Are You an Unknowing Victim of Ad Fraud?
For this episode of Essential B2B, Joe was joined by Rich Kahn, CEO and Co-Founder of Anura.io. Rich talks through the basics of ad fraud with Joe, including a shocking statistic which sheds light on just how much ad fraud is causing businesses to lose! They talk through prevention tactics and diagnostics, as well as what companies like Google are doing to police ad fraud!
Hello and welcome to the Essential B2B podcast brought to you by Lead Forensics. I am your host, Joe Ducarreaux. I was joined by Rich Kahn from Anuera who is an expert in all things ad-fraud. He’s got some amazing statistics behind exactly how much ad-fraud is going on and what you can do to prevent it. Or at least minimise it.
So without further ado, please enjoy this episode of the Essential B2B podcast.
Joe: When I was younger I was always taught if you were going to be discussing anything, rule one is define your terms. So what do we mean by advertising fraud? What is it and why is a significant concern to us?
Rich: Advertising fraud, the way we define it is typically somebody other than a real person interacting with your advertising budget. So typically bots, malware or human fraud forms clicking on ads for the sole purpose of making money directly or indirectly.
That’s technically our definition so the reason why we bring it up as such a big problem is last year as a global society we tipped over $500 billion in ad spend on digital marketing. A big number. Well, it’s estimated that over £100 billion was stolen to ad fraud.
Joe: Was that just last year alone?
Rich: Just last year. If you go based on that level, we see it a little higher than that but if you go based on that number, that’s 1 in 5 dollars that you spend on marketing right now, is lost to fraud.
Joe: That’s too much to ignore, isn’t it? That’s an absolutely insane number. So what are those common types, you mentioned the pay per clicks. What are those common types of fraud that we should be aware of?
Rich: We’ve got a variety of different types of fraud. You have click fraud, lead fraud, billing fraud, programmatic fraud, email marketing fraud, Every channel of marketing has some level of fraud because there’s a way to get into that system. It also ranges. If you are buying from just Google Search, just on Google’s network you will probably find 5-10% fraud. If you are buying on a Google display network you will probably find 50% fraud. If you are buying programmatic 50%, product affiliates 45% of products. So every channel has its own average of fraud that’s associated with it.
We try to talk to people and the first question is identify how much is fraud (inaudible) and that’s going to come down to how you are managing your campaign, what channels of marketing are you using. At the end of the day you can scan and figure out what percentage exactly that you are dealing with. Then identifying it at a level deep enough that you can start doing something about it. Let’s face it, the problem that everybody has is the marketing space was not created overnight so it’s not going to be fixed overnight.
Sure, we have a real-time filter that we can flip on and block the fraud in real time but in many cases you are still paying for it. So you want to identify it at a level that you can eliminate it from where you are buying it from so you stop paying for it. What’s going to happen is, it’s obvious if you stop paying for fraud which is truly non-converting traffic you’re going to see a lift in ROI.
Joe: Who is it that is committing ad fraud then? Do we know who these people are?
Rich: Fraudsters! That’s what we call them.
Joe: Beyond that is there any sort of group that is using it? Anyone in particular?
Rich: Yeah we find it is usually organized crime mostly, around the globe. When you look at a lot of click farms, this is 100’s of people sitting in a warehouse behind a computer at a little desk knowingly committing fraud, which is knowingly stealing money from people and it’s organized. Organized crime is essentially what’s happening and because of the privacy laws that exist; like the cookie privacy law, every website you visit now you’ve got to approve the cookies or every site you go they talk about privacy. Having privacy that protects your rights also protects the rights of a fraudster. So it makes it more and more difficult legally to be able to identify these people and eliminate them.
The problem is there are many of them that even if you identify a group that’s attacking you and you shut them off, it’s like playing a game of Whack A Mole. They come back again and you keep shutting off, shutting off, shutting off and they just keep bouncing back because there are so many of them. If there is a way to defraud whatever type of marketing that you are doing, and there always is, they are going to continue to do it and make money. So the idea is to avoid it by understanding exactly where it is coming from and how to prevent that from coming in further.
Joe: I don’t know what I was expecting but I didn’t expect the answer to be just upgraded bank robbers.
Rich: The difference with bank robbers, if you’re a bank robber and you walk into a bank and hold them up with a gun, you broke the law. Ad fraud is not as clear cut. The laws are just starting to come out. They don’t specifically talk about ad fraud but they’re some laws that have come out recently, within the past couple of years that if you identify somebody committing ad fraud that you can go after them legally.
The problem is identifying them, they are experts at hiding themselves. Making themselves look like a real person and fraud comes in many different shapes and sizes when it comes to that stuff.
Here’s a great example, in America there is a commercial and it’s probably a few years old at this point. It’s an older gentleman sitting on his back porch and he’s in front of a laptop and he lifts up a credit card and he says, I’m about to make a purchase and his voice is like that of an 18 year old girl. That’s a good example of a credit card fraud where he’s not dumb enough to do that on his IP address sitting on his network at home. Even though the IP address constantly changes, legally they can go and recover that IP address from the system and find out exactly who committed it. So that individual has to hide themselves digitally on the internet so they don’t get caught doing what they do.
That’s exactly what happens, they hide themselves in such a way that with the privacy laws it’s very difficult to uncover that. It’s a very expensive and a very litigious process.
Joe: You mentioned there are laws coming to help police this sort of thing but is there anything that companies like Google do to police it at all?
Rich: I believe in the good of everybody, so I believe these big companies are doing stuff to identify fraud. If you are buying traffic from Google you will typically get a report every now and again that will show you all the traffic you bought. It will have a column called Invalid Traffic, where it discusses traffic they have found that was fraudulent after the fact and they’ll give you credit back for it. They are not catching it all, we’re still seeing a lot that they are missing. But they genuinely do stuff, in fact Google, we will pack on Google because of the 800 pound Gorilla. Google, I want to say it was in 2014 bought two fraud detection companies. One called The Dometry and one called Spider.io if I remember correctly, for $0.25 billion between the two of them to help improve their fraud detection techniques.
I do believe the bigger companies spend and resource and that’s why generally speaking the bigger companies tend to have less fraud than the other channels because they are focusing on that level of fraud and doing some type of fraud detection.
Joe: That was going to be my next question, yeah.
Rich: I knew it was coming as I get that all of the time. That’s a moral question really, I believe the good in people so I yes, they’re doing what they believe. Let’s face it, Google has the resources to throw billions at solving the problem. They are probably not because they’ve got so many other coals in the fire that they are working on and fraud if just one aspect of it. So while I do believe they are spending money trying to solve it, I can clearly see they haven’t solved the problem.
Joe: That’s quite a diplomatic answer for quite a tricky question. You don’t want to say Oiya sort your stuff out, come on!
Rich: And I don’t want them to shut my Google account down!
Joe: Well there’s that as well. So what measure can we take then to minimise the amount of fraud that’s going on?
Rich: It’s follow the money. Watch your back-end conversions, watch your data. Most people I talk to know they have a problem. If you have a 5% problem it kind of gets hidden in the noise, they really don’t know it. Once it breaks 10, 15, 20%, they know there’s a problem. So we get on a phone call with somebody, the first question I like to ask is what got us on this call? Because I know something triggered the event to say I need a fraud solution company. Then they will pick up the phone and call us. I try to figure out what that event was. Did they just lose a client?, did they get sued for TCPA violations? did they get a bad rash of leads? What happened that caused us to get on the call?
You can look at the data and you can identify that yes you have fraud and if you can zero in on the source you can try to minimise your purchasing of that traffic. I hate throwing the baby out with the bath water, so to speak. If you have a source of traffic that is pushing 25% of fraud, they’ve still got 75% of good. I hate to turn the source off altogether because that costs you money. The only way I know to get down, granular to the individual, the click and the visitor is to employ a fraud detection solution.
20 years ago my wife and I started a marketing company, 2 years into it we realised there was a fraud problem starting to emerge. So I thought hey let me just go and find a fraud detection company, slap it on and call it a day and I can then just focus on my company. In 2005 nothing existed. So that’s when I said, well I’m a developer I can figure this out and I started writing my own solution because I wanted to get granular with the data. In 2005, we’re talking about 18 years ago, it was fairly easy to identify and mark it. And then it wasn’t and it got more and more difficult and then AI kicked and then machine learning is kicking in. All these technologies are making it easier and easier for fraud committers to commit more fraud and harder for the detection companies to find it.
About 10 years, are you familiar with the MRC (the Media Rating Council)? The MRC has been around for decades and they are known for setting standards for different processes and stuff. They do a lot of different things. But about 10 years ago they set standards for a fraud detection company to follow. They are publicly available so if companies want to start delving into what it takes to build a solution internally, there is a published set of standards that they should be following in order to eliminate fraud internally. It always comes down to the questions of is it cheaper to build or buy? We like to think it is way more cost effective to purchase a solution than it is to build one, because we know what it costs to build one!
Anyway, they built a set of standards and it says fraud detection solutions should be following this process, this is a minimum standard they need to follow. While there are right now 75 -100 different companies in the marketplace that use some type of fraud detection, there are literally only 8 that are certified to follow those standards. So that’s important. If you’re going to lease a solution from somebody make sure that they are following the basic standards that have been established by the MRC.
But getting back to your question, it’s not simple. It used to be a lot easier to be able to do it. Now you can identify in general you have a fraud problem and it may be coming from paid search or paid social or affiliate marketing or programmatic but getting down to the level and detail you need to take some action against it is a lot more difficult today than it was yesterday.
Joe: We say that’s what you need to do once you’ve identified you might be having a fraud problem. What might be some of the triggers that would initiate that thought? What can we look out for to say ah I think something is going on here. What are those indicators that show you are being defrauded?
Rich: Sure, there’s a lot of them and every channel has something different. Let’s say if you are buying a lot of search traffic, you could have a high level of clicks and a low conversion rate or a high level of clicks and an artificially high conversion rate. Something that doesn’t seem normal, like if something seems too good to be true it usually is. If you are normally converting on your website at 1 or 2% and all of a sudden you get a source of traffic converting at 10%, look at the conversions. What does the conversion mean to you?
One of the best ones is lead generation. Most companies ultimately come down to a point of generating a lead or a sale. Lead generation is fairly simple. Let’s say, like on my site, I want to drive in new clients. So I drive traffic to the site, people peruse my site and they say yes I want to talk to an expert. They will fill out a form which is a lead, they hit submit and it comes into our network.
The first thing you want to do is find out did the person actually fill out that form. Because lead fraud will actually come along and fill out the form. Maybe what they will do is come along and say here’s Joe’s information, his email address, his phone number, everything about him. Yes he wants to talk to someone about fraud detection. Then somebody on my team will get the lead and look it up and say okay I’m going to call Joe. Pick up the phone, they’ve got the right number, they call Joe and Joe says I never filled out that form. That’s a sign of fraud.
Or, if your phone starts ringing and you don’t recognise the number, the chances are that you don’t answer the call. So another example of identifying you have a fraud problem is that you have a group of leads that are hard to reach because they are not expecting your call.
Like I said, if you fill out that form yourself, hit submit and a couple of minutes later your phone rings, you are kind of expecting the call so you tend to answer those calls. But if you don’t recognise the phone number most people nowadays won’t answer the call.
So it’s paying attention to details like that. Maybe you are an eCommerce site, then all of a sudden you start noticing your call back ratio is going up. That’s another sign that fraud could be at play. We run into a lot of companies that once they breach a certain level of fraud on their merchant account, they then get pushed to a high risk account. Now they pay higher fees and if they go over a certain percentage of fraud on that high risk merchant account they lose their ability to charge credit cards over the internet. That’s pretty much death for an eCommerce company. So these are some signs to look out for.
You can have a campaign that’s running on programmatic where the average click through ratio is 0.15% and then all of a sudden you are getting a 3 or 4% click through on the net. If your normal conversion rate is a certain level and you see a significantly higher or a significantly lower rate, something is going on.
Those are just some symptoms and signs you will start to pick up on that shows you might have a fraud problem.
Joe: You mentioned earlier in answer to one of my previous questions that machine learning and AI is making things harder to detect and harder to stop fraudsters. Are there any applications for AI in prevention? Is there any way we can be using AI to help identify problems or even identify fraudsters at all?
Rich: There are some solutions in the marketplace that use AI. We tested AI heavily ourselves, we don’t trust it. It’s not there yet. A lot of false positives. Our claim to fame with our product is no false positives. Because in any space you buy a piece of software…… we’re using Re-stream right now to do this. You bought the product, you expect it to do a job and that’s what it’s supposed to do. So you run the software and it does it. Why? Because it’s doing what it’s supposed to do. In my space, fraud detection companies are supposed to find fraud but on average most fraud vendors in the marketplace have a 10 or 15% false positive rate. Which means they are mis-marking real people as fraud.
The niche that we chose to pick was the performance marketing side. You don’t have room for false positives. I’ll give you an example; I have a large gaming company operating out of Germany. They have tens of thousands of people logging in to play games every single day and we’re using the front end to prevent bots from logging in and creating bogus accounts. If we are wrong even by a fraction of a percentage, they are going to have hundreds of people not being able to log in to their system, making phones asking why can’t I log into my system. Their phone is ringing off the hook, my phone is ringing off the hook. So what we focus on is performance marketing because of our solution being so accurate we basically claim there are no false positives. We have a 99.99% accuracy rate when identifying fraud.
So again, when you are looking at that marketing space it comes down to what’s important for you and for us it’s making sure that you are accurately identifying the fraud.
Joe: You say you are distrusting of Ai. Do you think there will come a time when it will start working in the way you want it to or is it very much it’s just not going to happen?
Rich: I believe it will. There’s nothing that you can’t accomplish in code. I’m a developer so anything you can think of you can do in code. I just think the AI models we tested and played with weren’t quite up to snuff where we wanted them yet. We still deploy machine learning and we apply it where machine learning for us to syphon through the billions of visitors that we see everyday and help us identify anomalies. The anomalies then go to our engineering team who have been working on this project for the past 10-15 years. They know what to look for and identify. So we don’t trust the machine to make that judgement for us. We do it ourselves, we just have the machine make the recommendations and say hey I think I’ve found something that I don’t understand, what is it? (inaudible) that ‘s good or oh no that’s not good, let’s put out a new update that solves that type of fraud and roll it out.
Machine learning is just rummaging through that data and it’s funny we get hits with our machine learning every day. There’s new threats coming out every single day. We have a couple of our people who act as white hat hackers. So their job is they know all the stuff that we look for, they understand the platform inside and out. It’s their job to get around our system, knowing everything we do. A fraudster doesn’t know what we do. So it’s the old mechanism, security through obscurity, that’s the old saying. Our team knows what we do and their job is to see if they can get around. If they can get around it then we’ve got to solve that problem.
So we have a combination of machine learning and some fun hacking going on in the company at all times to try to figure out if we have loopholes, if something is different. If a new version of software comes out does it have security holes? So we have to test every browser, every version. There’s a lot of work to truly solve the problem.
Joe: As you say, $500 billion was it, $100 billion?
Rich: $500 billion in spend and $100 billion lost to fraud. So I tell people it’s no longer a question of if you have fraud, you have fraud. It’s just how much fraud do you have?
Joe: Rich, I’m going to start wrapping up our conversation here today. It’s been an absolute education for me and it’s certainly opened my eyes to a lot. If you could give everybody listening to this conversation one absolute golden rule, what is the most important thing that they need to take away from this conversation about ad fraud?
Rich: There are so many things. The one thing I would say you can take away from this conversation is that you have fraud. You just need to look for it because most of the time I talk to people and they don’t understand, they say No, no, not me, not me. It doesn’t happen to me. But $100 billion out of $500 billion was stolen. How can you possibly think you were not affected? Everybody is affected, it’s just to what level and what’s your comfort level?
If you are the brand and you are buying, your comfort level is zero. You want no any fraud. Fraud is a reality so you have to make that happen. You have to be realistic about things. What are you doing actively to stop fraud? But the question I always say to people is if the only thing you get out of this call is that you have some level of fraud in your network, then you’ve got some good information.
Joe: You’ve got some value out of this. Fantastic stuff. Rich Kahn, thank you so much for joining me for this.
Rich: Thank you very much, I appreciate it Joe.
Well there we go, that was Rich Kahn from Anura on ad fraud. Some incredible insights there. I really enjoyed that conversation.
Remember to subscribe to the Essential B2B podcasts wherever you get your pods and give us a 5 star rating where possible. We’ll be back next week with another episode of the Essential B2B podcast.