The cat’s out of the bag. Brands now know that a huge chunk of their ad dollars are wasted on ads that never appear before a human. That’s part of the reason why the biggest media buyers are insisting on MRC (Media Ratings Council) accredited ad verification.
For those not yet familiar with this bit of ad tech, IAB has a definition (edited slightly for clarity):
Ad verification is a service that offers technology to ensure (buyers) that ads appear on intended sites and reach the targeted audience.
Ad verification is supposed to be integrated with every ad networks, exchanges, SSPs, basically anyone who sells advertising space online, to provide a safeguard for brands, advertisers, and agencies that buy it.
IAB guidelines specify five key areas covered by ad verification vendors:
- Site Context
- Ad Placement
- Competitive Separation
- Fraud Detection: Click fraud and impression fraud
Some vendors will also bundle ad viewability and audience measurement services with ad verification, for good measure. But why are they necessary?
Advertisers Don’t Trust Ad Tech and They’re Right
If you keep up with ad tech and martech news, you probably remember endless stories in March this year, denouncing YouTube for “enabling the spread of hate speech/content” by letting ads appear next to it. YouTube almost faced a full-scale advertising boycott and lost millions as the episode played out.
But since YouTube is a platform with over a billion users worldwide, advertisers weren’t going to wash their hands off it entirely. Most advertisers returned, but only after Google made assurances, changed policies, and put in some ad hoc advertiser controls to prevent this from happening again.
For a lot of YouTube content creators, that meant a sharp decline in revenue.
Before that, in December last year, the Methbot report from WhiteOps detailed how an advanced bot was stealing millions of dollars per day of ad spend from various exchanges by spoofing premium domains and generating fake clicks from high-value video inventory.
Further back in 2016, Facebook took flack for vastly misreporting “average video watch time”, a non-billable metric, on its platform. The ensuing outrage was enough to bring down the wrath of ANA (Association of National Advertisers) on it.
Amidst all the madness came Marc Pritchard’s seething remarks at IAB annual leadership summit:
Regardless of how much we respect the people from whom we buy our media, we need an objective, impartial judge to perform the measurement. Too many players are self reporting, and incredibly, we as clients, are still tolerating it, accepting excuses like “we have a walled garden” or “technology won’t allow it”. This is like letting a fox guard the henhouse. It’s a bad idea putting someone in charge of a job where there’s a conflict of interest.
— Marc Pritchard, Chief Brand Officer, Proctor & Gamble
As a result, every major media seller today has had to give way before advertiser demand for third-party, MRC accredited ad verification: Twitter adopted Moat and Integral Ad Science (IAS) for viewability and verification. YouTube began working with IAS to offer more brand-safety tools to marketers. Both YouTube and Facebook opened themselves to MRC audits. Trustworthy Accountability Group (TAG) began making rounds to enforce compliance by auditing ad exchanges and branding them as “certified against fraud”.
But cynical among the industry think it’s a dog-and-pony show, more for providing assurances than to really curb ad fraud.
Ad Verification and Ad Tech are Still at Odds
This is a self-serving industry, and ‘fraud-watch’ is a massive opportunity. Conversations revolved around ad fraud at Dmexco, as Seb Joseph reports on Digiday:
If you look at these viewability and ad fraud technologies here at the conference, they’re doing great business, but their models aren’t just about fighting fraud; they’re selling fear because if they don’t, they can’t sell the tech to the SSPs or DSPs.
The ubiquity of fraud itself is a point of contention among ad verification companies and fraud researchers / consultants; each exaggerating or downplaying the threat to suit their interests.
For instance: Some ad fraud researchers claim that as much as eighty percent of bot traffic still manages to pass by undetected, all through the simple matter of a verification vendor account falling into wrong hands.
After getting access to the verification company’s data and dashboard, the traffic resellers continuously test different tactics until they notice what trips a verification company’s filter. Once a tactic — like forcing a bot to execute a precise combination of mouse movements and clicks — is shown to work, the reseller uses the tactic on the traffic it sells on the open market.
— Augustine Fou, ad fraud researcher (via Digiday)
Ad verification companies claim the consultants are peddling fear:
Fraud researchers have their own incentive to make it seem like fraud is the biggest problem out there. It is a big problem, but in some cases it can be blown out of proportion.
— Amit Joshi, director of product and data science, Forensiq
Agencies can’t curb fraud (or pretend that they have their hands clean), as one Redditor explains:
The robotic traffic sellers are incentivized to send through traffic with high CTRs and high viewability rates, so optimizing towards those metrics (and not on actual business outcomes, like sales) means that your chances of buying fraud increases. Many agencies want to make as much of a profit on the execution as possible while trying to make themselves look good, and vanity metrics such as CTR and VTR are a way to do that.
Ad networks / exchanges trying to prevent bot traffic from getting in the system (by partnering up with verification companies), don’t address the underlying problem, as AppNexus CEO Brian O’Kelley explains:
First, it tells the bad actors who’s running the Turing test [fraud detection], and thus which interrogator [verification tech] they’ll have to trick to get paid. I’m willing to bet that search results for “White Ops safe traffic” increase dramatically over the next couple of months after the recent Trade Desk (TTD) partnership announcement.
Second, it provides an easy scapegoat. I can’t tell you how many publishers have said to me, “It’s not my fault I have bad traffic; I use vendor X to detect it.” It is your fault if you have bad traffic! Somebody in your supply chain is buying bad traffic, and you’re hoping to get away with it.”
So while the ad tech companies play hot-potato with blame, it will eventually come down to the media-seller.
Are Publishers Accountable for Fake Traffic?
Short answer: Yes.
O’Kelley explains how most of the fraudulent traffic ends up inside the programmatic supply chain:
Since there’s a strong incentive for publishers to buy cheap traffic, there’s a significant market for bad actors to generate traffic and sell it to them—as long as they can avoid detection. When a bad actor wants to make a bunch of money, they generate traffic and sell it to a publisher, creating ad impressions that flow through the digital advertising ecosystem, eventually soaking up money from well-meaning marketers. Traffic that looks human and gets past detection systems will drive revenue for the publisher and the bad actor. This is a fundamental failure of the supply chain.
MRC has standardized some fraud detection methods but left enough wiggle-room for verification companies to keep proprietary detection-tech under wraps. Theoretically, it’s great—it gives everyone a competitive edge, while keeping bad actors in the dark about advanced bot detection methods. Realistically, it’s only added hassle for the publisher.
With increasing number of demand partners (SSPs / ad networks / ad exchanges) partnering up with verification companies of their choice to curb fraud, signing up to them becomes a landmine: What one vendor (and the demand platforms which use it to monitor fraud) categorizes as IVT may not raise flags on another.
And IVT is one type; even good, clean publishers could end up in muddy waters thanks to ad fraud in the form of domain spoofing.
“Every time a perpetrator fakes a domain, the market is hit with fake metrics. That dilutes a publisher’s brand in the industry as advertisers and platforms see a mix of metrics that don’t accurately represent a publisher’s inventory.”
— Manny Puentes, CEO of Rebel AI (via AdExchanger)
In the end, a publisher will end up paying out of their pocket to integrate with an ad verification partner, resolve an issue, and keep their IVT (Invalid Traffic) from going above a certain acceptable percentage.
To fight back, adopt Ads.txt: An imperfect measure without mass adoption, ads.txt still works to protect your domain from spoofing and resellers by taking away the monetary incentive from them. Exchanges and networks are already enforcing ads.txt by asking their publisher partners to place it on their site.
From our own Publishers’ Guide to Ad Fraud Prevention:
- Check the verification vendor’s MRC accreditation: MRC has standardized some practices when it comes to detecting most general and some sophisticated bot traffic. All accredited companies will follow those rules.
- Monitor (or avoid) sourced traffic: It’s found to be three times more likely to contain bots. Brian O’Kelley, advises publishers to think carefully before answering this: “Are you willing to stake your business on this traffic source (since if it’s sending fraudulent traffic, we [demand sources] will terminate you)?”
- Focus on direct sales: Fewer touchpoints between buyer and seller significantly reduces the chance of someone else stealing your revenue.
Buyers want to pay for human audiences, not bot generated traffic. They want to pay for impressions that have a chance to be seen (i.e., viewable). They want to prevent their ads from appearing next to content which will harm their brand image (brand-safety). They want standard metrics and unified data across platforms to draw actionable insights from.
Remember that as the longer ad fraud stays under spotlight, the higher will be the value of clean inventory.