Why is there any fraud?
Connected TV ads are mostly served using what’s known as “server side ad insertion,” which is the most seamless way of delivering video commercials into a streaming environment. When it’s working well, viewers will notice that the commercials appear almost as quickly as any other TV experience. That’s because the ads are processed on the server, ready to load quickly on the screen. It’s particularly helpful when an app has multiple commercials in an ad break; the server can “stitch” together the whole ad pod.
In “direct programmatic” or “private marketplace programmatic,” these server set-ups are run by the most-trusted partners. Hulu, which is owned by Disney, has a server; Amazon has a server; NBC, ViacomCBS, Discovery all have trusted networks running the automated channels.
However, for the portion of CTV ad buys that run through the “open marketplaces,” there is room for trickery. Fraudsters are able to set up server space—server farms are rentable—and they can “spoof” what looks like legitimate ad inventory and sell it on the open market. They spoof internet addresses and device characteristics to make it look like they are selling a viewer in the U.S. who is watching Roku, for example.
“In an instance of 'server side ad insertion,' they can just buy a whole bunch of server space and spoof a whole bunch of apps or a whole bunch of mobile phones or a whole bunch of CTV devices without actually having to buy any hardware or create any malware to infiltrate devices,” Pixalate’s Loechner says.
That’s why this type of CTV fraud is easier than other kinds, where the scammer has to take over millions of devices through malware and then start pinging ad networks to create fake ad calls. That type of ad fraud relies on what’s known as “client side ad insertion,” meaning the ad process is happening directly on an individual device, not off in a server cloud. Both methods are susceptible to fraud, though, just in different ways.
Other market risks
Devices are always susceptible to being gamed by bad actors that get apps approved, and use them to generate fake impressions and ad revenue. “When people buy CTV, they are buying scale. It's scale targeted more and more,” says Zach Edwards, a privacy watchdog and founder of Victory Medium, a data protection firm. “The growth of CTV is actually just the growth of apps that have ads opportunities, and as things move beyond the Hulu and Amazon's of the world, there are growing opportunities to defraud these buyers.”
There are many operating systems, device types, publishers and end consumers to verify. And the industry is developing advanced techniques to understand what’s happening on physical screens and devices to ensure there are real, valuable consumers watching. The detection systems can potentially verify when a consumer is real by the patterns of clicks registered in a CTV app, or how long an ad registered on the screen, and at what resolution.
“Always work with supply partners that select reputable 'server side ad insertion' vendors that support transparency standards,” says Angelos Lazaris, chief data scientist at Pixalate.
One of the signals that traffic is invalid is when a source of ad inventory looks like it uses a combination of methods to serve the ads, blending server side signals and client side.
“Traffic from a supply source for a given publisher should follow an all-or-nothing approach,” Lazaris says. Either all or none of the traffic from a specific supply source and publisher combination should be 'server side ad insertion.'”
How to prevent fraud
One simple answer would be to do direct deals with the trusted partners like Roku, Amazon, Hulu and the rest, who have their own network of DSPs and ad server partners that have been vetted, and can be verified.
“The best ways to protect against that [fraud] is to know and trust the proxy servers that are doing the advertising,” Loechner says. “Essentially, create a list of servers you trust and know have a good reputation.”
Of course, that’s not always possible. Brands want to go to open marketplaces sometimes; it’s like shopping at a flea market versus Rodeo Drive—sure you may find knock-offs, but you may also find a great deal. The trick is to avoid the knock-offs in the open market.
The ad world is working on more transparency tools that help identify when something is sour in the supply chain. IABTech Lab and its partners have developed tags that advertisers and publishers use to certify ad inventory is above board. There are strings of code embedded in the ads and inventory that show buyers and sellers that an ad placement is legitimate. The coding has been catching on in the rest of the digital ad market on desktop and mobile web, but adoption is still coming along in CTV.
IABTechLab’s Shetty says the group is working on a new protocol (well, an old protocol being re-purposed for CTV.) The idea is that the code in the transaction, like ads.txt or ads.cert, can verify when a specific server is an authorized seller of the inventory. If the server does not have the code, think of it like a secret handshake—you shouldn't buy from that server.
The reason these verification tools work is because the fraudsters are using the “server side ad insertion” method, and again, they spook an IP address and device, so they can dress up like premium inventory on, say, Amazon Fire TV. A tag, like ads.txt or ads.cert, will tell if the server spoofing that ad is actually a verified Amazon Fire TV ad seller.
None of these are “silver bullets,” Shetty says. But there are steps to ensuring that every step in that ad supply chain are a little more secure.
And it’s important to remember, as Chalozin says: “The vast majority of traffic on CTV is purchased directly from sellers—Discovery, ESPN, Hulu, YouTube—where there is no way in the middle for a fraudster to just intervene and sell their stolen goods.”