We live in a mobile-first world where almost two-thirds of Western Europe’s population own a smartphone so, it’s no wonder brands are investing in mobile advertising, with spend across the continent exceeding €10 billion during the first half of this year.

But as they ramp up spend on mobile advertising, marketers must be aware of the charlatans hot on their heels, ready to exploit their campaigns and budgets. From fake clicks and SDK spoofing to click injection where fraudsters illegitimately claim attribution credit for app installs, it is estimated £1 in every £10 spent on mobile ads is lost to fraud.

Marketers and the ad tech providers they work with need to be able to detect and prevent mobile ad fraud but they must also take care when choosing how to tackle this. Some fraud detection techniques do more harm than good, creating false positives where legitimate traffic is blanket blocked, meaning marketers miss out on the opportunity to reach valuable audiences.

The key is using various approaches, data sources, and connection characteristics together to highlight fraud. IP intelligence is an important part of this mix, aiding the identification of potentially illegitimate connections, whether on mobile or desktop, without hindering reach. This value is further increased as mobile users connect via WiFi around 80% of the time for reasons of speed, cost, and convenience.

So, to help marketers ensure their ad budgets aren’t wasted on fraudulent activity, here are three ways IP intelligence data can help to identify and prevent mobile ad fraud:

1. Establish the user location

Geography is a key part of the fraud detection and prevention landscape, so the first layer of protection is to accurately determine the IP addresses country of origin. This empowers a variety of additional analysis techniques that highlight potential fraud.

Marketers can identify and block significant spikes of traffic from countries that are not targeted by the campaign and filter out invalid or fraudulent clicks from countries where products or services are not available. Additionally, most valid clicks that result in an app install occur in close proximity to the original click. Identifying significant variances between the location of these two actions will highlight potentially fraudulent activity and simply identifying high click to install ratios from a particular IP address can also be revealing.

There are multiple sources of IP data available to provide this vital location information but marketers should take care to use an accurate source that is regularly refreshed rather than relying on data that is simply scraped from internet registries. At its most granular, IP data has the potential to identify the location of an IP address to postcode sector level without making the user personally identifiable. This level of detail means individual risky internet locations such as public WiFi hotspots, internet cafes and universities or colleges can be pinpointed.       

2. Analyse connection characteristics

If used correctly, IP data can also help to identify a variety of connection characteristics that are essential for fraud detection. For instance, the type of proxy in use can be determined and used to distinguish between those trying to mask their location and those using corporate proxies simply to enhance security. With a significant number of fraudsters using proxies, this type of data plays a vital role in removing their cloak of anonymity and taking the first steps towards identifying fraudulent traffic.

It is possible to detect other suspicious online connections such as hosting or data centres. End-user mobile traffic should not come from these types of facilities as they are designed for traffic to pass through, so interactions originating here could be fraudulent. Hosting centres are also associated with high traffic from a single IP address and multi-IP ad fraud attacks, both of which warrant further investigation.

Additional intelligence layers can distinguish between home and business WiFi connections, and identify the ISP used, which help to reveal anomalies when connection patterns are analysed over time.

3. Take action on suspicious traffic

IP intelligence can be the first line of defense against mobile fraud but prevention and detection are most effective when they involve multiple technologies working together to monitor user behaviour and detect anomalies or suspicious patterns. IP data parameters such as location and connection type can be combined with other techniques such as behavioural analytics to identify potential fraudsters and block high-risk mobile clicks in real time.  

As long as mobile ad spend continues to grow, fraudsters will always find new ways to cheat marketers out of their mobile budgets. By implementing IP intelligence, marketers and ad tech companies can add another layer of ad fraud detection, helping to ensure spend is used to engage mobile users rather than to line the pockets of fraudsters.