ANA/White Ops: Bot Fraud To Eat A $7.2 Billion Hole In Advertiser Budgets

fraudBattle cries and breast beating notwithstanding, the industry doesn’t seem to be doing all that much to tackle bot fraud, which is expected to take a $7.2 billion bite out of ad budgets in 2016.

That’s according to research released on Tuesday by the Association of National Advertisers and bot detection firm White Ops. It’s a follow-up to their 2015 joint study, which pegged bot fraud losses at $6.3 billion.

Despite the apparent uptick, bot fraud rates are actually holding steady. The increase in average digital spend accounts for the bump.

The numbers roughly align with other recent studies, including one released by the Interactive Advertising Bureau and Ernst & Young in December that claimed supply chain issues are costing the ad industry $8.2 billion a year. That particular report also included losses due to piracy.

Status quo is a bit of a bummer, though, considering the intense scrutiny the fraud issue has received over the last couple of years.

But ANA President and CEO Bob Liodice isn’t all that surprised.

“This isn’t a check-the-box type of thing,” Liodice said. “We’re still at the very beginning of making the industry aware of what the problem is and its root causes. To expect anything other than a flat line around fraud is not shocking in the least. It’s time for moral outrage.”

That said, White Ops CEO Michael Tiffany expected to at least see some improvement around the “low-hanging fruit,” which he characterized as the easier-to-catch data center traffic and bots nearing the end of their monetary life cycle when the so-called “profit window” is about the close.

Bots make money in the time between a fresh infection and ultimate detection. Newly infected machines can participate in higher CPM deals because they haven’t been detected yet. Older bots are more likely to end up on blacklists, but by then they’ve already done most of their “botty business,” Tiffany said.

It’s a dynamic that produces the cat-and-mouse nature of fraud detection.

“No sophisticated botnets are trying to go undetected forever,” Tiffany said. “They infect new machines as fast as the old machines are being caught, which is why there is no macroeconomic change.”

Fresh infections do the most damage because they home in on high-CPM media and highly targeted buys. Display buys with CPMs higher than $10 had a 39% greater bot rate on average, according to the study, while video with CPMs in excess of $15 had 173% more bots than video buys with lower CPMs.

Programmatic buys didn’t fare all that much better, with programmatic display and video ads seeing 14% and 73% more bots, respectively. On the flip side, direct display ads saw around 14% less bot traffic, while direct video ads saw 59% less.

The study also called out sourced traffic as a hotbed of bots, which it even uncovered in private marketplace deals. Third-party traffic acquisition generally saw three times as many bots as organic traffic.

“By sheer impression volume, there was just a hell of a lot of fraudulent traffic found in programmatic buys,” Tiffany said.

So, what’s the deal?

Opacity in the supply chain is less of an issue than what Tiffany referred to as “a fundamental weakness about how the entire ecosystem thinks about exploiting and interacting with audience.”

In other words, in programmatic, brands rely on identifiers such as cookies and device IDs to create audiences, but there’s no way to trust that there isn’t malware on a person’s computer.

“Apparently, it didn’t occur to enough people that you can’t always trust the device on the other end of a connection, which means your targeting data can become polluted,” Tiffany said. “We might even be talking about third-party purchase data or browsing history, but it all relies on a fundamental identifier which is also being used by the cybercriminals. It’s sort of a problem since this whole world is becoming the economic engine for the entire Internet.”

But rather than villainizing programmatic, Liodice said the report’s findings are more of a reflection of marketers not being fully comfortable with programmatic methods but forging ahead anyway, caught up as they are in the “euphoria” of being able to automate highly targeted buys.

“We just have to approach it with more intelligence and cautiousness,” Liodice said. “When I talk to marketers about programmatic, it’s very clear to me that they don’t fully understand it. And if they’re not prepared, how can we expect them to ask the right questions and get the right data, reporting and analytics to allow them to become savvier?”

But there are some advertisers starting to make a dent in bot fraud – or at least making a concerted effort. Of the 35 brands that participated in the previous study, 28 returned for take two, and nine saw an improvement in their overall fraud rates.

Digging deeper, though, the study found that it was actually the brands with high fraud rates last year (10% or more) that saw the most improvement, while the brands given a relatively clean bill of health last year (5% or less) saw higher rates this year.

“When participants were told in the first study that they had lower fraud than the average, that was widely accepted as good news – but it was also taken as validation that whatever they were doing was working,” Tiffany said. “But more often that not, it just turned out they hadn’t been victimized during the time we were running the study. The other guys took it as a wake-up call and changed their behavior.”

So, what can advertisers do to protect themselves? The study suggests getting better educated on all the various members of the programmatic supply chain, requiring partners to follow anti-fraud guidelines and eating a healthy diet of unsourced traffic.

On the last point, the report goes so far as to advise buyers to consider including language in their insertion orders declaring that they won’t pay for nonhuman traffic.

It’s a valid request – but it’s also one that seems to put the onus on the publisher completely for handling the fraud problem.

“Where does the responsibility lie and who is accountable? It’s a tough one, and I don’t believe that the ANA and the IAB are on the same page about it because of that reason,” Liodice said. “It’s something we need to address.”

The ANA/White Ops report measured digital ad fraud collected from 10 billion impressions across 1,300 campaigns deployed by 49 ANA member brands, including ABInBev, Colgate-Palmolive, ConAgra Foods, Denny’s, Ford, General Mills, Johnson & Johnson, Kellogg’s and Wendy’s, all of which were returning participants from last year’s study.

Mobile wasn’t a part of the traffic examined by White Ops because the report claimed that “botnets are not currently a serious threat in the mobile ecosystem,” although it expects that to change as mobile spend increases.

1 Comment

  1. It's not finding the bots that we should be focusing on, it's finding the inventory WITHOUT the bots.

    The way out of the cat & mouse chase is to look to premium inventory. Top pubs won't have the game. (Or exchanges that are vocal about fighting it if you're in RTB)

    Yes there's a cycle of bot tech but when one huge exchange gets the tech to play the chase game (and NEEDs to because they'll lose accounts), the fraudsters move on to the next exchange which grows big and sees they need to stamp it out too if they want to continue growing, so they do. The fraudsters need to move down the chain to the next "up and coming" exchange where they don't know how to combat it.

    It's a recycle. Over and over. That's why affiliate networks take heat because it's easy to get into them as a fraudster.

    Look to premium inventory if you're a buyer and have the headache. That's why there's a limit to premium inventory it's not being manufactured by bots. Go there.

    It's no different from the old days in email drops. One needs to buy the real lists from a brand, not a list from the guy in the shadows with a pipe and a hood.

    Reply

Add a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>