Why Mobile Advertisers Need To Take A ‘Belt And Braces’ Approach To Fraud

In a business world where economic growth has proven to be elusive, the mobile advertising industry is a notable exception. Last year the total market was worth around $166 billion, an increase of nearly 30% on 2018. Indeed, some think that the total mobile ad spend this year will surpass that of all traditional media combined.

With so much money around it’s little wonder that the mobile ad sector is attractive to fraudsters. There are many ways in which criminals are targeting the industry, but the most prevalent is organic attribution fraud. Here, fraudsters use malicious code in apps-that millions of us download-to bombard Mobile Measurement Partners (MMPs) with fraudulent clicks in the hope that they are mistaken as the source of the install click.

Mobile ad fraud is a big problem, and it is costing the industry a great deal. One research study found that a staggering $2.3 billion in ad spending was subject to app install fraud over the first six months of 2019.

The problem is also complex, and its consequences are much more than just financial. As Chris Babayode, EMEA managing director at the Mobile Marketing Association, explains: “We conducted a marketer’s survey to identify trends around how they combat fraud, their current effectiveness, and their expectations and strategic plans for the future. We found that while fraud is an increasing concern for most marketers (84%), it’s not a top priority, and the reason for some of this inertia is that it’s a complicated area.”

Babayode digs into more detail on the matter, “Brand marketers’ biggest fraud fear is Traffic Fraud (non-human sources) and performance marketers’ biggest fraud fear is Attribution Fraud (the wrong accreditation for conversions). Both result in the loss of not just money but also trust. Cracking down on ad fraud is, therefore, essential to the long-term health of the industry and to the mobile app market in particular.”

One technology that looks set to play a significant role in the fight against mobile ad fraud is artificial intelligence (AI). By analyzing distribution data such as the IP addresses, geographies, devices and the event timelines associated with installs, AI algorithms can establish a baseline of normal activity and flag any deviations from it. Another use of AI is to score ad publishers and ad networks according to the quality of the clicks associated with their online properties. Using these insights, performance marketers can assess which publishers to blacklist and which to prioritize for their campaigns.

AI tools provide advertisers with a new and powerful weapon in the fight against ad fraud, augmenting existing rules-based approaches that block clicks according to a set of policies, such as a click IP originating from a TOR network. One company that promotes just such a “belt and braces” approach to ad fraud prevention is Interceptd. Owned by App Samurai, Interceptd has just raised $2.4 million in Series A funding.

According to Emre Fadillioglu, CEO at Interceptd, the sheer complexity of the fraud space means that companies should throw everything they can at the problem. “For simple fraud, deterministic rules-based approaches are fine. However, more sophisticated types of fraud require much more sophisticated mitigation, and here AI-based alerts are critical. For instance, Google provides data on app install times, so it’s easy enough for brands to set a rule that excludes all clicks registered after that time to combat click injection fraud. However, such methods are inadequate in detecting more sophisticated types of fraud, such as SDK spoofing. In these cases, the best solution is to combine a wide range of both deterministic and probabilistic alerts so that you can pick up as broad a range of behaviors as possible.”

SDK spoofing presents a difficult challenge to advertisers. Back in 2015, Nestle‘s digital lead in the UK commented that “robots don’t buy KitKats” when discussing the difficulty of knowing whether digital ads are seen by real human beings, or merely manipulated by bots. What makes fraud so much more challenging today is that robots can now appear to make purchases. SDK spoofing exploits real mobile device data to “spoof” installs and even purchases. Looking entirely legitimate for the untrained eye, SDK spoofing can only be identified and prevented by setting up the broadest range of fraud alerts.

Fadillioglu sees this as an arms race, “Fraudsters are highly adaptable, and are continually looking to change tack as new alerts come on the market. The only way to effectively fight mobile ad fraud is to be as flexible as the fraudsters themselves, continually introducing new search parameters and behavioral analysis, and cross-referencing these with existing alerts.”

To enable such flexibility, anti-fraud efforts need to operate in real-time. After all, if brands look only at historic data, they will only be able to identify fraud after the case, i.e., once money has been lost. By analyzing mobile advertising traffic “on-the-fly,” systems like those offered by Interceptd can identify fraudulent activity before the false click reaches Google Play or the App Store, and block the activity before it causes damage.

Effective ad fraud protection not only saves money but helps advertisers understand their exact costs and brands to see the actual size of their customer base. This intelligence can then help these companies hone their ad strategies.

Alperen Akdoğan, performance marketing manager at Marley Spoon, a meal delivery service, makes the case. “Our app is not our main monetization channel; however, it is used to enhance the user experience and further engage our core users. Thus, cost of acquisition is key. Through carefully monitored Cost Per Action and Cost Per Install campaigns based on accurate data, we can safely run the campaigns needed to target our core audience, in an economically sustainable way. Ad fraud protection is an essential ingredient for our acquisition strategy that demands results.”

Mobile ad fraud is only going to become more sophisticated and will cost the industry dearly if not addressed. But by using the full defensive arsenal together with a broad range of alerts, and keeping on top of transactions in real-time, advertisers can seek to reduce or even eliminate fraudulent clicks in the future.