Mobile Ad Fraud

The average person looks at their phone 46 times every day, which means that collectively, Americans check their phones 8 billion times a day. Each of those glances has potential value to an advertiser, which is why mobile ad spending is expected to reach $100 billion in 2016 and programmatic media buying is projected to reach $20.5 billion by 2017, according to eMarketer.

While the rise of programmatic and automated media buying is providing advertisers with sophisticated and highly efficient means of reaching their customers through mobile ads, it is also opening up a new dark side to the process that is costing advertisers billions of ad dollars every year: ad fraud.

The Interactive Advertising Bureau (IAB) has identified ad fraud has one of the biggest threats ever to the advertising industry, not to mention the internet economy. Research from Forensiq estimates that 34% of programmatic mobile ad impressions are at risk of being fraudulent, which translates to billions of dollars poured down the drain.

So what is mobile ad fraud, really? Ad fraud occurs when non­humans register impressions or clicks on mobile ad units. According to the Media Ratings Council’s Invalid Traffic Detection and Filtration Guidelines, released in October 2015, ad fraud can be divided into two major categories: General (e.g., bots, spiders, crawlers) and Sophisticated (e.g., hijacked devices, malware, falsified location, cookie stuffing). Let’s take a closer look at two of the most common ad fraud problems.

Bots and false clicks on mobile

In their simplest form, bots are programs that are designed to generate fake ad impressions or clicks. The most common type of fraud is when a bot continuously clicks on an ad and generates a large amount of clicks in a short period of time; the clicks are not directly correlated to an actual impression. For example, the report might show a highly unusual spike in clicks measure for one day:

Table_Discrepancy.png

Another example of a possible fraudulent click is when log files show nothing but clicks for similar IPs with the same session IDs or cookies.

False location data on mobile

Location-­based mobile ad targeting is the Holy Grail of mobile marketing and advertising. Location is the key to reaching the right customer, in the right place, at the right time. Knowing a user’s location gives advertisers the ability to reach customers when they are out in the physical world and interacting with brick-and-mortar stores. Location is one of the biggest indicators of intent, so mobile advertisers can reach customers at the moments when they are most primed to make a purchase. It is perhaps the most important kind of data for targeting.

 


info-icon.png To understand how location is sourced for targeting on mobile, download our report on location precision


 

Advertisers are increasingly recognizing the importance of location targeting, but unfortunately, location fraud has emerged as a big problem. Ad fraud is able to flourish on mobile because of the complexity of location definition and the lack of industry standards. Moreover, location inventory is premium, which again, makes it an easy target for fraud.

Mobile ad publishers are well-aware that ad requests that include location data perform better in the real-time programmatic bidding process. As a result, they provide fake latitude/longitude data points to increase their chances of winning bids to show targeted ads, which in reality are not targeted.

There are a number of types of fraudulent location data:

  • One is reverse IP lookups, meaning fraudsters will reverse engineer a lat/long within the geographic area returned by the IP lookup.
  • Another is adding digits to latitude and longitude coordinates, when someone with mal-intent starts adding random numbers to the end of the lat/long to make them look more precise.
  • The third type of fraud is deriving latitude and longitude, such as providing a lat/long data point within an arbitrary ZIP code. It’s also possible to do this through IP geocoding, where free services provide a lat/long data point for an IP address, which is notoriously inaccurate. In addition, publishers can use centroid processing to derive the center­points of geographic areas, such as zip codes, DMAs, or states, and send those as the real-­time proxy for a user’s location. Fabrication of latitude and longitudes occurs through the use of random number generators and the use of proxies.
  • Finally, there is incorrect data passing, which stems from a mistaken classification from the publisher or stale data that gets collected and passed.

How to detect location fraud

The key to detecting location fraud is in studying patterns. Real location data needs to mimic actual human behavior or patterns in the physical world. For example, fraudulent location data might show points in water or cluster around unrealistic POIs. Another indicator is if the density of the points is unrealistic, like clustered in a single spot or spread out evenly in a grid, for example:

Inaccurate_Location_Data.png

The points might also show unrealistic travel locations, such as long distances over a short period of time; one minute, the location is shown as SF and the next as NY. “Short distance jitter,” which is the more complex yet authentic version of fraud, is when the distance between two location data sets gathered from a device is impossible to travel in the time between signals.

Impossible_Travel.png

In comparison, here is an example of what a location cluster should look like around a location. The pattern mimicks natural human behavior over a certain period of time.

Location_Accuracy.png

How does Placecast prevent ad fraud?

Placecast prevents ad fraud by using first party lat/long data, as well as learning algorithms fed by first party data, which are crucial to solving this problem. We implement general filtering for centroid, reverse IP address, and others based on analysis. We also create and implement proprietary and automated filtering techniques. Additionally, Placecast uses carrier data to score publishers to eliminate fraudulent inventory and for better performance. We are the only company to use carrier data to verify both the impressions and the audiences we serve against, and we are 100% confident that we are not serving to bots or other “human­like behavior” machines. Finally, we conduct frequent audits (automatic and manual) to verify the publishers we serve on. We use whitelist publishers and manually review them; suspicious activity yields a manual audit.

With a higher percentage of accurate and authentic ad requests, more mobile ads will be correctly targeted more effectively, and produce a higher ROI.