The following is a guest contributed post from Andreas Naumann, Fraud Specialist at adjust.
Not everyone is affected by the same fraud schemes and not to the same extent. Our research rather suggests that fraudsters constantly jump to the campaign with the highest ROI — meaning the risk of fraud will skyrocket for the most aggressive campaigns with high CPI/CPAs. It is important to understand your risks and the possible solutions to mitigate those risks. There are different types of fraud schemes that fall into either “Technical Exploits” or “Breaches of Compliance.”
In this case, fraudsters generate revenue by simulating some form of user interaction. This can be anything in the conversion funnel from the impression of ad media to a post install event.
1) Faked Impressions
Here, a fraudster triggers an impression link, typically through bot traffic, which then counts an impression and potentially collects device data to later match an install to this impression for a CPI/CPA attribution, without the consumer actually seeing an advertisement. If you are running CPM campaigns, I urge you to employ the services of a digital advertising security service. Additionally, if you are running CPI/CPA campaigns attributing on impressions, I strongly suggest ensuring the campaign setup follows the standard conversion funnel of: impression > click > conversion. This way, you can spot sources delivering impressions and conversions, but missing clicks all together.
2) Click Spam
Using forced clicks on mobile web pages or by running scripts in the background on mobile web that execute clicks on the page, a fraudster will attempt to execute a click link without any user interaction (i.e. finger actually touches the screen). In-app similar effects are achieved through so-called “pre-loading” executing click links without user interaction.
While these tactics have a disastrous effect on CPC campaigns, it’s often overlooked that each click is stored for later reference to match installs for CPI attribution. Plenty of bad players in the industry use their massive reach to cash in on the random chance of a consumer converting for a popular app by executing click links for as many of them as possible. The tactic of spamming clicks either poaches organic installs that potentially were already paid for by other advertising activities (e.g. TV advertising or social media), or cannibalizes legit publisher’s activities placing the last click. Campaigns exploited in this way can easily be identified by their very low conversion rates, and should be detected by your tracking and analytics provider.
3) Faked Installs
To earn CPI commissions, exploiters will fake an install, usually by faking also the device and the user at scale. This exploit is mostly used to target incentive CPI campaigns, as high conversion rates are normal (less costs due to simulating the clicks for the installs) and the post install activity of consumers are expected to be lower on incentivized campaigns.
With more sophisticated exploiters, it’s hard to spot this method in your data, but it’s not impossible. Most simulation software has hard-coded identifiers in the user agent data that is passed on click. These clicks can be filtered out and not used for attribution. Additionally, installs originating from data centers will either show clusters in IP subnets (a number of IP addresses that belong to the same entity – here the data center) or they will be routed through VPN Services (Virtual Private Networks – used to tunnel traffic from one place or country to another, while masking the original IP address) resulting in much smaller clusters. Your tracking provider can either record and report on these clusters, or offer a service that denies attribution for installs originating from data centers and anonymizing services (such as VPN or TOR services).
Breaches of Compliance
Since compliance is inherently tied to the insertion order (IO) between the advertiser and the ad network or agency, and the purchase order (PO) between agency/network and the publishers, your tracking and analysis platform cannot lend much technical support in fighting these schemes. But, there are several digital advertising security platforms that offer protection and detection for the following compliances issues. Also your agency or ad networks should be willing and able to help mitigate the risks of being victim to fraudulent intent.
Make sure your ad media is visible to the consumer according to the rules set in your IO. Special ad tags can report on the exact display location on a page, the percentage of ad media displayed and the time the ad media was displayed.
5) Brand Safety
Ensure that your advertisement is shown next to content that you allowed in the IO. Specialized brand safety services have vast databases of content categorization for websites, crawl the web for ad media and recheck referrer links for brand safety compliance.
6) Creative Misuse
Control the ad media used in the advertising that will introduce consumers to your product. Making sure third party ad tags are enforced (through a digital advertising security service) and deliver insights on viewability and brand safety.
Enforce policies around exclusivity and direct partnerships. Re-brokering can also be prevented and detected by brand safety services as long as their tags are enforced.
Geo (country, city, long./lat.), device, carrier and audience targeting are ways to ensure your advertisement reaches your target consumers. However, staying in control of correct targeting is hard. I suggest a holistic approach providing pricing that incentivizes correct targeting, and still offers minimal compensation for acquired users outside of core targeting. Device and Geo (on a country level) targeting can be enforced on a tracking level. For instance, by denying attribution for installs outside of a campaign’s targets; however, I advise against such strict measures as they very well will obscure the real user acquisition statistics and will drive up CPI/CPA prices.
9) Incentivized Installs
Incentivized campaigns are usually strictly separated from non-incentivized ones. The most important reasons are generally lower turnout in engaged users (and thus ROI) and significantly lower CPI prices that are paid for the resulting installs. Sources still sending incentivized traffic to campaigns that forbid it, or mixing both types of traffic, might be hard to spot. Set up the most possible granularity in sources for your statistics drilldowns. Even then, a good mix of traffic is hard to uncover. In this case, rely on your ad network to lend expertise comparing post install metrics between sources and compare with other apps in the same categories to uncover and eliminate underperforming sources.
Understanding Your Options
With more of a view now into the different fraud schemes as well as the potential ways you and your ad network, or digital advertising security company can mitigate them, you may be asking yourself: How do I find out if I’m affected by fraudulent exploitation or breaches of compliance? And, should I build my own anti-fraud solution?
Your mobile marketing or user acquisition team will certainly have a good idea about the quality of installs coming. They will also know about the biggest compliance issues as consumers tend to communicate brand damage due to malicious content or creative misuse. But, most will not have full fraud detection capabilities.
Should suspicions about an acute fraud case arise, you must gather data from your tracking provider and ad network, agency or publisher. To be proactive, I suggest at least running a trial period with a digital advertising security company for an overview of your vulnerabilities related to CPC/CPM budgets and compliance breaches.
If you do decide to build your own anti-fraud solution, I highly recommend a dedicated and well-trained team of mobile UA experts to cover campaign management and identify fraud behaviors. Regular trainings or participation in expert summits will keep your people up-to-date with new technical developments and potential new threats. Develop a close collaboration with your advertising partners, and tracking and analytics providers to cut down on fraud. Finally, speak to all of your partners and let them explain their methods and technology, none of their anti-fraud measures should be a secret or too hard to explain.
In an anti-fraud platform, you will likely use a variety of methods including pattern recognition, machine learning, data modelling, IP blacklisting and more. Ultimately, one thing will always be true in the case of a fraud incident — your dataset is comprised with events that happened in the past. Identifying, tracking and reacting to it will always be a pain point. I recommend taking all preventative measures as mentioned above in the top 9 types of fraud schemes in order to minimize any potential future breaches and ensure your data quality, your most valuable asset.