that rely solely on metrics like completion rate or click through rate as KPIs. The majority of advertisers  we’ve worked with in the last year have real business goals and measure success based on post-click user behavior like average order value or time to first purchase. Fraudsters have trouble making these campaigns look good so it becomes a matter of whether traffic converts or not for a campaign. It takes the wind out of the fraudsters sails a bit when they can’t falsify clicks or a high viewability score.

No one in the industry wants fraud, and there is a bit of fear as an industry that we aren’t detecting all of it.  But we regularly have very open conversations about this with our partners. These conversations are often in the context of which traffic quality company has been engaged to analyze and filter traffic and how will they match up with what we observe. Of course each of these players has their “secret sauce”. I think what is missing is a broader discussion of what technology changes could be made within browser and app technology to help support the development of anti-fraud efforts and online advertising in general. I think the people that build the basic technological building blocks of the internet should look at how important advertising is to this ecosystem and start building tech that supports it in a sustainable way. I’m a technologist, so of course I don’t ever side with the proprietary approaches for this kind of thing. I like open and powerful tools that would set an even base for the online advertising industry to thrive.

Fraud vendors can also have a role in our space. In almost every conversation about traffic and fraud, players like Integral Ad Science, DoubleVerify, or White Ops come up. Many major players in the industry are using them. The biggest issue surrounding these types of vendors is the question of if the supplier of traffic should pay them to police the traffic before they sell it, or if it is a “buyer beware” marketplace and the advertiser is responsible to apply it to the traffic they buy. Sometimes both happen and multiple vendors end up measuring the same traffic. Inevitable discrepancies result. I’d like to see a more even playing field in ad tech where the technology itself has shared standards for helping to prevent fraud.

Unfortunately, merely fighting off fraud with the right products, resources and third-party vendors can be costly. We’ve done a good job of limiting cost on this issue as we have a strong dev team that has developed our own systems that matches up really well with other major vendors report when we have an advertiser use them. Our RunSafe security suite routinely flags approximately 30 percent of the traffic supplied to us. We limit the impact internally and for our advertisers but obviously avoiding the issue by stopping these traffic sources from sending erroneous traffic to begin with is what we strive for as it improves overall campaign efficiency.

Of course, not everyone has a dev team that can build something as effective as this, so they have to engage a vendor and this can get pricey which ultimately drives up the cost for the advertiser. From an engineering perspective that’s a simple buy-vs-build question. However, if some vendor emerges as the absolute industry standard and can provide significantly better results, it might be advantageous to go with them. I haven’t seen that yet, so we continue to build.

At the end of the day, knowing the best practices, implementing them properly and researching the third-party vendor market can offer a level of protection. It’s not only an advertising industry issue; fighting ad fraud helps everyone who consumes online content.

Subscribe to Weekly VAN Newsletter

Ad TechVerification