With the growth in programmatic advertising and the automation of relationships between buyers and sellers; a certain level of discomfort has risen around the quality of the inventory that is available. Some popular media outlets like to stress that massive ad fraud is benefitting money launderers and drug cartels but what is really going on? Is there really a widespread fraud issue or is Joe User at the heart of the problem?


How do you define whether an ad has been viewed or not? The MRC (Media Rating Council), the US audience measurement rating service, has officially defined “viewable” as at least 50% of a banner being on the screen for at least one second. A fraudulently displayed ad cannot be defined as viewable.

This definition raises a delicate point in that viewability is, to some extent, subjected to user behaviour. A recent study by Integral Ad Science across their entire network showed that slightly over half of all impressions are non-viewable, of which 39% are displayed outside the user’s screen area. This could be due to one or more aspects of the user’s behaviour. The most common cause is a partial exposure to the page as the user may have left before getting to the end of the content. Impatient or multi-tasking users also contribute to this by scrolling down before the ads have fully loaded or reducing the browser to the taskbar so they can dive back into their Excel sheet rather than wait for that cat video to load.


What about the remaining 11.5% of visible ads – they must be fraud then? Not necessarily; a publisher who refreshes a page more often than standard, who mismanages the user’s parameters so the ad appears off screen or simply has coding errors which prevent the page from loading correctly isn’t fraudulent – just not of the right level of quality.

Ad fraud does exist though, even if the situation isn’t as catastrophic as some of the more generalist media would have us believe. It exists and it is well organised. There are two main categories of fraudulent advertising activity in a programmatic environment: sites that voluntarily fool advertisers into thinking their ads have been displayed and organisations that operate software or groups of users to trigger ad spend.

In the first category, dishonest publishers have various means at their disposal:

  • Pixel stuffing: injecting an ad driven site into a 1×1 pixel.
  • Ad stacking: displaying multiple ads in the same space one on top of each other so that only the top one can be seen and actioned.
  • Domain identity theft: hard coding the name of a legitimate publisher into the ad unit.

The second category is on a more massive and global scale as it can involve the use of large teams of people or the hijacking of hundreds of thousands of computers using specially adapted malware. It is in this case that we refer to “botnets” ie networks created by bots or automated programs. They use the following methods:

  • Crowd sourcing: remunerating thousands of users to “read” a piece of content
  • Incentivised ad networks: rewarding users who click on ads with points, coupons, bitcoins etc.
  • Click farms: where large groups of people with multiple mobile devices change SIM and IP addresses on a regular basis to click on ads.
  • Bots: computer programs delivered via malware or viruses that open browsers in the background and surf sites without the computer’s owner being aware.

It is specifically these bots that spread the most fear. Botnets like Chameleon or ZeroAccess hit the headlines when they infect impressive numbers of computers, ironically often piggy backing on consumers’ needs for privacy by infecting pop-up blockers. Chameleon generated upwards of $6 million for its authors via a network of 120 000 computers whilst ZeroAccess was using 685 000 infected PCs to display 140 million banners every day!

It’s a problem as old as the Internet and existed of course in search before this sector was pretty much consolidated. The fragmented nature of display has produced a variety of loopholes that can be exploited by less scrupulous players and prevents us from understanding the true scale of the problem. Headlines in respected media such as the Wall Street Journal claim that over a third of online ads could be fraudulent (“A ‘Crisis’ in Online Ads: One-Third of Traffic Is Bogus”). This kind of headline fuels the rumours and lack of trust based on statements from the IAB that 36% of traffic on the internet is non-human which were in turn taken from a Comscore blog written in 2012. The statements are true enough but the blog also states that the number could be as little as 4% and doesn’t actually say that this is ad fraud. The Financial Times amplifies the problem by publishing conclusions from an analysis of RocketFuel’s traffic by Telemetry. The FT explains that 57% of 365 000 ad impressions were “seen” by computer programs. RocketFuel responded, stating that the paper misinterpreted the data and the number is closer to 6%. Since then RocketFuel mandated ForensIQ to analyse over 142 million impressions and they found that 3.72% of ad impressions had a high risk of being from a “robotic” source – a massive difference with the numbers that ran in the paper. These alarmist articles, the general lack of understanding and, especially, of standards can have serious impacts on publically traded companies such as RocketFuel who provide advertising inventory. RocketFuel have since integrated a free traffic analysis service to reassure advertisers on the quality of their traffic.

Is there a solution?

The IAB has implemented a standard and is asking actors in the industry – principally publishers and their suppliers to adhere to the following anti-fraud principles:

  • Fraud detection – the publisher must put commercial and technological processes to identify fraudulent traffic. This traffic must not be sold.
  • Source identification – the publisher must clearly identify the specific URL of the ad unit. The publisher or the exchange may mask this if sufficient trust exists between the buyer and the seller.
  • Process transparency – each source of inventory (publisher, SSP, exchange…) must describe in detail the processes that have been put in place to detect fraud and identify the source.

These principles were formalised in the US in September of this year and the adoption rate is still unknown but it is a step in the right direction and the champions of ad verification are already in place and ready to pull their weight.

With technical solutions and the IAB’s new standards in place, the solution seems simple: advertisers should only pay for visible ads, in fact, the MRC has recently lifted it restriction on this. However, it’s not that simple as only 3% of RTB impressions have visibility greater than 75% and guaranteeing visibility which is largely subjected to user intervention is a complex matter. What is important at this stage of the ecosystem is the ability to understand the issues at hand and, more importantly, to combat fraud.