A Problem for Publishers – The High Cost of Fighting Malvertising Ineffectively
For just about as long as digital ads have existed, digital ad fraud has existed in parallel, driven by malicious threat actors looking to exploit weaknesses on both the demand and supply side of the digital advertising ecosystem, usually driven by a profit motive. Fraudsters are clever, able to use sophisticated methods to identify weaknesses in every area of the digital ad supply chain, and fool ad operations teams across the ecosystem into not even knowing an active threat inside an ad is waiting to harm visitors.
Ad fraud is a big problem
The scope of the issue can often be daunting for all sides. From the multitude of ad networks delivering more and more programmatic ads to the thousands of digital publishers of varying sizes all struggle to deal with what’s become a systemic problem, and one that is only getting worse with each passing year. In 2017, Juniper Research reported that digital ad fraud would lead to losses of $19 billion in 2018, but they also indicated that these losses would scale over time, predicting that $44 billion could be lost to fraud by 2022.
Ad fraud comes in two different guises: Invalid Traffic (IVT), which can include everything from fake clicks generated by bots, to cookie stuffing and domain spoofing. Historically it’s this side of the ad fraud spectrum that gets the most attention. Brands want to know that each click they are paying for comes from a legitimate user, and have been able to apply pressure on their digital publishing partners to ensure robust methods are in place to verify these clicks they are, well, real.
And what of the other type ad fraud, that emanating from the demand side? This comes in the form of malicious threats designed to harm users directly, via the introduction of malware, phishing attacks, ransomware or forced redirects, all looking to exploit weaknesses that can do real, practical damage to users lives via data harvesting or other dangerous scams.
Malvertising & Hedging
This is often known under the catchall term of “malvertising.” As these users get burned – often repeatedly – they focus their anger on the publishers whose sites they were visiting when they became the victim of an attack. For the publishers this leads to a loss of visitors, making their sites less viable for advertisers which in turn means less revenue to continue generating the content needed to attract a high number of visitors. It’s a vicious circle, and one many publishers aren’t equipped to deal with effectively.
Often, even once a publisher is aware of an issue, they might not be aware of the best ways to fight these types of malicious threats and exploits. While many have adopted third party verification solutions to protect their brand partners from fake clicks, they have yet to add technical solutions that can specifically monitor their site pages, or the ad content they have delivered programmatically. This often leads to publishers employing a non-technical solution to try and cut the problem off at the knees: Hedging.
Hedging occurs when a publisher opts to raise their floor prices in an effort to eliminate malicious issues by removing the lower tier pricing. While this can lead to fewer issues overall, it ultimately hurts publishers’ revenue streams dramatically, leading to hundreds of thousands, if not millions, in lost revenue, all of it quite needlessly.
Fighting ad fraud head on
Fighting ad fraud of this nature “head on” is not only a more effective strategy, it also saves a substantial amount of revenue that would otherwise be lost. For publishers who in many cases are already struggling to generate consistent revenue streams, it can mean the difference between staying alive or disappearing entirely. So, how can they fight back?
A first crucial step is to know your demand partners inside and out. This means working with trusted partners only, those that have committed to identifying and eliminating threats before they reach sites and have a chance to harm end users. Many networks and platforms have taken steps to do just that, however just as many – if not more – have not, either due to a lack of care or a perception that it’s the publishers problem to deal with. Publishers need to demand more vigilance from their demand partners, and increasingly they are starting to do so.
However, in an ecosystem increasingly driven by programmatic trading, even the best efforts from demand partners are not enough. This is where third party solutions come into play.
There are highly effective solutions dedicated to using modern browser technology and machine learning to constantly analyse the behaviour of ad content to detect and eliminate threats immediately, meaning they are taken care of before they can ever harm your users. The best providers can deliver comprehensive, multi-faceted solutions to keep ads safe for user engagement, often at the cost of only a handful of dollars a day, far less than the cost of employing a scorched earth policy like hedging.
Bryan Taylor is the Sales Manager for AdSecure, a cybersecurity company that provides digital publishers and ad platforms with solutions to monitor for and detect security threats inside digital ad content, as well as providing ad-quality solutions to measure advertising performance and classify digital content. Reach out to us – contact@adsecure.com to learn more.