Marketing fraud ─ including skewed analytics, ad fraud, affiliate fraud and lead fraud ─ is a growing problem for online businesses in every industry. Juniper Research estimates that in 2019, advertisers around the world will lose $42 billion of ad spend to marketing fraud in online, mobile and in-app advertising ─ a 21% increase over $35 billion in 2018.
Clearly, marketing fraud is growing rapidly and is cause for great concern in C-suites everywhere. First, let’s outline the types of marketing fraud that involve bots:
Regardless of whether bots visit a website to scrape content, spam forms, take over user accounts or carry out denial of service (DDoS) attacks, their traffic always result in overall skewing of website metrics. This makes it difficult for marketers to gauge the effectiveness of their strategies and hinders planning and decision making.
Ad fraud is possibly the second largest form of organized crime in the world today. The massive growth in programmatic digital advertising in the past two decades has provided plenty of opportunities for fraudsters to game the system and cheat publishers, advertisers and intermediaries. Moreover, the digital ad ecosystem is highly automated, lacks effective regulation and does not have widely accepted safeguards to prevent bad actors from taking advantage of loopholes in the system.
The graph below compares aggregated traffic to Radware’s ecommerce customers over Q4 2018 with bot traffic volumes. During Black Friday week last year, we observed a nearly tenfold bot traffic increase from baseline volumes, while overall traffic roughly doubled during. The holiday shopping season is when we usually see major spikes in bot traffic, with corresponding spikes in bot attacks to carry out scraping, account takeover, form spam and ad fraud.
Ecommerce Sites ─ Overall Traffic vs. Bot Traffic (Q4 2018)
Affiliate marketing programs are designed to reward affiliates who promote brands and bring in customers, using CPA as the metric. Fraudsters use bots to redirect qualifying traffic to affiliates, and tracking cookies to record conversions, snatching away commissions from legitimate affiliates.
Lead fraud takes two forms:
- Humans paid to click on ads or fill and submit web forms
- Bots that perform clicks on ads, submit forms, spam forums and “see” retargeted ads, activated by the cookie trail they generated by visiting premium sites
The graph below shows the combined traffic trend during November 2018 across several of our customers. The blue trendline shows overall traffic, while the red line shows total bot traffic. We see that both overall traffic and bot traffic increased just before Thanksgiving and stayed at elevated levels until Cyber Monday, a trend that has been consistent for several years across our customer base.
Overall Traffic vs. Bot Traffic, All Industries (November 2018)
With Black Friday and Cyber Monday now upon us, brands are advertising heavily on leading media portals to promote sales and lure buyers with attractive offers. But how many of their ads will be seen by their intended audience? Ad fraud prevention firm Pixalate has estimated that in terms of programmatic ad volume across the 15 largest advertising markets in Q3 2018, 17% of those served in the U.S. were invalid, ranking it fourth in terms of invalid traffic rate (IRT) behind Australia (20%), Indonesia (30%) and India (34%).
The largest advertisers are so concerned about ad fraud laying waste to their marketing budgets that some have started cutting their digital ad spends. In 2017, CPG giant Procter & Gamble ─ the world’s biggest advertiser ─ cut its digital ad spending by $100 million and reduced the number of sites its ads ran on to around 900. In the same year, Unilever ─ the second largest global advertiser ─ also cut its digital ad budget by 59% to stem losses caused by ad fraud.
It’s not surprising, then, that the biggest advertisers were forced to ramp down their spending on real-time bidding (RTB) channels to get more measurable, effective returns on marketing spend.
The Escalating Battle Against Marketing Fraud
With trust in the programmatic advertising ecosystem having been eroded by ad fraud, industry groups have banded together to come up with ways to ensure transparency and restore trust in the system. One of them is the Ads.txt initiative by the Interactive Advertising Bureau. However, its directives can be gamed by fraudulent parties, as the Wall Street Journal explains.
Industry associations have proposed more stringent verification procedures, such as Ads.cert, adCOM, and the Ad Management API, which are all part of the new OpenRTB 3.0 technical specifications. Ads.cert is currently in beta testing and involves cryptographically signing bid requests to validate the authenticity of inventory sold by authorized sellers, giving marketers better visibility into the quality of impressions their ads receive. Another initiative to rein in marketing fraud is TAG, a consortium of industry associations which works with companies in the digital advertising supply chain to eliminate fraud and ensure transparency.
The Bottom Line
First, marketing fraud is extremely attractive to cybercriminals and will not be going away anytime soon. Second, the various technical solutions proposed by industry groups to eliminate ad fraud are still in a nascent stage. Third, there is no guarantee that these solutions will accurately and reliable put an end to marketing fraud ─ especially the types that leverage bots.
Keeping these points in mind, publishers and advertisers would be well advised to adopt dedicated bot management solutions that work in real time to not only prevent fake ads and impressions, but also several other critical threats posed by bad bots on their websites, applications and APIs.
Siddharth Deb is Bot Product Manager for Radware