Rob Norman's recent Ad Age op-ed argued that the real cost of ad fraud to marketers was signficant but not anywhere near as bad as the headlines suggest. Publishers suffer "zero direct loss," he wrote.
Let's get on the same page.
We must differentiate good publishers -- i.e. the sites you've heard of, like ESPN.com, WSJ.com, WashingtonPost.com, etc. -- from other sites that carry ads -- e.g. 000000000.com, wkexsfmw.com, etc. Those sites can never, ever be found or visited by humans. So where do they get their traffic? Right. Bots, or euphemistically "NHT," for non-human traffic. One hundred percent of the traffic to these sites comes from bots. But yet, it's not so obvious in the campaign reports on which marketers rely. Why? 1) Campaign reports often don't show line item details of where the ads ran." 2) Bad guys with domains like wkexsfmw.com cover their tracks by pretending to be good site like ESPN.com. And 3) the traffic they buy can pass all fraud filters, because the bad guys have A/B tested their bots and are sure they will get marked as not NHT (i.e. clean).
Good publishers, meanwhile, suffer large economic losses due to ad fraud. There may not be a lot of bots on the publishers' own sites, as the DCN/White Ops study showed in 2016. But the bots collect cookies from these good sites and they go elsewhere to cause ad impressions to load. This is how they divert ad revenue away from good publishers. As long as media buying firms continue to buy low-cost inventory, they continue to send more money directly into the pockets of cybercriminals. Creating real content that real humans want to read is costly and time consuming. Fake sites have no such content costs and their traffic is entirely generated by bots. That's how they can sell at super low ad rates.
But mobile fraud is rampant because it is super simple: Bad apps are loading tons of ads in the background when the app or device is not even being used by the users, and fake mobile devices simulated in data centers are downloading and installing apps and then opening them every day and interacting with them to trick all fraud detection algorithms.
Finally, context is super important. The $7.2 billion in fraud reported by ANA/White Ops in 2016 needs to be divided by right denominator. It is not 11% fraud -- from $7.2 billion divided by $70 billion or so in digital ad spending last year (extrapolated from PricewaterhouseCoopers/IAB's first-half report). That ANA/White Ops study did not measure search ads (or "other"), only display, which was likely $28 billion. And it did not measure display ads on Facebook or Google Adwords, because third party measurement was not permitted -- so you have to subtract some $16 billion from the $28 billion. The $7.2 billion should be divided by $12 billion (display ads outside of Facebook and Google properties), which means 60% fraud.
Fraud is not $1 billion "or possibly far less" and it's not 2%. It's "2% and on-the-wane" because we can't measure it and the bad guys' bots are better at hiding. These large industry-wide numbers are meaningless. What matters is the fraud impacting your campaigns. Advertisers that are vigilant will suffer less loss to fraud. Ones that are not, suffer greatly.
A concerted effort among advertisers, agencies, and publishers is the only way to advance our position in this complex battle against the bad guys.