年网络广告流量欺诈报告

1、Table ofContents HYPERLINK l _TOC_250017 ofContents HYPERLINK l _TOC_250016 ASpecialThanktotheANAMemberCompanyParticipants HYPERLINK l _TOC_250015 ALetterfromtheAuthors5 HYPERLINK l _TOC_250014 AbouttheStudy6 HYPERLINK l _TOC_250013 TheSizeandScopeoftheStudy7 HYPERLINK l _TOC_250012 MajorFindings8Pr

2、ojectedFraudLossesin2019byCategory9HowtheIndustryHasMadeTheseGainsAgainstFraud HYPERLINK l _TOC_250011 TheBestBuyersAreDoingBetterthanEver HYPERLINK l _TOC_250010 StillHardtoKnowWhatBuying11 HYPERLINK l _TOC_250009 TheGood12FraudVolumesAreGrowinginNewerFrontiers,SuchasMobileand12But Reductions in De

3、sktop Fraud Prove This Fight Is WinnableStructuralImprovementstotheFightAgainstFraud13MoreMoneyIsNowBeingSpentThroughPlatformswith15Built-In Fraud Prevention Measures HYPERLINK l _TOC_250008 TrafficVendorsGoUnderground16 HYPERLINK l _TOC_250007 CybersecurityMeasuresLikeAds.txtHaveReducedDesktopSpoof

4、ingTheFormationofIndustryCoalitions19 HYPERLINK l _TOC_250006 TheBad HYPERLINK l _TOC_250005 LessthanHalfofAllImpressionsAreTransparentlyValidatable HYPERLINK l _TOC_250004 MostVideoAdsStillDontSupporttheGoldStandardinTransparency HYPERLINK l _TOC_250003 TheQualityofIndependentMonitoringIsStillIncon

5、sistent HYPERLINK l _TOC_250002 OutdatedTechnology HYPERLINK l _TOC_250001 TechnicalLimitations HYPERLINK l _TOC_250000 WalledGardens242HumanError25IntentionalEvasion25InPractice,High-FidelityValidationIsSurprisinglyUneven25TheFrontiersinFraud26FraudontheMobileEasyDo,HardProfit26In-AppFraud:Growinga

6、ndInnovative26Server-SideInsertion(SSAI)27ConnectedTV(CTV)27Recommendations28StepstotoReduceFraud28StepstotoIncreaseMeasurabilityFraudGlossary:AnExhaustiveListAbouttheStudyPartners38AbouttheANA38AboutWhiteOps383ASpecialThankYoutotheFollowing ANAMemberCompanyParticipants4ALetterfromtheAuthorsThisisou

7、rfourthBotBaselinereport,andinsomeimportantthingsarebetterthanthey haveeverbeen.Illegitimatetrafficsourcingisdeclining.Lesssophisticatedcybercriminalshave abandonedtheirfraudschemes.Industrycoalitionshaveformedtocombatmoresophisticated threats.Advertisersarespendingmoreonchannelswithrobustfraudprote

8、ctionmeasures.areseeingourfoundingfaithturnintovalidatedfact:thebattleagainstfraudiswinnable.thebattleisnotwonyet.fraudpersistsincreativeforms.Everycybercrime becomes more advanced, evolving in response to the selection pressure of fraud detection practices. saw this clearly with the fraud operation

9、s that implemented sophisticated tag evasionaswellasIPhijacking-wheregroupsofIPaddressesweretaken-tobypasssecurity measures.Thoughtransparencyissueshavealwaysplagueddigitaladvertising,theyhavebecomemore pressing than In this report, we reveal the importance - and pervasiveness - of the limitationsin

10、completethird-partyauditabilityofadimpressions.Nowisthetimeadvertiserstopushtheabilitytoholdalladimpressionstothesamehigh standardofvalidatability.ImagineifeveryCAPTCHAontheinternetwasthesame.Itwouldnt workverywell.ValidationwithonlyapixelislikeservingaCAPTCHAthatneverchanges.Onlyadynamicchallengeca

11、nbeusedtocatchadynamicadversary.1Despitethesechallenges,weareoptimisticaboutthefuture.Ads.txt,andthereductioninspoofing itachieved,hasproventhepowerofindustry-widecooperation.Federalindictmentssuchasthe ones handed down the 3ve and Methbot operations demonstrate that cybercriminals can be heldaccoun

12、table,andfacerealconsequences,theiractions.Asanindustry,wenowhavethemomentum,ifwepersevere,tofixthefraudprobleminadeeply meaningfulbelievethatmarketerscanhelpbringaboutafuturewhereadfraudisnot profitableenoughtobeworththerisk.Michael TiffanyCo-Founder and President, White Ops1ACAPTCHAisaprogramorint

13、endedtodistinguishhumanentitiesfromthosethatareautomated;typicallythisis amethodtopreventspamandautomatedextractionofdatafromwebsites.5About theStudythefourthtime,WhiteOpsandtheANAhavepartneredtomeasurebotfraudin thedigitaladvertisingPreviousstudiesmeasuredbotfraudinthedigital advertising in August/

14、September 2014, August/September 2015, and November/December2016.Inthelatest50ANAmembercompaniesparticipated.WhiteOpsworkedwithbrand advertisersandtheiragenciestoanalyzedigitaladvertisingactivitydatabetweenAugust2018andSeptember30,2018.MeasurementsoffraudintheglobalmarketplacearederivedfromWhiteANAs

15、tudyparticipantdata.In this years Bot Baseline, we share:BaselinemeasurementsofSophisticatedInvalid(SIVT),2excludingSIVTthat thwartedorotherwisenotpaidInitialmetricsofthemeasurabilityandauditabilityofallthedigitalmediapaidstudyparticipants,illustratingtheuphillbattlefulltransparency.Practicesrelated

16、tothedetectionandpreventionofdigitaladfraud.Recommendationsonbestpracticesthatwillhelpadvertisersprotectbudgets ensuringtheiradvertisingdollarsarenotstolenfraudsters.2GeneralInvalidTraffic(GIVT)includesknownnon-humanorfraudulentsourcesthatcanbeidentifiedwithindustrylistsliketheIABBotsandSpiders List

17、orparameter-baseddetectiontechniques.SophisticatedInvalidTraffic(SIVT)includesinvalidtrafficthatispurpose-builttoevadedetection.6TheSizeandScopeoftheStudyOfthe50ANAmemberparticipantsinthecurrent26contributeddatatoBot Baseline reports. Eleven have participated in all studies, nine participated in thr

18、eestudies,andsixparticipatedintwostudies;theremaining24participatedthe firsttime.Ourstudyexaminesadvertisingbybrandmarketers.Itdoesnotincludesearchorsocialmediacampaigndata.50Participants2,400Campaigns130KPlacements606KDomains27BImpressions27B7MajorFindingsFortheFirstTime,MoreFraudWillStoppedThisYea

19、rthanWillSucceedfraudattemptsamountto20to35percentofalladimpressionsthroughout thebutthefraudthatgetsthroughandgetspaidnowisnowmuchprojectlossestofraudtoreach$5.8billionglobally3in2019.Inourpriorprojectedlossesof$6.5billion2017.That11percentdeclineintwoyearsisparticularlyimpressiveconsideringthatdig

20、italadspendingincreasedby25.4between2017and2019.Adetailedbreakdownbydeviceandmediatypeisonthe nextpage.thefirsttime,themajorityoffraudattemptsaregettingstymiedtheyare paidbyDSPsandSSPsfilteringfraudulentbidrequests,byclawbacks,orbyother preventativemeasures.Absentthosemeasures,lossestofraudwouldhave

21、grownto at least $14 billion annually.Fraud is an evolving threat. Fraud rates have been growing in new formats, andcontinuedvigilanceisneeded.Butthereisnodenyingthestructuraltheindustryhasmadeinthisfight.3Lossestimatesarebasedstrictlyondigitalspendinginthecategoriesincludedinthestudy:video,display,

22、andotherCPMformatsdesktopand mobiledevices.8ProjectedFraudLossesin2019byCategory4Desktop Study Sample Size: 13.6 Billion Impressions8%Displaydownfrom9%in201714%Video5downfrom22%in12% OtherRich Media, Takeovers, etc.Mobile Study Sample Size: 13.5 Billion Impressions3%Display8% In-AppVideo14%Video7%Ot

23、herFraudratesexcludesocialmediaandsearch.Asinprioryears,videostillshowsmorefraud.9HowtheIndustryHasMadeAgainstFraudAnti-fraudmeasureshavemadetrafficsourcingmoredifficultandexpensive.Thanks to traffic sourcing transparency efforts led by the Trustworthy Accountability Grouptrafficvendorshavegonefurth

24、erunderground,reducing“retail”botbuying ontheopenAds.txthasreduceddomainspoofing.6 Additionally,requirespublisherstohavecompleted ads.txt files if they want to be Certified Against Fraud.moredollarsarenowbeingspentthroughprogrammaticplatformswithfraud preventionmeasures.Arrests,likethoseofthealleged

25、mastermindsbehindthe3veandMethbotoperations, havebroughtrealconsequencestobotnetsoperatingoverseas.TheBestBuyersAreDoingBetterthanEverInourfirststudyin2014,fraudeveryone,thosewithstraightforwardmediaplans and very sophisticated ones alike.Thiseverybuyerinthestudyknewaboutfraudrisk;90percenthadMRC-ac

26、credited fraud verification measures in place to deal with this risk.Performancewaslooselycorrelatedwithstudyparticipation;long-timeparticipants performedbetterthantheydidinpreviousyears.thetopquintileofbuyers,fraudwasnearlynonexistent.discrepancies betweenadserverimpressionsnumbersandverificationim

27、pressionsnumberswere presentthemostsophisticatedbuyers.6Ads.txt,createdbytheIAB,standsAuthorizedDigitalSellers.Themissionofads.txtistoincreasetransparencyintheprogrammaticadvertising ecosystem.Itisasimple,flexible,andsecuremethodthatpublishersanddistributorscanusetopubliclydeclarethecompaniestheyaut

28、horizetosell their digitalinventory.10ItsStillTooHardtoKnowYoureBuyingTheabilitytoholdalladspendingtothesamehighlevelofvalidatabilityshouldbeone ofmarketerstopconcernsin2019.Thetimehascomemarketerstostoptoleratingandstoppayingoutdatedmediaformatslike2thatcannotsupporthighestlevelsofthird-partyvalida

29、tion.Bysellingmediaunderconditionsthatdonotsupporthighthird-partyvalidation,trustworthymediacompaniesareessentiallypartoftheproblem,sincethevastseagoodbutlow-transparencyinventoryprovidestheinventorysoldunder the sameformats.Frauddetectionandpreventionareonlyasgoodastheirimplementation.LowInvalidTra

30、ffic (IVT)7 measurements do not provide a full picture when half of a media planis highly validatable with accredited third-party, dynamic JavaScript verification,buttherestiscoveredbyamixofhalf-measureslike1x1pixels,list-basedprotections, andlimited,staticintegrations.Case Study: Trading Desk Video

31、OneCPGparticipant44 million video impressions fromanagencytradingdesk.Of the 44 million impressions, only48percentatthehigheststandard,witha dynamic fraud test served via JavaScript.7 Invalid Traffic is often referred to as Non-Human Traffic (NHT). It is the total of General Invalid Traffic (GIVT) a

32、nd Sophisticated Invalid Traffic (SIVT).11The GoodNewsFraudVolumesAreGrowinginNewer Frontiers,SuchasMobileandOTT,But ReductionsinDesktopFraudProveFight IsWinnableThe rates for desktop ad fraud were the lowest in the history of the Bot Baseline study.Strides have been made in desktop display, where b

33、uying undetectable bot traffic is becomingtooexpensivetobeprofitable.Fraudindesktopdisplaywas11percentin9percentinand8percentin201819.Thisiswin:iftheindustrycybercrimeunprofitable,cybercriminalswill losetheincentivetoinadfraud.Case Study: Nonprofitmillion display impressions fromacentury-oldnonprofi

34、torganization,just 22 percent validatable at the highest 12StructuralImprovementstotheFightAgainstAdFraudInthefiveyearssinceourfirstadspendinginthecategoriesmostvulnerableto fraudvideoanddisplayadvertisingacrossdesktopandmobiledeviceshasmoredoubled,8 but losses to ad fraud have not. Increased awaren

35、ess of the problem among marketersraisedthepriorityofdealingwithit,andleadersthroughouttheindustryhave risentothechallenge.First,thisslowedthegrowthofadfraud.thefirsttime, areprojectinglossesthisyeartobesmallerthaninthefirstyearofourDollars lost to ad fraud year over yearDollarsLosttoFraudDollarsLos

36、ttoFraud($B)Projected fraud losses globally$6.3$7.1+13%$6.5$6.3$7.1+13%$6.5-8%$5.8-11%20142015201720198 PWC Global Entertainment & Media Outlook 2018-22.13Therearefivereasonsthatadfraudhasdropped inthelastyear:Advertisers are directing moreoftheirmoneythrough buying channels with dedicated, independ

37、entprevention measures, an option that wasnt available atthetimeofourfirstBuying bot traffic has becomeharder.Manybot trafficvendorshavedrivenoutofbusinessor gone underground, reducing theonce-prevalent availability of bot traffic sold on the open web to anyone with a credit card.Buyingbottraffichas

38、 become moreexpensive.The market price sophisticated bot traffic has risen, limiting the arbitrage opportunity buyingvisitorsandthem enough ad units to make aprofit.Initiativeslikeads.txthave helped to reduce desktop spoofing,with78percentthetopvolumedomainsin thestudyusingads.txtfiles to prevent th

39、eir inventory from being successfully spoofedbythetimeofour study.Consequences are changing the incentives perpetratingfraud.business ofcommittingad fraud has become significantly riskier, as shown by a number of arrests in the last year something that nobody wouldhavedreamedwould happenjustayearsCy

40、bersecurity companies, industry experts, and governments have come together to dismantle fraud infrastructure and take down botnets and their operators.14More Money Is Now Being Spent Through Ad Tech Platforms with Built-InFraudPreventionMeasuresSince advertisers have moved more money into channels

41、with built-in fraud prevention measures. In years past, it was commonplace ad platforms to rely on theirownhomegrownandsecuritymeasures;theywereallin-house,withcoordinationbetweenplatforms,varyingwidelyinresourcesandUltimately,they weregradingtheirownhomework.in contrast, there are third-party secur

42、ity firms treating fraud-fighting as a dedicatedfunction.Whensecurityisseparatedfromaudienceandmediaintelligence, collaborationacrossplatformsbecomessubstantiallyeasiertoscale.Thesehelpmarketersavoidbiddingoninvalidtrafficbydefault,withoutextraeffort.BreakoutofBotBaselineparticipantswhoemployfraud v

43、erificationmeasures:10%90%Use fraud services10%90%Donotusefraudservices15Traffic Vendors Go UndergroundItusedtobeeasytobuyhigh-qualitybottraffic.Inpastyears,discovered traffic vendors selling traffic by verification “filter,” tuned to look good to different measurementvendors.Trafficaggregatorskeptt

44、rackofthebotvarietiesflaggedas suspiciousorlowqualitybycertainadvertisingmeasurementorverificationensuringtheycouldonlyselltrafficthatwouldgoundetectedbybuyers.NotoriousthreatactorgroupKovCoreGexploitedthistomonetizethemalware, infecting millions of machines in the aggregate while making the majorit

45、y of their earnings off the freshest million infections at any given time. Traffic from freshly infectedcomputersthehighestprice.Olderinfectionsweresold“tonnage” onlow-CPMadcampaignswithlittleornoadverification.Thispattern,adoptedbymost of the top-tier fraud operators, created the appearance of frau

46、d protection without tippingtheapplecartofwidespreadtrafficsourcing.Butthisarepleasedtoreportthebeginningofaturnaround.Itisstillpossible to buy sophisticated, realistic bot traffic, but it has become far more expensive and harder tosource.Two forces have upended this model:Aswithmajorbotnetshave bee

47、ndismantled.Whenagetsdismantled,itstraffic,nothequality,cannotbesoldanymore.Theextraordinaryledbyshine a light on traffic sourcing has severely reduced demand low-quality traffic vendors that arecaughtsellingbottraffic.16Retail vending of bot traffic on the open web has substantially diminished.Real

48、isticbottrafficusedtobeaccessibletoanyonewithacreditcard.more ofthesophisticatedbot-buyinghasbeenunderground,toinvitation-only forumsortransactionsmadechatapps.Thatrequiresamoresophisticatedbuyer. You can still buy sophisticated, nearly undetectable bot traffic, but it is harder,which diminishes its

49、 scale.Over the Bot Baseline studies, the volume of paid traffic acquisition has increasedbyasmallpercentageoftotaladtraffic;bottraffichasdecreased substantially. This is not just good advertisers. It is also good all the legitimate audience aggregators who can send real people to publishers paying

50、handsomelytoreachawideraudience.CaseStudy:PubliclyCompanyA CPG participant102millionimpressionsfrom apubliclytradedthe102millionjust 34 percent (35 million) validatable at the higheststandard.17CybersecurityMeasuresLikeHaveReducedDesktopSpoofingAds.txthashadaparticularlypositiveimpactondesktopvideo.

51、Thisthatwith widespreadimplementationofcreativesecuritysolutions,theindustrycanpushagainst adfraud.Ads.txt was introduced in 2017 by the IAB in an attempt to curb spoofing, the practiceofprogrammaticbidrequeststoappeartocomefromwell-knowndomains.theRTBequivalentofsellingknockoffdesignerhandbags.With

52、ads.txt,asimpletexthostedbyapublisherswebserverlistsallcompaniesauthorizedtosellitsadinventory, whileprogrammaticplatformsincludeafilethatconfirmsthepublisherinventorythey arepermittedtosell.Thissimplebutelegantsolutiongivesbuyersmoreclarityonthe companiesallowedtosellapublishersinventory.During our

53、 study, 78 percent of the overall study volume was covered by ads.txt, with14percentofalldomainshavingpublishedavalidads.txtfilebythetimeoftheThisthatthereisalongwaytogotobringthelongtailofdomainsintotheprogram.Butatthecurrentstateofadoption,amajorityofadimpressionsonthe webarenowbeingPercentage of

54、overall study volume covered by ads.txt22%78%Covered by ads.txt Not covered by ads.txt22%78%18The Formationof IndustryCoalitionsThere is mounting evidence that fraud elimination works best when we as an industrywork together. saw this with the implementation of ads.txt, which has significantly contr

55、ibutedtothedeclineofdesktopspoofing.manylargerplatformshavepartnered withcybersecurityexpertiseoutsidetheirownorganizationstostopinvalidtrafficpriorto auction.Themorepublishersandplatformsimplementads.txtandothercybersecuritymeasures, thegreaterthechancethatcybercriminalswillbedeterred.Thisisprecise

56、lywhythetheandtheIABareco-foundersoftheTrustworthyAccountabilityGroupa cross-industry nonprofit focused on fighting criminal activity like advertising fraud.Cooperation proved essential in the takedown of 3ve, one of the worlds most advancedadfraudoperations.Thewide-scaleinfectionfootprintof3vecover

57、edmillionsofinternet- connected devices, with a million under control at any one time. It could not be eliminated by any single entity. Taking it down and indicting the alleged perpetrators required industry collaboration, dubbed Operation Eversion, spanning advertising platforms,securityexperts,and

58、governmentagencies.19The BadNewsThedecreaseinadfraudisareasoncelebration.Lessfraudmeanslessrevenuelostto cybercriminals.Increasedimplementationofcybersecuritydefenses,raisingthecostand riskofthecrime,hashelpedtodissuadesomewould-befraudstersfrompursuingthisof cybercrimealtogether.thedigitaladindustr

59、ystillhasalongwaytogoadfraudiscompletely eliminated.Themostimmediateandfixableissuetheadvertisingindustryfacestheincrediblyunevenauditabilityofadcampaignsacrossformatsandenvironments. Ashockinglylargepercentageofvideoadvertising,instance,issoldstrictlyinthe outdated2format,withaverylowlevelofthird-p

60、artyvalidatability,whileother publishers are bending backwards to provide full, dynamic, audited JavaScript executionfromaccreditedthirdparties.Ineffect,differentpublishersarebeingheldtodifferentstandardsofwithverylittlemarketerawareness.Buttransparencyisfarfromtheonlychallenge.Assawwiththebotnetbot