Fraud-day With Dstillery: Everyone Is Responsible For Fighting Fraud

fraudThis is the seventh in a series of interviews with vendors combating the problem of ad fraud. Other companies participating in this series include Moat, Telemetry, Sizmek, comScore and Asia RTB. Read previous interviews with DoubleVerify, Forensiq, Integral Ad Science, PubChecker, Videology and White Ops.

The battle against botnets is ongoing. Ad tech firm Dstillery knows that firsthand.

Back in 2012, Dstillery, which then went by the name Media6Degrees, noticed something decidedly odd about the clients of its marketing partners – they were all acting the exact same way.

It’s like this: There’s always going to be a certain amount of audience crossover between traffic on related sites. It makes sense that the kind of person who visits nytimes.com is also likely to visit cnn.com. If you visit ebay.com, it’s not statistically unlikely you’d also hit up ebaymotors.com.

But what if the customers for Verizon, Allstate and Williams-Sonoma all suddenly started hitting up the same websites in droves – websites you’ve probably never even heard of. The situation was certainly fishy.

“One of the sites was a Chinese news site, another was a women’s health site, another was a DIY website – it made no sense,” said Dstillery COO Andrew Pancer. “It was really screwing up our models. We knew something was up, but we couldn’t figure out what it was.”

Around that time, Dstillery hooked up with fraud detector spider.io, which has since been scooped up by Google. At the time, Spider.io was working on cracking the Chameleon botnet, responsible for millions of impressions on sites run by the Alphabird publisher network, among others. By comparing notes, Dstillery realized that most of the spurious sites it was detecting had also been identified by spider.io as hotbeds of non-human traffic (NHT).

That’s when Dstillery decided to roll up its sleeves. The company started contacting its exchange partners and SSPs to educate them about what it was seeing on the NHT front and discuss strategies for eliminating it.

“Once we stumbled on all of this, we started having all the supply partners come in one at a time and we talked them through the methodology by which we were finding and removing the websites,” said Alec Greenberg, Dstillery’s VP of operations. “It was a painful conversation for most of them. For a while we were making CTOs cry on a regular basis.”

Dstillery was also recently awarded a patent for a method that helps detect websites with a high level of non-intentional traffic by sniffing out suspicious audience duplication. And Dstillery’s CEO Tom Phillips is a co-chair of the IAB’s Traffic of Good Intent Task Force, whose membership list reads like a who’s who of digital advertising.

“Not only don’t we want to buy this traffic, we assume no one else does, either,” Greenberg said.

AdExchanger caught up with Pancer and Greenberg.

ADEXCHANGER: Can you explain what Dstillery does in a nutshell?

ANDREW PANCER: We find new customers for our marketing clients and we do that by understanding how their existing clients act. Once we understand how they act, we build models of people who act like them and they become prospects.

How did you deal with what you saw coming out of the Alphabird network?

AP: One way was to basically shut down all of those sites, which we did. But that doesn’t actually solve the problem. We had to develop a concept we call the “penalty box.” When we identify cookies that are acting strangely, we put them in the penalty box until they start to act like normal cookies again.

What methodology do you use to uncover bad traffic?

AP: When you look at normal traffic for a normal person, you can see some overlap between the websites people tend to go to. For example, there’s going to be a decent amount of overlap between the audience for boston.com and redsoxnation.com, but there’s rarely anything more than a 50% overlap. With the Alphabird sites, we saw a 98% overlap between a women’s health site and a Chinese news site. Logically, it made no sense. At a very high level, our patent identified those types of patterns. By identifying sites with statistically unrealistic overlaps, we act as a kind of early warning system on fraud.

That’s how a website like toothbrushing.net for a time was becoming one of the largest sites on the web despite being a 30-day old domain. At the time we were looking at Alphabird, if it was being measured by comScore, toothbrushing.net would have been a top-10 web property. That gives you some idea of the size of the issue.

What’s at the root of the problem?

AP: A lot of it is related to post-click attribution and last touch. In a world where all you have to do is get an ad in front of somebody who’s already part of a retargeting pool – well, bots are really good at that, and because of it, marketers are getting gamed.

Is retargeting a big draw for fraudsters?

ALEC GREENBERG: We know that about 60% of retargeted users convert whether or not they see an ad, but all a bot needs to do is run an ad in the background for those people – people who will probably buy anyway. The bot gets tremendous credit for that, everyone starts optimizing that website and the performance makes the vendors look very good. 2012 was a very bad year for us because we decided not to play that game. We got kicked out of some media plans. It’s taken a couple of years, but we finally feel like everything we did is worthwhile.

What the initial reaction to your education efforts?

AG: Nobody wants to hear that one-third of everything you’re making money on is not human. With our now-patented technology we were even measuring some buys at 50% to 80% non-human. It took a couple of years for our supply partners to really clean up their acts but now they mostly all have with the exception of a couple of small ones. As we measure them today, the majority are under about 10% non-human.

Tell me more about your relationship with the IAB and the Traffic of Good Intent Task Force.

AG: There are lots of big players on the task force, like DoubleVerify, Integral Ad Science, White Ops and others. It’s a strong statement and a positive one for the industry. When we first started, people were making a big mistake. They were just turning off the sites where they found the fraud. But it’s not about the websites. An infected computer is in the clutches of a botnet takeover. Some folks are saying, "Don’t work with open exchanges, only go private." But that’s not going to solve the underlying issue, either.

AP: We’re trying to rally the industry. The best we can do is education. The IAB has taken charge to get everybody behind it and push the industry towards weeding out the bad actors. We can’t do it ourselves. We’re not the biggest company in this space.

What about the mobile front?

AP: Mobile is the next frontier and there are a lot of challenges. One example is location data. It’s questionable whether the quality of location data can be considered fraud or not, but we’re thinking about it. We want to make sure people know what kind of location data they’re getting in the bid stream. There are two types of location data. One is opt-in, where the user shares it, and the other is when the user isn’t opted in, but an app developer is broadcasting a location signal. They’re very different, yet both are treated the same right now by most players in the market.

Have you noticed any new types of fraud popping up?

AP: There’s an old one that seems to be happening a lot again lately – URL spoofing. It’s generally related to toolbar inventory. The toolbar hijacks the URL the user is on at the time, sells the URL and either injects an ad or serves an ad in the toolbar. It’s stealing inventory.

AG: We just had a significant conversation about this with a big exchange. We received very large volumes of traffic coming from a household name newspaper’s website which we knew wasn’t selling inventory into that exchange. We looked under the hood and we found that it was toolbar inventory not being labeled as toolbar. We’re actually getting a six-figure credit back from one partner because of spoofed inventory we bought earlier this year.

Why do you think URL spoofing is back on the rise?

AG: To me it seems like a lapse in quality control. When an exchange puts publishers into its platform, it need to know where they’re getting their inventory from. You might hear an exchange say, "We’re an exchange, so we’re not responsible for the inventory we get," but that shouldn’t be the case. They also need to be responsible for the inventory they’re making available to the buy-side community.

What’s next?

AG: The industry is heading in the right direction. The buy side and the marketers themselves have woken up to this issue and they’re pushing their agency partners and ad tech vendors to get on top of it. The guys buying fraud are hiding their heads in the sand. They’re focused on results, but those results aren’t real; they’re only good on paper. That game is almost over.

 

Add a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>