Ad fraud is one of the major problems that is being faced by parties involved in the ad tech industry. According to TrafficGuard, advertisers lose 26% of their ad campaign budget due to ad fraud if they don’t have any fraud detection solution in place. To top it off, this is just the direct cost of ad fraud, which is further increased by taking into account indirect costs.
Fraudulent activities affect advertisers the most, since they have to pay for fake impressions and audiences. But this is not to say that publishers are not impacted negatively by ad fraud. The value of ad inventories can be decreased substantially due to ad fraud. Therefore, it is imperative that publishers know how to deal with such activities.
Let’s take a close look at what ad fraud is before moving on to how to detect it.
What is Ad Fraud?
Google defines ad fraud as “Any clicks or impressions that may artificially inflate an advertiser’s costs or a publisher’s earnings”. Invalid traffic covers intentionally fraudulent traffic as well as accidental clicks.
AdSense ad fraud can be demarcated into three broad subcategories:
Ad Placement Policies: This relates to the position of ad placements on your website. This includes placing ads that might encourage accidental clicks or near navigation/pagination menu.
Content Policies: This relates to placing ads on content that is not deemed viewable with the family or placing ads in places where illegal content is downloaded (like Torrentz).
Traffic Policies: This includes, but is not limited to:
- Clicks or impressions generated by publishers clicking their own live ads
- Repeated ad clicks or impressions generated by one or more users
- Publishers encouraging clicks on their ads (examples may include: any language encouraging users to click on ads, ad implementations that may cause a high volume of accidental clicks, etc.)
- Automated clicking tools or traffic sources, robots, or other deceptive software
Of course, most AdSense account holders will not try to inflate their metrics using the tactics listed above. But there are some nefarious business models lurking that may harm your site by indulging in ad fraud.
How to Know if You’ve Been Attacked?
You have the option of using paid tools like IAS or Moat, which work by placing a wrapper around the ad unit and pinging its network of sites list where inventory is already classified as safe/malicious. However, most of these tools are quite costly and outside the reach of what small and mid-size publishers can afford.
Thankfully, fraud detection in Google Analytics can help you verify if there is something fishy going on with your site. These ad frauds include but are not limited to Domain Spoofing, Cookie Stuffing, Ad Injection, and click farms.
Also Read: 5 Types of Ad Fraud (and How They Affect Publishers)
How to Detect Invalid Traffic and Ad Fraud Using Analytics?
Given that Google Analytics is a free tool, there are certain trade-offs you’ll have to make here. You’ll never be able to be 100% accurate in detecting all ad fraud and come up with an exhaustive list of sources that are causing fraud but you can get really close. There are a lot of directional indicators in GA that can point to fraud on your site. A couple of these are:
Indicator #1: Bounce rate is 100%
In analytics, a bounce is calculated specifically as a session that triggers only a single request to the Analytics server, such as when a user opens a single page on your site and then exits without triggering any other requests to the server during that session. There is very little chance that none of your visitors are going to the second page after visiting the first page. If your bounce rate is close to 100%, it’s an indication that most of your traffic is bot/invalid traffic.
Indicator #2: Average Session Duration close is 0 seconds
The average session duration is the total duration of all sessions (in seconds) divided by the number of sessions. Mathematically, the average can be zero only if all your visitors are on the site for less than a single second, which is highly unlikely. This scenario again, like the one above is an indication of bot/invalid traffic.
To detect ad fraud in Google Analytics, you can access both these metrics under the Audience subsection of Google Analytics.
Here is how you can get there:
- Log in GA
- Go to the Audience section
- Click the Overview section
- You’ll find both your average bounce rate and average session duration listed there
Now that you know that your site has bot traffic, how can you find out who is responsible and block the traffic source?
Filtering Suspicious Traffic Sources
You can apply a complex filter to figure out the IP address sending this bot traffic to your site so the source of ad fraud can be clear.
- Log into GA.
- Go to Acquisition > All Traffic
- Select the Channels subsection
- Use Network Domain as a secondary filter. This will also give you the network ID connected to each domain
You will then begin to notice a trend of what website/ network domain sends you traffic that has 0 session duration with an average time on page <1 second. It is best to filter out this bot traffic by setting up a traffic filter.
Next, you have to filter out the network ID of the spurious traffic source. This can be set up via Filters in Google Analytics.
- Go to the Admin section.
- Click View > Filters
- Go to Create New Filter
- Enter the ID of the suspicious network
- Click Save
Given ad fraud detection in Google Analytics is fairly easy, more and more publishers should make use of this to publicly call out IPs that are doing damage for the greater good of the publishing ecosystem.
This is very helpful and will help me fight fraud from today. One of the problems must advertisers and publishers have been faced within the industry. An understanding of how to detect fraud and prevent potential fraud is well laid out here. Have not seen a detailed post about this topic before till today.
Thanks for taking the time to educate us.
Thank you for this. The “blocking” of bot traffic is only filtering it in reporting. There is no site blocking of this traffic, correct?
That is correct Brian. Once the filtering is in place, the Google Analytics interface will just filter out (and not block) the traffic coming in from a certain IP address. You’ll have to make use of more sophisticated tools to block those IP’s.