Brands shouldn’t be stymied by connected TV ad fraud
In the world of connected TVs, where people are streaming content through Roku, Amazon, Xbox, PlayStation and others, one of the best ways of serving commercials is also one of the easiest to corrupt, which has led to an emerging form of digital thievery.
The scams have been well-documented through reports of internet fraudsters hijacking the systems that carry video ads to connected TVs. WhiteOps uncovered IceBucket; Oracle identified StreamScam; DoubleVerify found SneakyTerra; and Pixalate discovered a CTV scheme it labeled Dicaprio. These cases all involve schemes that spoof CTV ad impressions, using a few of the most well-known tactics, like infecting devices with malware to turn them into ad-viewing bots. But there is another growing trend, too, that doesn’t require infecting devices or creating fake apps. Fraudsters can set up servers that create completely fake ads, spoofing millions of ad orders from connected TVs to snare unsuspecting brands.
Depending on whom one asks, there is either an infestation of fraud in one of the hottest digital ad markets going, or it’s a little hype to scare advertisers into upgrading their fraud protection packages. The answer lies somewhere in between: Connected TVs are susceptible to fraud, but there also are ways for brands to protect themselves.
As brands plan their ad commitments for the annual upfront and NewFront marketplaces, with the expectation of shifting more dollars into CTV, it's important to understand just how prevalent fraud is in the ecosystem and how to avoid it.
The main way to avoid the fraud trap are basic: Know your ad tech channels, know the partners that make ad inventory available in automated exchanges, and, as always, trust but verify.
What is happening?
“2020, it’s not a surprise, that legit changed things, not just in the world, but in connected TV advertising,” says Tyler Loechner, senior marketing manager at Pixalate, a fraud protection provider in the digital ad market. “We’ve all seen the numbers that CTV really took off last year.”
“As advertisers are spending more money, they start to ask more questions about what’s happening with that money,” Loechner says.
Indeed, viewers and money are flowing into connected TV, and that trend accelerated during the pandemic because more brands wanted flexibility when planning ad campaigns. Instead of locking in money to predictable, but less-flexible, deal terms for TV, advertisers wanted more options.
More people are watching video on their living room screens through Roku, Apple TV, Amazon Fire and the like. In 2020, CTV ad spend grew 27% year-over-year to $8.11 billion in the U.S., according to eMarketer. The market will grow another 40% this year, the research firm says. At the same time, traditional TV ad spending is dropping, down 9% year over year to $66.8 billion in 2020, according to Kantar. And that gap is only expected to continue to shrink.
Look only to Amazon, which secured the first digital-only rights to stream National Football games on Thursday nights, starting in 2023, to see where the viewership is heading.
How big a problem is fraud?
The risk of CTV fraud is small, but brands are still concerned, says Tal Chalozin, chief technology officer at Innovid, a video marketing platform that works closely with media companies and brands in CTV advertising.
“Even if we know that the percentage of fraud is not massive, all of that noise slows the movement of dollars from linear TV, which is a closed environment, to CTV, which has at least the potential to be fraudulent,” he says.
Even with that $8.11 billion in CTV last year, only a small fraction was susceptible to fraud. That’s because most of the advertising is sold directly from the platform or publisher. So Roku, Amazon, Hulu, ViacomCBS, NBCUniversal and Discovery are, for the most part, selling through old-fashioned insertion orders that don’t rely on the open programmatic pipes that are vulnerable to fraudsters. Chalozin says that 75% of CTV is sold this way.
The rest of the CTV ad space, about 25%, is sold programmatically, but most of that is done securely, too. Buyers arrange ad campaigns to run through what are known as demand-side platforms, or DSPs, which automate the campaigns and find inventory in closed marketplaces that are controlled for fraud. This programmatic method is called “private marketplace programmatic” and “direct programmatic.”
Then there is “open programmatic,” which is where the fraud happens. “We’re hearing from publishers and buyers that they’re not seeing that much [fraud] because CTV is mostly directly sold and in controlled environments,” says Amit Shetty, VP of programmatic ads and partnerships at IABTech Lab, a division of the Interactive Advertising Bureau, the digital ad industry trade group. “It is a real problem mainly in the open auction scenario. If we really want this space to grow we will need to make sure we control that.”
This week, Pixalate published a report which found that the open programmatic market more than doubled in 2020. “The percentage of fraud in that slice of the market was 24% of every impression,” a Pixalate representative said by email, following the report’s release. “The data in our report come from our datasets, which consist predominantly of open auction programmatic traffic sources. As we’ve noted before, such [fraud] rates would not be expected to be as high in a premium, closed-buy inventory channel.”
Why is there any fraud?
Connected TV ads are mostly served using what’s known as “server side ad insertion,” which is the most seamless way of delivering video commercials into a streaming environment. When it’s working well, viewers will notice that the commercials appear almost as quickly as any other TV experience. That’s because the ads are processed on the server, ready to load quickly on the screen. It’s particularly helpful when an app has multiple commercials in an ad break; the server can “stitch” together the whole ad pod.
In “direct programmatic” or “private marketplace programmatic,” these server set-ups are run by the most-trusted partners. Hulu, which is owned by Disney, has a server; Amazon has a server; NBC, ViacomCBS, Discovery all have trusted networks running the automated channels.
However, for the portion of CTV ad buys that run through the “open marketplaces,” there is room for trickery. Fraudsters are able to set up server space—server farms are rentable—and they can “spoof” what looks like legitimate ad inventory and sell it on the open market. They spoof internet addresses and device characteristics to make it look like they are selling a viewer in the U.S. who is watching Roku, for example.
“In an instance of 'server side ad insertion,' they can just buy a whole bunch of server space and spoof a whole bunch of apps or a whole bunch of mobile phones or a whole bunch of CTV devices without actually having to buy any hardware or create any malware to infiltrate devices,” Pixalate’s Loechner says.
That’s why this type of CTV fraud is easier than other kinds, where the scammer has to take over millions of devices through malware and then start pinging ad networks to create fake ad calls. That type of ad fraud relies on what’s known as “client side ad insertion,” meaning the ad process is happening directly on an individual device, not off in a server cloud. Both methods are susceptible to fraud, though, just in different ways.
Other market risks
Devices are always susceptible to being gamed by bad actors that get apps approved, and use them to generate fake impressions and ad revenue. “When people buy CTV, they are buying scale. It's scale targeted more and more,” says Zach Edwards, a privacy watchdog and founder of Victory Medium, a data protection firm. “The growth of CTV is actually just the growth of apps that have ads opportunities, and as things move beyond the Hulu and Amazon's of the world, there are growing opportunities to defraud these buyers.”
There are many operating systems, device types, publishers and end consumers to verify. And the industry is developing advanced techniques to understand what’s happening on physical screens and devices to ensure there are real, valuable consumers watching. The detection systems can potentially verify when a consumer is real by the patterns of clicks registered in a CTV app, or how long an ad registered on the screen, and at what resolution.
“Always work with supply partners that select reputable 'server side ad insertion' vendors that support transparency standards,” says Angelos Lazaris, chief data scientist at Pixalate.
One of the signals that traffic is invalid is when a source of ad inventory looks like it uses a combination of methods to serve the ads, blending server side signals and client side.
“Traffic from a supply source for a given publisher should follow an all-or-nothing approach,” Lazaris says. Either all or none of the traffic from a specific supply source and publisher combination should be 'server side ad insertion.'”
How to prevent fraud
One simple answer would be to do direct deals with the trusted partners like Roku, Amazon, Hulu and the rest, who have their own network of DSPs and ad server partners that have been vetted, and can be verified.
“The best ways to protect against that [fraud] is to know and trust the proxy servers that are doing the advertising,” Loechner says. “Essentially, create a list of servers you trust and know have a good reputation.”
Of course, that’s not always possible. Brands want to go to open marketplaces sometimes; it’s like shopping at a flea market versus Rodeo Drive—sure you may find knock-offs, but you may also find a great deal. The trick is to avoid the knock-offs in the open market.
The ad world is working on more transparency tools that help identify when something is sour in the supply chain. IABTech Lab and its partners have developed tags that advertisers and publishers use to certify ad inventory is above board. There are strings of code embedded in the ads and inventory that show buyers and sellers that an ad placement is legitimate. The coding has been catching on in the rest of the digital ad market on desktop and mobile web, but adoption is still coming along in CTV.
IABTechLab’s Shetty says the group is working on a new protocol (well, an old protocol being re-purposed for CTV.) The idea is that the code in the transaction, like ads.txt or ads.cert, can verify when a specific server is an authorized seller of the inventory. If the server does not have the code, think of it like a secret handshake—you shouldn't buy from that server.
The reason these verification tools work is because the fraudsters are using the “server side ad insertion” method, and again, they spook an IP address and device, so they can dress up like premium inventory on, say, Amazon Fire TV. A tag, like ads.txt or ads.cert, will tell if the server spoofing that ad is actually a verified Amazon Fire TV ad seller.
None of these are “silver bullets,” Shetty says. But there are steps to ensuring that every step in that ad supply chain are a little more secure.
And it’s important to remember, as Chalozin says: “The vast majority of traffic on CTV is purchased directly from sellers—Discovery, ESPN, Hulu, YouTube—where there is no way in the middle for a fraudster to just intervene and sell their stolen goods.”