How traffic resellers trip third-party verification filters

When it comes to ad fraud, everybody’s got a stake to protect.

Verification vendors came into hot demand last year after social platforms made several measurement errors. But fraud researchers claim that bot traffic is still prevalent. Bots are systematically designed to bypass these verification filters, with some researchers suggesting that as much as 80 percent of bot traffic can slip by undetected.

With vendors and researchers protecting separate interests, advertisers should be skeptical of getting most of their fraud information from a single source, said ad fraud consultant Augustine Fou. “Everyone is telling a partial truth.”

In online forums and LinkedIn accounts, traffic resellers contend they can get by third-party verification firms while peddling cheap scale that is largely obtained through bots and fraud. To test what gets through, fraud researchers buy traffic from shady vendors and analyze how well it monetizes in different supply-side platforms.

“Advertisers have a false sense of security and blindly rely on third-party filters which they assume are flawless,” said ad fraud consultant Shailin Dhar. “And most buyers are not aware of the existence of robotic traffic that passes these filters deliberately.”

A major benefit of using a verification service is that clients can routinely monitor how much fraud their vendor detects on their website. For premium publishers, this data is a useful tool to gauge quality. But for fraudsters, this data can be reverse engineered for hacking purposes

Fou said that traffic resellers regularly obtain access to accounts for verification services. And if a reseller is denied access, they may team up with an acquaintance since there is a network of resellers pushing fraudulent traffic, he said.

After getting access to the verification company’s data and dashboard, the traffic vendors continuously test different tactics until they notice what trips a verification company’s filter. Once a tactic — like forcing a bot to execute a precise combination of mouse movements and clicks — is shown to work, the reseller uses the tactic on the traffic it sells on the open market, Fou said.

If a reseller can’t get through a particular company’s filter, it will combine tricks that worked on other filters to increase its probability of getting through. For example, traffic brokers told Dhar that they had access to DoubleVerify and Integral Ad Science filters, but not a Moat filter. As a workaround, the brokers combined the tactics that got them through DoubleVerify and IAS to increase their chance at getting through Moat.

“There is a disconnect at many of those [verification] companies between the engineers who are trying to create rigorous filters and the sales team who will sell accounts to anyone willing to pay, and this is what exposes them to being reverse engineered,” Dhar said.

Reps from multiple verification firms denied that sales imperatives influenced who obtained access to their accounts. But they did recognize that fraud remains a cat and mouse game.

“We have a thorough vetting process for any partner that we directly sell to,” said Matt McLaughlin, COO of DoubleVerify. “But we are not naïve. We also know there is, quite frankly, a criminal element that is always finding ways to exploit tools.”

Verification companies have incentive to downplay internal structures that could contribute to undetected fraud. But it’s worth recognizing that consultants who sell their services to advertisers have imperatives too.

“Fraud researchers themselves have their own incentive to make it seem like fraud is the biggest problem out there,” said Amit Joshi, director of product and data science at Forensiq. “It is a big problem, but in some cases it can be blown out of proportion.”

Placing impartial scale on this issue is difficult because the chain runs deep. Jason Shaw, director of data science at IAS, said that bot operators usually send their traffic to just a few domains. But those domains are often linked to other traffic brokers so there becomes a “big web of arbitrage,” he said. Research reports indicate that traffic is resold through websites such as ultimatewebtraffic.com, easyvisitors.com and supremetrafficbot.com.

Although verification companies and fraud researchers disagreed about how often fraud goes undetected, they were in agreement that all ad services become fallible at some point.

“I would be skeptical of anyone who says their solution is perfect,” McLaughlin said.” We need to build tools so we can evolve as the fraudsters evolve.”

https://digiday.com/?p=225182

More in Marketing

Marketing Briefing: Marketers test retail media even more as the third-party cookie crumbles

For marketers who weren’t as keen to spend on retail media networks previously, the first-party data pitch of retail media networks is now more appealing.

Ad execs enter crucial phase of Google’s Privacy Sandbox experimentation

Ad execs are diving into three major areas of the Privacy Sandbox without tweaking a thing. It’s all about tracking outcomes for them.

Special report: The third-party cookie primer

A catch-up on all things third-party cookies.