Programmatic mobile ad platforms are an incredibly pervasive tool for modern marketers. They allow companies to cost-effectively target specific groups of customers at scale. With programmatic ads, marketers can limit their audience to the most appropriate market segments and even to customers who have shown a specific buying intent to a specific company’s products.
A programmatic ad platform often has numerous features to make automating and managing online ad campaigns simpler. For example, automated bidding allows marketers to adjust bids for ads based on factors such as click-through rates and impressions on an ad. Other common features include things like machine learning (for placement optimization), campaign reporting tools, and regulatory compliance features (to avoid issues with GDPR or other data privacy regulations).
However, as useful as programmatic advertising platforms can be, there’s a hidden danger that marketers need to watch out for when using them: ad fraud. Many programmatic platforms, both demand-side platforms (DSPs) and supply-side platforms (SSPs) may try to downplay the risk of ad fraud, but it’s a real problem that can cost your business dearly.
The potential cost of ad fraud isn’t limited to only the money wasted on fake leads, clicks, or impressions in your programmatic campaigns. It includes potential lost business opportunities from time wasted on fake leads, increased stress on sales agents trying to contact angry consumers who never opted in to receive communications in the first place, and even fines for TCPA violations costing between $500 and $1,500 per communication.
Knowing how to protect yourself from programmatic fraud on mobile platforms can be key for maximizing your mobile ad ROI while minimizing your business’ risk.
The Rise of Programmatic Mobile Ad Platforms
Programmatic advertising, or the practice of using software to automate the placement of ads in front of a specific audience based on specific rules/attributes, can be traced all the way back to the mid-nineties with the first banner ads. The novelty of banner ads and general unfamiliarity of consumers with the then-new internet contributed greatly to the success of these early banners—encouraging further development of website ads as an advertising medium.
As noted by RTBHouse, “in 1996, the first ad server — Double Click — was created… in time, new servers were built and the first network for advertising started to take shape.” From there, there was a buildup of systems and networks to help automate ad placements that resulted in the demand-side platforms (DSPs) and supply-side platforms (SSPs) that are so familiar to marketers today.
What makes programmatic advertising, especially on mobile devices, such an attractive option that many businesses are willing to put up with the risk of ad fraud? One reason is how cost-effective programmatic ads are compared to other marketing channels.
In 2023, it’s projected that the average cost per lead for a programmatic advertising campaign will be about $38 while premium display ads average $63 per lead and search engine advertising will cost about $110 per lead (Source: Linchpin SEO). In other words, for every lead you generate through search engine advertising, you could generate nearly three leads in a programmatic campaign.
This may help to explain why annual programmatic ad spend was over $418 billion globally in 2021, and is projected to reach $724 billion by the end of 2026 (Source: Statista).
Unfortunately, wherever there’s a large amount of money to be made, there will inevitably be someone there to try to take advantage of others. Or, when billions of dollars are at stake, a great many fraudsters will appear.
What Is Programmatic Fraud?
Programmatic fraud is a subset of ad fraud that specifically targets programmatic advertising campaigns and networks for financial gain. Some common characteristics of mobile programmatic fraud include:
- Zombie Bots. Zombie bots are programs that are used to allow someone to remotely control a device—typically without the device owner’s knowledge or consent. This malware can be used to perform a variety of tasks, including engaging in programmatic ad fraud.
- Fraudsters often use massive networks of zombie bot-infected devices to conduct click fraud against programmatic display ads. The bots in the net can click on countless instances of a display ad across different websites. Because each bot has a different IP address, they’re almost impossible to stop with methods like IP blocking.
- Large-Scale Malware Deployments. To build their botnets (assuming they don’t simply buy or lease a pre-made botnet), fraudsters may deploy malware to mobile app stores. In many cases, the malware is buried within an innocuous freebie app where unsuspecting device owners can download their “free” app. Whenever the device isn’t in use, the malware activates and starts using the device’s internet connection to run scripts in the background. So, the discovery of large programmatic fraud schemes may often uncover enormous malware attacks as well.
- Domain Spoofing. Some fraudsters try to trick ad networks and their customers into spending more on advertising on their site by posing as a more reputable or trusted website domain. This practice is known as domain spoofing. The fraudster replicates the look of a well-known website, registers a domain name that is close to the domain of that site, and offers ad space on their faked site through a supply-side platform. Then, they sit back and start collecting a cut for every programmatic ad that is mistakenly placed on their site.
How Do Fraudsters Benefit from Programmatic Ad Fraud?
So, why and how do crooks engage in programmatic fraud? While there are many potential motivations, such as a competitor wanting to keep your ads from appearing in front of customers or even political activists looking to cause harm, the most common motivation is to make money.
Fraudsters can make money off of programmatic ad campaigns in a few ways. For example, they could sell ad space on their website and make money by using bots to click on whatever ads are placed there. Another method is by using domain spoofing to get money out of SSPs.
Some fraudsters might try to maximize their illicit ad gains by employing dirty tricks like ad stacking or pixel stuffing—allowing them to claim credit for displaying ads that are, in reality, invisible to website visitors.
One of the most common strategies is for fraudsters to use bots to click on ads that appear on websites they control and, in many cases, even fill out the lead generation forms that those ads lead to.
The problem is that it is incredibly easy for even an amateur to engage in bot-based ad fraud because the barrier to entry is low. Even without any bot programming skills, a wannabe criminal mastermind can lease a pre-made botnet for an average cost of less than a dollar per bot (Source: Kaspersky).
How to Stop Programmatic Ad Fraud
So, what can you do to protect your marketing budget from ad fraud and maximize your programmatic advertising ROI? There are a few strategies for minimizing the impact of programmatic fraud, such as:
- Verifying Where Display Ads Will Be Placed. Because domain spoofing is an integral part of programmatic fraud, taking the time to vet the websites where your ads will appear can be an excellent way to avoid such fraud. For example, you could check the domain name to see if it has any typos or added numbers, verify that the website owner in the site’s registry matches what it should, or that the domain is one that is commonly known to have display ads. These can all be strong indicators that the domain name is spoofed.
- Looking for Abnormalities in Marketing Data. Reviewing your marketing data for unusual activity, such as large increases in clicks or form fills without any increase in conversions, a spike in complaints about unwanted marketing calls, or a massive rise in ad spend can be a vital clue that your programmatic campaign is suffering from fraud. If your marketing analytics can tell you where the increase in fruitless clicks and leads came from, then you may be able to weed out a potential source of fraud by asking your DSP to not display ads on that domain.
- Checking Your DSP’s Ad Fraud Protection. Many programmatic advertising networks claim to protect their ads from fraud. However, not all ad fraud solutions are created equally. It’s important to vet your DSP’s ad fraud solution by looking for any certifications that it might have earned—such as the Trustworthy Accountability Group’s (TAG’s) Certified Against Fraud
- Acquire Your Own Ad Fraud Solution. Instead of relying on an uncertified ad fraud solution from a DSP that may not be alert enough against programmatic fraud, it can help to get your own solution from a trusted and certified source. With your own ad fraud detection tool, you can independently verify the quality of the clicks and leads that your programmatic campaigns bring in and, if necessary, confront your DSP or the fraudster for ad credits/refunds to recoup the money lost to fraud.
Of these options, acquiring your own ad fraud solution is the most reliable way to stop ad fraud. Manually detecting fraud requires extensive experience in dealing with fraud and takes a long time to do. Meanwhile, DSPs don’t always have the right tools to reliably identify fraud without throwing out valid leads.
Need to protect your online ad campaigns from fraudsters? Get started by reaching out to Anura today!