Beware the bots: How DSPs manage non-human traffic
by Bennet Manuel, principal product manager, trust & safety, BrightRoll
Credit card fraud is a widespread and expensive problem for Americans, costing an estimated $8.45 billion in 2015. It’s also a problem that tends to provoke questions about responsibility. Who should be responsible for catching fraud? What should consumers do to prevent it from happening again?
The credit industry isn’t alone in this fight against fraud. The Association of National Advertisers (ANA) has estimated that ad fraud costs advertisers $7.2 billion annually. Like credit card companies, ad tech providers such as demand side platforms participate in both the supply and demand marketplaces, and may ultimately be in the best position to help advertisers detect fraud.
Non-human traffic and fraud
Advertising fraud encompasses many activities, from impression laundering to domain masking. But, the bulk of digital ad fraud comes from non-human traffic (NHT), sometimes called “bot traffic,” due to the incredible scale fraudsters can achieve.
DSPs and independent traffic verification vendors scan for behaviors that signal that an ad was not served to an actual person. For example, a bot may do things that would be impossible for a human to do, such as “watching” thousands of videos in a single day.
Security firm Imperva reported that an astounding 52% of all web traffic in 2016 was from bots, and 29% of all web traffic was generated by harmful bots. Of course, not all NHT is fraudulent or harmful. A hearty 23% of web traffic generated last year was from “good bots.” Some friendly (and very high-volume) bots include search-engine crawlers and “feed fetchers,” which is a helper bot programmed to refresh a user’s feed on a mobile app.
All platforms – no matter how good their detection technology is – will always have some level of NHT present, which is typically expressed as a percentage of overall traffic. Currently, our own internal detection system identifies 20-40% of traffic as NHT and blocks it pre-bid leaving less than 5%, as measured by third-party vendors.
Fraud in digital advertising is prevalent and constantly evolving, so ad platforms must also evolve to combat this issue. In December 2016, cybersecurity firm White Ops reported the largest ad-fraud operation to date, which it called “Methbot.” White Ops estimated that Methbot fraudsters raked in $3-5M per day from October to December 2016.
The severity and magnitude of this operation renewed fears from advertisers about how much of their own digital advertising investment may have been exposed or was at risk. Methbot caused advertisers to take stock of their tech stack partnerships and to look for gaps.
Methbot’s impact to the BrightRoll DSP made up less than 1% of overall traffic. As a DSP, we were transparent with our advertisers about where our technology worked, but also where we may have experienced blind spots. Despite the sophistication of Methbot actors, our measures to combat fraud proved to be 99% effective.
Sharing the burden and benefit
Consumers are advised to keep tabs on their credit card statements and regularly request credit checks. Businesses are expected to check IDs and signatures on the cards. Responsibility is shared by all parties in a transaction.
Similarly, all members of the digital advertising ecosystem can play a vital role in improving their link in the value chain, including individual publishers, exchanges, and buy-side platforms.
Advertisers select a DSP to ultimately complete a transaction. Just as a credit card serves as a mediator between you, your finances, and a vendor, a DSP serves as an intermediary for an advertiser, its digital advertising budgets, and impression opportunities.
The right DSP partner can help you minimize risk of exposure to fraud starting with the very first impression. Transparency and teamwork – across the industry and between clients and their platforms – will be critical to combating fraud.