The ad server SpotX and ad verification company DoubleVerify have flagged a new type of fraud they’re calling “verification stripping.” DoubleVerify says the new method may be responsible for up to 10% of ad fraud spikes it identifies.
Verification stripping happens when fraudsters hinder the transmission of network calls between the ad server and measurement provider through the use of bots or malware.
That technique can stop a measurement pixel from even firing in the first place, or hide evidence of nefarious tactics like domain spoofing if a verification pixel fails to properly render.
Unfortunately, it’s unclear how pervasive this practice actually is – it’s essentially a new type of fraud and DoubleVerify is working out a solution to prevent it.
Other ad verification vendors neither confirmed nor denied awareness of verification stripping.
“All of the tactics employed by fraudsters are continuously evolving, from methods of avoiding detection or obfuscating what they’re doing to this technique of actually preventing the ad call from reaching the verification provider,” said Matt McLaughlin, COO of DoubleVerify.
DoubleVerify and SpotX discovered verification stripping when the impression counts between the ad server and verification provider didn’t match up.
"A few months ago, we started to notice a discrepancy between impressions SpotX counted internally and impressions that showed up in our DoubleVerify reporting,” said Nick Frizzell, senior director of brand safety and inventory operations for SpotX. “That’s what prompted us to notice we had some pockets of inventory where we weren’t firing DoubleVerify tags where they should have been.”
To prove that verification stripping was happening, SpotX and DoubleVerify fired an additional impression tracker – one the bad actors wouldn’t expect and therefore wouldn’t be ready to block.
Firing an additional pixel, Frizzell said, let SpotX and DoubleVerify locate exactly where the verification stripping was happening.
Mostly, it happened in video inventory, where higher CPMs made it a more attractive target, but the tactic isn’t limited to any single format, McLaughlin said.
As a result, the video ad platform has removed entire pockets of programmatic inventory where it suspected verification stripping was happening, said Josh Cariveau, SVP of global operations for SpotX.
The company has been educating premium publishers about this new attack, though premium inventory isn’t likely to be the most exposed to this form of fraud.
SpotX is working with measurement and supply partners beyond DoubleVerify to identify areas where verification stripping might mask a faulty URL or hide evidence of tactics like domain spoofing.
That work sometimes requires the video ad server to pass log-level impression data (and information about where the impressions were served) to the measurement partner on a daily basis.
“Then, they sift through the file and say, ‘These are the ones we didn’t see fire yesterday,’ and we work to fill in the blanks,” Cariveau said.
To prevent verification stripping, similar to SpotX, DoubleVerify’s McLaughlin advises buyers and other ad platforms to ensure the impression counts recorded in their ad server are similar or equal to those originating from their verification provider or publisher partner.