‘It’s an incentives problem’: Mobile ad fraud is alive and well

When it comes to mobile ad fraud, there are various types. One type involves fake mobile devices which generate fake IDs — a random string of numbers and letters — designed to defeat frequency caps. Another type is the copying of real device IDs from human devices and replaying them so they escape detection by telecom providers, so they can’t determine fraudulent ones from their own.

There is a ton of misinformation out there muddying the water and causing hand-wringing among security experts.

Here are some common myths:

Myth: Mobile ad fraud is a technology problem
Technology can be a useful scapegoat. Often a reason used to explain why fraud hasn’t been eradicated is that anti-fraud tech has struggled to evolve fast enough to keep pace with fraudsters. But that isn’t the entire picture. Marketers have tackled the issue of digital ad fraud by deploying anti-tech software and tools. While that’s a good step, it won’t attack the issue at its root, according to security experts. “

Ad fraud is not a tech problem that needs a tech solution, said Augustine Fou, cybersecurity and ad fraud researcher. “It’s an incentives problem where most parties don’t want to look.”

In other words, many middlemen businesses which sit somewhere between the brand advertiser with the marketing budget and the publisher, are set up to benefit from large volumes of inventory. The argument is that if all fraudulent inventory is eradicated, those volumes drop significantly, and therefore so do the margins of each business that takes a cut in the supply chain. “That’s a much harder problem to solve than just throwing tech at it and assuming it’s solved. That’s what most marketers are doing today,” added Fou.

Myth: Last-click mobile attribution drives real results
It’s generally accepted that last-click attribution is a blunt way to ensure the right channels are credited for a sale or other advertising objective being hit. Yet for mobile in-app, it remains the go-to method of measurement. Problem is, nefarious tactics are often used to skew numbers in a way that can result in the wrong channels being credited for the sale, according to anti-fraud experts. One tactic used is to generate a load of fraudulent clicks at just the right time to ensure that what would have been results attributed to organic app installs, for example, instead go to whoever is causing the fraudulent clicks.

Cookies aren’t a stable way of measuring for mobile web, or in-app for that matter. For that reason, more advertisers are buying into what some experts describe as device ID pools. These are more stable IDs that are more trackable even though the ads are less viewable in the app, according to Ryan McConville, president and COO of Kargo.

“This measurability bias is where buyers put more money into the environments that are more stable but where the viewability is lower because they’re more likely to show up on the attribution studies,” he said.

Myth: Ads.txt for mobile will solve the problem
Naturally, there is no silver bullet for anything. The arrival of ads.txt has made a big difference to types of fraud such as domain-spoofing and unauthorized reselling of inventory — at least for premium publishers. Problem is, non-premium publishers have put fake ads.txt files on their sites, according to Fou. That means that exchanges that only check for the presence of the file, but not its contents, just keep buying from those fake sites, and fraud, therefore, doesn’t drop, he added. There is also the fact that not all buyers check they’re buying ads.txt inventory.

Last October, Digiday Research highlighted that just 23 percent of media buyers said they only purchase ads.txt-approved inventory.

“When buyers see a legit domain like, for instance, ESPN.com, they think everything is fine. Why would they spend any effort double-checking the ads.txt file for the sellerIDs that should have corresponded to that domain?” added Fou.