Home Ad Exchange News Fraudsters Locate A New Frontier

Fraudsters Locate A New Frontier

SHARE:

GamingWayne Gattinella, CEO of DoubleVerify, will appear at AdExchanger’s CleanAds I/O conference on June 3, an event addressing inventory quality and supply chain issues in the digital advertising ecosystem.

Because of the high demand for mobile location-based data, it’s a big opportunity for fraudsters looking to game geo-coordinates.

“With more money flowing to place-based advertising, the next life for fraud in mobile ad targeting is spoofing the actual location of the device in order to perceivably attract higher-value dollars looking for place-based targets,” said Wayne Gattinella, CEO of ad-quality verification vendor DoubleVerify.

Elizabeth Alcott, an account director at digital agency Isobar US, said that while she believes device spoofing is by no means running rampant, “in the long run, ads purchased based on [fraudulent] location data will result in reduced conversions, making location data much less valuable to advertisers.”

DoubleVerify’s Fraud Lab is in its sixth year, and while it primarily focuses on desktop display and video, mobile CPM increases will soon draw fraudulent tactics to that channel.

“Location data can be compromised in a number of places,” said Aaron Doades, VP of digital quality solutions at DoubleVerify. “If you are up to something nefarious, you can spoof a location very easily using a proxy or some other mechanism to make it look like you’re accessing the web from wherever it is you want to appear to be.” 

If a publisher provides devices within an advertiser’s specified lat/long range, it passes that bid request through a daisy chain of ad networks. Sometimes that request gets routed to the open RTB market, said PlaceIQ’s VP of data science and technology, Jonathan Lenaghan, which might compromise geocodes, or the string of numbers that identifies a lat/long coordinate.

Because bids are typically higher when there is precise location metadata within the ad request, it becomes increasingly attractive for fraudsters to spoof.

“A bad actor may actually start truncating some of the digits in the lat/long code and should they notice that there are significantly fewer digits in the geocode, they’ll start adding random numbers to the end of the lat/long to make it look more precise,” Lenaghan explained.

And as long as sellers get paid on a per-impression basis, networks are incentivized to deliver as many impressions in as cost efficient a manner as possible, perpetuating the problem.

In some instances a bad actor could game device IDs at the publisher or network-intermediary level by rotating an ID quickly. By cycling through a series of IDs at a rapid pace, it may appear to the demand side that these are different devices. Only close examination of the metadata reveals it’s the same entity and/or location.

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

Lenaghan likened the issue to a game of whack-a-mole.

“A couple of years ago, all you had to look for was an abnormally large number of requests being sent by a given device ID, or a location being responsible for billions of requests per month,” he said. “It’s been fairly easy to filter out this type of bad traffic, but the methods the bad actors are using are getting increasingly sophisticated.”

So what does a marketer in want of clean, uncompromised lat/long data do?

Marketers ultimately want to know how their location data investments helped drive in-store foot traffic and sales, but many are starting at square one – first determining whether they, indeed, reached a real human on the right device in the proper place.

Should an organization lack the resources to deploy an in-house team of experts to monitor metadata associated with location-based bids, cross-referencing these targets with alternative sets of data can help mitigate the issue.

According to Doades, marketers should reconsider complex conversion metrics or, in the case of mobile apps, going beyond the CPM or cost per install.

“Fraudsters will do a lot of things, but they won’t do things that are unprofitable for them,” he said. “When you go back to display and desktop and even mobile, fraudsters won’t be [transacting] because it doesn’t make sense. If they only get a few pennies to steal some impressions, they’re not going to go spend $30 on an ecommerce site.”

Thus, cross-referencing location data with first-party data is a good strategy, as long as things check out on the back end.

For example, in the case of cross-checking mobile app installs, if a marketer pays per install but fails to look seven or 30 days down the line to determine app usage or user retention, it’s incredibly lucrative for fraudsters to inflate downloads when click-based metrics are all that’s measured.

“You might have these big chunks of outliers where it looks like they installed, but never used the app again, when you would expect the average user to be active for 28 days or something,” Doades said. This is an example of where a marketer could use deeper conversion metrics and CRM to verify a finding.

Must Read

Comic: Off-Platform Media

How RMNs Use MFA And Cheap Inventory To Game Attribution Rules

Retail media is built on its attribution quality, but real purchases can be gamed by programmatic metrics and create perverse incentives for RMNs to serve ads across low-quality inventory.

There’s A Lot Wrong With Google’s And Meta’s Non-Transparent ‘Refund’ Practices

Google and Meta are playing with fire. Their opaque refund practices have already exposed them to customer blowback – and could lead to class-action lawsuits by disgruntled advertisers.

Comic: The Great Online Privacy Battle

How US Intelligence Agencies Buy And Use Programmatic Data For Surveillance

Mike Yeagley, an independent contractor who has scouted and acquired commercial data and technology on behalf of intelligence agencies, is one of the earliest evangelists of using ad tech tracking information to identify and surveil government targets.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters

Comic: The MFA Cafe

Adalytics Report Torches Ad Tech For Touting MFA Prevention While Scarfing MFA Supply

Practically every ad tech vendor has put out a press release in recent months full of bluster about cutting out made for advertising sites – and yet supply sources remain oversaturated with garbage inventory.

Cloud-Based Collaboration Is Ad Tech’s Post-Cookie Lifeline – But Will It Last?

Cross-cloud data collaboration technology is the best bet for a post-cookie solution. But it’s vulnerable to similar privacy concerns.

Topsort Raises $20 Million To Seize The Post-Cookie Market Opportunity This Year

Topsort raised $20 million, with plans to seize the 2024 opportunity for post-cookie ad tech.