Exchange Fraud Prevention Should Be Simple: Sellers, State Your Name

by Andrew Casale, VP Strategy

In spite of a flourishing programmatic marketplace, with all the benefits it provides buyers for targeting key audiences with the figurative push of a button, there’s one pervasive, very expensive problem: fraud.

I’m talking about counterfeit websites and bogus traffic that lurks within open exchanges. It has given rise to an entire cottage industry for its prevention and sent a few folks packing – GroupM just announced it would exit the open exchange at the end of the year (although it appears to have pulled back somewhat on that harsh stance).

The brass ring on this unregulated, risky ride is a solution within the pipes themselves that hampers fraud without throwing up more barriers, technologically or monetarily, for either buyers or sellers. And because we haven’t heard of such an obvious solution as of yet, the industry is dragging its heels on a very important – and, in the long run, much more costly – problem.

We hear all the time that the only way to curb industrywide fraud is to “follow the money.” The problem is, we haven’t taken a single step toward actually following the money. Bad actors on the supply side are surviving and thriving, with few repercussions when they’re outed. People compare fraud detection to a game of Whac-A-Mole for good reason. Bad actors are aggressive and can be very difficult to track. And even when you root them out, it’s far too easy for these people to set up shop again, this time a little wiser and better at their craft.

In one case, you have a cookie-cutter website with high-traffic volume, nearly all of which comes from bots. Another theme is mislabeled impressions. Domain names can be spoofed easily – for example, a piracy site might fly under the radar with the domain of a reputable newspaper, bypassing the value of whitelisting. To solve for the first variety of fraud, we add sites to blacklists. For the second, we strike sites from whitelists. But in either case, if you find 100 of these sites and clamp down on them, 100 more will pop up tomorrow. Worse, legitimate sites may get blacklisted because of a high incidence of fraud, not because of their own impressions but because impressions bearing their name were spoofed, harming the reputation of the innocent.

The simple solution for fraud is an updated model whereby, in order for an impression to be placed for bid by an exchange, the exchange should be required to expose not just the domain name connected to it, but also the name that’s actually going to be on the seller’s paycheck. The introduction of this simple criterion would address and curtail fraud before, not after, the buy.

The industry has focused far too much energy on blacklisting or whitelisting domains, both of which can and are continuing to be easily gamed. Being that these are the strongest defenses for buying media across the open market, and both methods can be circumvented, fraud is effectively undermining the entire protocol. A far more efficient way to stop fraud is to blacklist suspicious sellers themselves. Think of the way these actors operate: The payee behind a faked impression can probably be traced to a faked impression. The payee behind a bogus website with bot-ridden traffic can probably be linked to 100 other bogus websites. If you call out the payee, you call out the entire counterfeit network around them. That’s how we can actually start to follow the money – via a payee ID.

Unlike the Whac-A-Mole method of hacking away at bogus sites and audiences as they become known, identifying payee names within the exchanges will give bad actors pause and hamper their spread. It raises the barrier of entry to a far more inconvenient height for anyone that today is gaming the system with domains. It’s very easy to set up a domain. It’s also proving all too easy to spoof a domain. It’s much harder to accept payments under different names and gain access to exchanges under alternate identities. Compare the ad exchanges to the stock exchange: It’s very hard to counterfeit a stock. It’s too easy to counterfeit a domain.

The ad marketplace needs some other means of providing the same transparency. The bid request and response transaction between exchange and DSP is a binding deal. Doesn’t the buyer deserve to know where their money is going?
The barriers to adding payee ID to the information listed in the exchange are negligible. On a technical level from the exchange perspective, adding an addition criterion to the 30 we already submit to DSPs today is trivial. Sellers might object, citing confidentiality privilege. But in this case, they don’t hold the trump card: Certain buyers can just as easily refuse to make a buy from a seller that won’t reveal the name on the check.

For legitimate publishers, payee ID will only help them. Publishers only stand to lose by indirectly protecting the identity of bad actors. Dropping the veil of secrecy in the exchanges will create a new sense of trust from the buy side – and the benefits will be immense.

The current paradigm today in the open market is buyer beware. The domain may be, but payment may not actually go to Google. This shouldn’t be buyers’ problem to figure out.
GroupM has given exchanges six months’ notice. Let’s do something before we run out of time.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s