opinion

Fighting Malvertising Ineffectively Is Costly

Fighting Malvertising Ineffectively Is Costly

For just about as long as digital ads have existed, digital ad fraud has existed in parallel, driven by malicious threat actors looking to exploit weaknesses on both the demand and supply side of the digital advertising ecosystem, usually driven by a profit motive.

Fraudsters are clever, able to use sophisticated methods to identify weaknesses in every area of the digital ad supply chain, and fool ad operations teams across the ecosystem into not even knowing an active threat inside an ad is waiting to harm visitors.

Fraudsters are clever, able to use sophisticated methods to identify weaknesses in every area of the digital ad supply chain, and fool ad operations teams.

The scope of the issue can often be daunting for all sides. From the multitude of ad networks delivering more and more programmatic ads to the thousands of digital publishers of varying sizes, all struggle to deal with what’s become a systemic problem, and one that is only getting worse with each passing year. In 2017, Juniper Research reported that digital ad fraud would lead to losses of $19 billion in 2018, but they also indicated that these losses would scale over time, predicting that $44 billion could be lost to fraud by 2022.

Ad fraud comes in two different guises: Invalid Traffic (IVT), which can include everything from fake clicks generated by bots to cookie stuffing, and domain spoofing. Historically it’s this side of the ad fraud spectrum that gets the most attention. Brands want to know that each click they are paying for comes from a legitimate user, and have been able to apply pressure on their digital publishing partners to ensure robust methods are in place to verify these clicks are, well, real.

And what of the other type of ad fraud, that is emanating from the demand side? This comes in the form of malicious threats designed to harm users directly, via the introduction of malware, phishing attacks, ransomware or forced redirects, all looking to exploit weaknesses that can do real, practical damage to users’ lives via data harvesting or other dangerous scams.

This is often known under the catchall term of “malvertising.” As these users get burned - often repeatedly - they focus their anger on the publishers whose sites they were visiting when they became the victim of an attack. For the publishers, this leads to a loss of visitors, making their sites less viable for advertisers, which in turn means less revenue to continue generating the content needed to attract a high number of visitors. It’s a vicious circle, and one many publishers aren’t equipped to deal with effectively.

Often, even once a publisher is aware of an issue, they might not be aware of the best ways to fight these types of malicious threats and exploits. While many have adopted third party verification solutions to protect their brand partners from fake clicks, they have yet to add technical solutions that can specifically monitor their site pages, or the ad content they have delivered programmatically. This often leads to publishers employing a non-technical solution to try and cut the problem off at the knees: Hedging.

Hedging occurs when a publisher opts to raise their floor prices in an effort to eliminate malicious issues by removing the lower-tier pricing. While this can lead to fewer issues overall, it ultimately hurts publishers' revenue streams dramatically, leading to hundreds of thousands, if not millions, in lost revenue, all of it quite needlessly.

Fighting ad fraud of this nature “head on” is not only a more effective strategy, it also saves a substantial amount of revenue that would otherwise be lost. For publishers who in many cases are already struggling to generate consistent revenue streams, it can mean the difference between staying alive or disappearing entirely. So, how can they fight back?

A first crucial step is to know your demand partners inside and out. This means working with trusted partners only, those that have committed to identifying and eliminating threats before they reach sites and have a chance to harm end users. Many networks and platforms have taken steps to do just that, however just as many - if not more - have not, either due to a lack of care or a perception that it’s the publishers’ problem to deal with. Publishers need to demand more vigilance from their demand partners, and increasingly they are starting to do so.

However, in an ecosystem increasingly driven by programmatic trading, even the best efforts from demand partners are not enough. This is where third party solutions come into play. There are highly effective solutions dedicated to using modern browser technology and machine learning to constantly analyze the behavior of ad content to detect and eliminate threats immediately, meaning they are taken care of before they can ever harm your users. The best providers can deliver comprehensive, multi-faceted solutions to keep ads safe for user engagement, often at the cost of only a handful of dollars a day, far less than the cost of employing a scorched earth policy like hedging.

Bryan Taylor is the sales manager at AdSecure, a cybersecurity company that eliminates threats inside digital ads and offers ad quality solutions for ad platforms, publishers and app developers.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

Best Practices for Payment Gateway Security

Securing digital payment transactions is critical for all businesses, but especially those in high-risk industries. Payment gateways are a core component of the digital payment ecosystem, and therefore must follow best practices to keep customer data safe.

Jonathan Corona ·
opinion

Ready for New Visa Acquirer Changes?

Next spring, Visa will roll out the U.S. version of its new Visa Acquirer Monitoring Program (VAMP), which goes into effect April 1, 2025. This follows Visa Europe, which rolled out VAMP back in June. VAMP charts a new path for acquirers to manage fraud and chargeback ratios.

Cathy Beardsley ·
opinion

How to Halt Hackers as Fraud Attacks Rise

For hackers, it’s often a game of trial and error. Bad actors will perform enumeration and account testing, repeating the same test on a system to look for vulnerabilities — and if you are not equipped with the proper tools, your merchant account could be the next target.

Cathy Beardsley ·
profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
opinion

Creating Payment Redundancies to Maximize Payout Uptime

During the global CrowdStrike outage that took place toward the end of July, a flawed software update brought air travel and electronic commerce to a grinding halt worldwide. This dramatically underscores the importance of having a backup plan in place for critical infrastructure.

Jonathan Corona ·
opinion

The Need for Minimal Friction in Age Verification Technology

In the adult sector, robust age assurance, comprised of age verification and age estimation methods, is critical to ensuring legal compliance with ever-evolving regulations, safeguarding minors from inappropriate content and protecting the privacy of adults wishing to view adult content.

Gavin Worrall ·
Show More