The ad tech industry news has been inundated with reports of ad fraud and lost campaign dollars to bots and invalid traffic, to the tune of billions of dollars yearly. Surprisingly, not much discussion or focus is spent on HOW fraud is entering the ecosystem, and it should because to solve a problem you must understand the root of it.
How Does RTB work?
Getting down to the root of the problem, let’s first briefly look at the real-time bidding (RTB) programmatic marketplace and how it works (in a nutshell). Publishers, which in this scenario is anyone running a website, looking to monetize their sites can go to an RTB programmatic marketplace through any number of ad tech platforms or networks and begin selling their sites’ ad space.
In this system, each time a visitor goes to the website, an auction occurs to determine which ads will appear on the page. The auctions take milliseconds and advertisers, using various ad tech platforms and a multitude of algorithms, bid on the impression based on how relevant the visitor is to them, which is determined by the visitor’s cookied information (e.g., location, device, browsing history, etc.).
The website publisher is paid each time an ad impression is served on his site and the advertiser can display a relevant ad to the right person at the right time.
Now, here’s how fraudsters are taking advantage of this system.
A fraudster creates a fake website or, in most cases, several fake websites that are not meant to be seen by humans. They often copy text and images from real publishers and paste them into a template. If a real visitor happens to stumble upon the site, it would seem legitimate at first. The publisher packs as many ads as possible into the site and then goes to the RTB marketplace to monetize the ad space. The problem is that there’s no traffic to the site, so he must create “visitors”. This is where bots come in.
Bots—software applications that can run automated tasks—are programmed to visit the ghost sites, sometimes thousands of times in a few minutes, with each visit creating revenue for the publisher. Over the years, bots have become very sophisticated and can closely mimic human behavior as well as collect human-like cookies, making them appear as real visitors to websites as well as part of lucrative target markets advertisers are trying to reach.
In this scenario, an advertiser may believe he has just served ads to his target market based on the information in the marketplace, however, he actually just lost money to a fraudster as his ads were served to a bot.
So you may be asking yourself, “Why not just block the ghost sites from the RTB marketplace?” Easier said than done. The programmatic RTB ecosystem has thousands of entry points and millions of websites monetizing their ad space - fraudsters only need to find one vulnerable point to get into the market. Just a few ghost sites can quickly pump large quantities of fake bot traffic into the ecosystem in a short period of time. And once a ghost site is detected and blocked, fraudsters simply return with a new domain name and start monetizing again. It’s a game of whack-a-mole.
Real Sites, Bad Traffic
In other scenarios, legitimate websites look to boost visitor volume to their sites and do so by “sourcing” traffic – they pay someone to direct traffic to their sites. The problem is that many times the sourced traffic comes from bots. In some cases publishers are unaware the traffic is fake and in other cases they’re not so innocent.The two scenarios mentioned here represent a large portion of the ad fraud entering into the programmatic system. It’s easy to see how a few nefarious websites can quickly pollute the entire programmatic ecosystem. However, it also demonstrates that by filtering out these sources, a large portion of ad fraud can be avoided.