How to select a fraud detection provider

06/27 By Michael Krauss

Everyone acknowledges that fraud in online advertising is a difficult and rapidly evolving challenge. It requires technological capabilities, expert knowledge across several disciplines, and the ability to rapidly innovate in response to new threats. Fortunately for advertisers, there are a number of vendors that offer some combination of those qualities. Unfortunately, it can be challenging to cut through the noise to determine which can offer the protection you need.

Many accredited vendors can measure and filter invalid traffic (IVT), the designation the MRC gives to impressions that are not fit to pay for. But despite their accreditation, these vendors don’t always agree on which impressions are bots and which impressions are not. Furthermore, it’s worth noting that not all IVT is fraudulent in nature, and some vendors use varying (and often insufficient) methodologies to distinguish between the two types of IVT, which the MRC has designated General Invalid Traffic (GIVT) and Sophisticated Invalid Traffic (SIVT). Fraud requires malicious intent, and there are several types of GIVT that serve a legitimate business purpose, such as creative testing, publisher performance tools, and ecosystem bots that help optimize publisher sites and carry out vital operational functions. While these functions are legitimate, the traffic they generate still not something advertisers should pay for. That’s why it’s important to work with a partner that fully understands IVT and fraud and leverages trustworthy technology to detect, protect, and report.

So how do you choose who to partner with to fight fraud? There are a few criteria you can use to determine which vendor will serve you best, and some produce better results than others.

Biggest number, best vendor?

You could simply go with the vendor that reports the highest fraud rates. Certainly, if they are reporting more fraud that means they are finding more fraud, and if they’re finding more fraud then they must have superior techniques, right? WRONG.

This method has upsides For example, as a buyer, you will be paying for fewer impressions. However, there are also downsides to this approach. Detecting bots can be a tricky business. If your detection methods are not finely tuned then it’s likely that you could be calling valid impressions fraud, when they actually represent valuable human traffic. These false positives reduce a buyer’s access to desirable inventory, causing friction with media partners and operational challenges.

Consider this real example observed by IAS. A large investment bank was using a corporate VPN. Because all of the employees of that bank were behind that VPN, their impressions were routed through a data center IP address. Fraud detection providers relying on IP level blocking, instead of precise machine-level blocking, blacklisted the IP address because it was a datacenter. As a result, impressions from any employee at the global financial institution were inadvertently blocked. If you are an advertiser targeting high-income people, this inaccurate methodology would cut off your real and valuable slices of traffic and also raise the volume of reported fraud.

Mix and match?

Another popular, but problematic, approach to fraud detection is to aggregate results from multiple vendors. The thinking here is that the combination of multiple vendors using different methodologies will weed out all the potential fraud from a campaign. Unfortunately, this method also comes with its share of drawbacks.

Like any approach to fraud that prioritizes volume of reporting over precision, this method is bound to lead to false positives that can cut advertisers off from valid and valuable impressions. This challenge is further complicated by the use of multiple vendors because once you’ve identified false positives, you also have to identify which vendors to contact in order to resolve the problem.

Utilizing multiple vendors for fraud detection also presents the challenge of cost and operational lift. Each vendor comes with its own set of associated costs and may not produce a meaningful increase in true positive detection. Add to these costs the operational lift of aggregating and deduplicating any overlap on an impression by impression basis. This process is complicated and time-consuming, adding additional strain to campaign teams who must then explain their methodology to media partners.

The Multi-Faceted Future

For most advertisers, the best answer is to find a vendor that offers a multi-faceted approach to fraud detection that values precision. Fraud is a pervasive problem, but taking a surgical approach allows advertisers to be certain that their campaign spend isn’t being wasted on bots and other forms of IVT, without needlessly choking off access to valid impressions through a wave of false positives. Full disclosure: this is the kind of solution that IAS is proud to offer.

Our multifaceted approach to fraud rests on three essential pillars:

Behavioral and Network Analysis: We use big data to identify anomalies that indicate fraud by analyzing billions of impressions on a daily basis – more impressions than any other company.

Browser and Device Analysis: We analyze the technological fingerprints of browsers and devices in order to uncover bots fraudulently posing as human users. We can validate what type of mobile or desktop device a browser is running on, providing additional context with which to identify fraud.

Malware Analysis and Targeted Reconnaissance: Our analysts reverse engineer bots and other forms of malware to figure out how they work, and we use these insights to constantly enhance our bot detection technology.

We also believe in applying a holistic model of fraud detection. We combine deterministic methods that evaluate at the impression level with probabilistic data and machine learning that can identify likely fraud patterns. The combined effect affords IAS clients with full fraud coverage that vendors limited to a single detection method cannot provide without the risk of losing significant amounts of traffic to false positives. Fraud is a single piece of the larger puzzle of verification. A comprehensive and multi-faceted fraud solution is most effective as part of a full verification suite that protects against related challenges like unviewable inventory and unsafe content.

What’s next

We recently rolled out enhancements to our user agent spoofing detection that allow us to detect instances of fraud in new browser versions quickly and at scale. This update uses machine learning and big data together to quickly identify fraud. Advertisers who use other fraud detection providers are missing out on quality audiences and inventory just because a user upgrades their browser i.e. to a newer version of Safari. These providers are unable to catch this because they are either using unsophisticated, singular methodologies (i.e. deterministic only) or are incorrectly reporting false positives. Our machine learning-based solution accounts for these browser updates immediately and protects our clients with utmost speed and accuracy. We continue to make regular enhancements to our fraud technology in order to provide our clients with world-class service and support.

Michael Krauss is VP Product Management, Verification, at Integral Ad Science

Want to learn more about fraud? Check out our explainer on how to classify invalid traffic here.