Today’s column is written by Asaf Greiner, founder and CEO at Protected Media.
Online fraud is nothing new, but now there are more players. More cyber criminals are profiting, and more people are rallying behind standards to stop them.
The World Federation of Advertisers estimates that within the next decade, fraudulent internet traffic schemes will become the second-largest market for criminal organizations behind cocaine and opiate trafficking. A major Ukrainian crime ring is rumored to have switched from bank phishing scams to online ad fraud because it is so lucrative, and others are likely to follow.
The industry is fighting back by introducing new certifications and standards. At least three separate organizations are promoting their own anti-fraud certification processes, including the Media Rating Council, Trustworthy Accountability Group and the Joint Industry Committee for Web Standards in the UK and Ireland.
Standards Create A False Sense Of Security
Advertisers may be fooled into feeling safe by working with certified companies.
Complex problems require complex solutions. The online fraud industry is still evolving and not enough is known to adequately define a standard that can stop it. Instead, the existing standards focus on governance and require certified companies to add several layers of bureaucracy that can actually slow down the innovation required to stop fraud.
The technical solutions that are dictated by standards are typically mediocre or vague. Vendors that sit on committees are not motivated to share their secret methods for detecting fraud, since their unique intellectual property pays the bills.
In addition, there is a simple timing issue. By the time all the ruling committees’ members agree on which type of fraud should be addressed by their standard, the deceptive tactic has already been replaced by a more sophisticated method.
There is also the risk that vendors will become complacent with their certifications and won’t be motivated to invest in improving on their fraud-detection and prevention capabilities.
Standards Don’t Help The Organizations They Are Designed To Protect
Sadly, the people who benefit the most from introducing and policing standards are not the organizations they are supposed to protect: advertisers.
Instead, incumbent vendors protect themselves by creating a barrier of entry for new players who are forced to invest in lengthy and costly compliance procedures. Many of the standards’ bodies are influenced by legacy companies that aim to standardize around their products.
One of the biggest beneficiaries of certifications is the certification auditors, which are typically the huge accounting firms. Each certification can cost up to $100,000 a year when you add up initial fees for auditors and the labor hours required to complete forms and do walkthroughs of internal processes. All of these costs siphon off resources that vendors could be using to develop new, more effective fraud-detection systems.
Cybersecurity Methods To Detect Online Fraud
One of the best ways to prevent fraud is to have a better understanding of criminal behavior. This can be achieved by having bot-virus experts perform an in-depth analysis of threats. By continuously discovering new methods to commit fraud there is a greater chance that fraud can be detected and prevented.
Rather than relying only on certifications, independent third-party labs should continuously evaluate solutions by doing technological bake-offs. When vendors compete to prove their capabilities, the bar on performance is constantly raised.
Everyone’s happy to sign up and support standards because it’s comforting to feel a complex problem can be solved by buying a certified solution. However, fraudsters are continuously developing new techniques to trick the system, and static standards and certifications aren’t flexible enough to catch them.
If vendors are spending their energy documenting their compliance with standards rather than developing better technology, the more standards and certifications, the better, as far as the fraudsters are concerned.
Follow AdExchanger (@adexchanger) on Twitter.