The Ad Fraud Gravy Train Keeps Chugging Along — No Matter What …

xbnAd fraud is quite a large issue for online advertisers – and it’s been on many companies’ radar screens for a long time.

But even with the higher visibility and greater scrutiny of online ad fraud, it seems to be a problem that only gets bigger.

The most recent example of the phenomenon came to light a few weeks ago, when ad fraud prevention consulting firm Pixalate announced that a newly discovered botnet has been draining literally billions of dollars from advertisers’ MarComm coffers.

The botnet is dubbed Xindi – the same name as the hostile aliens in the Star Trek sci-fi TV series.

Xindi is making money for its creators by serving actual ads – but to simulated audiences.  It has spread via familiar methods such as phishing.

Pixalate estimates that just shy of 78 billion fake ad impressions have been racked up so far.  Even at low cost-per-impression revenue figures, the high volume amounts to several billions of dollars of illicit revenues siphoned (and counting).

What makes the Xindi botnet particularly nettlesome is that it’s designed to go after computers and networks at high-end organizations, enabling it to “mimic” desirable web traffic (i.e. affluent consumers).

xbotAccording to Pixalate, already there could be as many as 8 million computers compromised in more than 5,000 networks, including a goodly number of Fortune 500 companies as well as university and governmental networks.

Such desirable locations and ad audiences translate into lucrative online ad pricing (CPMs of $200 or more).

In the event, advertisers are paying high prices … for nothing.

To counteract Xindi, Pixalate recommends that the Internet Advertising Bureau update its protocols to factor in the pace of ad requests, so that impression generated after a certain time period cannot be accepted as valid — and hence would be non-billable.

Whether this or other remedies will actually happen is up in the air at the moment (the IAB isn’t onboard with the recommendations).

Either way, what seems clear is that whatever the remedial actions that are taken, burgeoning ad fraud activity is bound to continue.

The question is, can it ever be contained, or will it just continue to grow and grow?  If you have any thoughts or ideas on the challenge, please share them with other readers.

Click Wars Opening Round: Plaintiffs 1; Facebook 0

I’ve blogged before about the issue of click fraud, which has many companies wondering what portion of their pay-per-click campaigns are simply wasted effort.

Until now, Google has been the biggest target of blame … but now we’re seeing Facebook in the thick of it also.

It’s only been in the past year that Facebook has made a real run for the money when it comes to paid search advertising. There are some very positive aspects to Facebook’s advertising program, which can target where ads are served based on behavioral and psychographic factors from the Facebook profiles of members and their friend networks. This is something Google has had a difficult time emulating. (Not that they haven’t been trying … which is what the new Google +1 beta offering is all about.)

But now, Facebook is the target of a lawsuit from a number of advertisers who contend that there are major discrepancies between Facebook’s click volume and the companies’ own analytics programs which suggest that the purported clickthrough activity is significantly inflated.

As an example of one company that is a party to the lawsuit, sports fan site RootZoo alleges that on a single day in June 2010, its software programs reported ~300 clicks generated by Facebook … but Facebook charged RootZoo for ~800 clicks instead.

While contesting the allegations vigorously, Facebook’s attorneys have also argued against the company having to disclose the source code or other details of how it calculates clickthrough activity, citing fears that the proprietary information could be leaked to outside parties (competitors) as well.

But that argument fell on deaf ears this past week. Instead, Facebook has been ordered by the U.S. District Court in San Jose, CA to disclose a wide range of data, including its source code for systems to identify and filter out invalid clicks.

In making this decision, Magistrate Judge Howard Lloyd stated, “The source code in this case implemented Facebook’s desired filtering, and whether that filtering [has] lived up to Facebook’s claims and contractual obligations is the issue here.”

This ruling appears to call into question the sweeping terms and conditions that Facebook advertisers are required to sign before beginning a media program. The relevant language states: “I understand that third parties may generate impressions, clicks or other actions affecting the cost of the advertising for fraudulent or improper purposes, and I accept the risk of any such impressions, clicks or other actions.”

[This isn’t the only incidence of Facebook’s broad and restrictive stipulations; another particularly obnoxious one deals with “ownership” of content posted on Facebook pages – basically, the content creator gives up all rights of control — even if the content came to Facebook through a third-party source.]

But in this particular case, evidently the terms and conditions language isn’t sweeping enough, as Judge Lloyd ruled that the plaintiffs can sue on the basis of “invalid” clicks, if not “fraudulent” ones.

Touché! Score one for the judges against the lawyers!

Of course, it’s way too soon to know how this particular case is going to play out – or whether it’ll even get to court. It’s far more likely that Facebook will settle with the plaintiffs so as not to have to disclose its source code and other “trade secrets” — the very things that cause so many marketers to see paid search advertising as a gigantic black hole of mystery that is rigged against the advertisers no matter what.

But one thing is easy to predict: This won’t be the last time the issue of pay-per-click advertising is brought before the courts. Whether the target is Facebook, Google or Bing, these skirmishes are bound to be part of the business landscape for months and years to come.

Click fraud: How much is really out there?

One of the knocks against pay-per-click advertising is concern about fraudulent clicks being made on online ads that cost advertisers money and drain their account budgets needlessly. And while Google, Yahoo and various online publishers have long held that their SEM operations can detect patterns of fraud and then credit-adjust advertisers’ accounts accordingly, that hasn’t mollified the skeptics at all.

And now SEM critics have new ammunition in the form of two click fraud reports issued in July by Anchor Intelligence and Click Forensics, two of the industry’s leading traffic auditing and traffic quality management firms. Researchers at both companies have discovered that “scripted” programs that click on ads increased in volume during the second quarter of 2009.

Click Forensics estimates that the overall average click fraud rate was nearly 13% over the quarterly period. According to the firm, this also included an ominous rise in “collusion fraud” on advertising networks. That’s when publishers rotate IP addresses (botnets) to click on ads on their own sites to generate inflated commissions from unprotected ad networks. Many ad networks have difficulty differentiating these attacks from valid clicks.

Based on these results, Click Forensics estimates that the amount of money lost yearly due to click fraud exceeds $4 billion. And while a large chunk of those dollars are presumably reimbursed to advertisers in the form of discounts or rebates, it is impossible to know what portion that amount actually represents because SEM program providers don’t share that information with the outside world.

Anchor Intelligence reported even higher rates of attempted click fraud during the second quarter 2009: nearly 23%.

Where are the nefarious attacks coming from? Richard Sim, Anchor Intelligence’s vice president of product marketing, says, “Vietnam stands out in terms of the fraud as a percentage of all traffic. Nearly one out of every two clicks from Vietnam was registered as click fraud.” That’s nearly double the rate of attempted click fraud found by Anchor Intelligence for the next highest ranked countries – Canada at ~28% and the U.S. at ~26%.

What this says is that click fraud is very much with us, despite all of the best efforts that go into trying to root it out. This should be taken into consideration by advertisers when planning and executing an online advertising program. And it wouldn’t be a bad idea to factor in a 15% or 20% “degradation” factor on all advertising goals and results when evaluating clickthrough rates and calculating ROI.

The good news is that, even with this reduction factor applied, when you compare search engine advertising against alternative forms of promotion, it’s still one of the better buys in the business.