This article was originally published on AdExchanger
Although White Ops estimated that Methbot siphoned $3 million to $5 million per day from advertisers, fraud where domains are falsified carry a hidden price tag that costs the industry much more.
Since Methbot and similar operations send a false domain location, such as vogue.com, false data is also being passed along and bundled with real data from the legitimate vogue.com site, compromising the digital identity and audience data of real publishers.
How It Happens
A complex ecosystem makes passing inauthentic domain data all too easy and obscures real data in the process.
As seen in the graph below, both a publisher and a data center run by a fraud operation may send inventory to the same supply-side platform (SSP), which works with a number of demand-side platforms (DSPs). In the example, both real “premiumpub.com” inventory and fraudulent “premiumpub.com” inventory are passed through the ecosystem as the same domain, and they show up in DSP and SSP reporting as the same domain.
Why Digital Identity Matters In A Data-Driven World
The industry talks about fraud in terms of its dollar impact on advertisers and brands, but publishers also suffer. The flood of fake supply obviously drives down the CPM of real inventory, but Methbot-style fraud is harming publishers in more subtle ways.
By stealing a publisher’s digital identity and using the value of the brand associated with it, fraudsters not only take money that might otherwise belong to the publisher, they also manipulate the associated site and audience data. White Ops reported that the Methbot operation faked clicks, mouse movements, geolocation data and even social network login information to further look like real, engaged people.
Every time a perpetrator fakes a domain, the market is hit with these fake metrics. This dilutes a publisher’s brand in the industry as advertisers and platforms see a mix of metrics that don’t accurately represent a publisher’s inventory.
Data is the currency that defines the value of a publisher. As the explosion of devices has exponentially increased the amount of data that’s processed daily, it has become increasingly important that a publisher’s data is accurately represented. Machine learning algorithms in programmatic environments are driven by data. The buy side uses this data to update their models to determine the value of the inventory. Like any data model, garbage in, garbage out.
As the advertising ecosystem continues to evolve and we increase our dependence on machines to determine publisher value, the fidelity and accuracy of the data that represents the publisher will be vital to the publisher brand.
A New Target
As the header-bidding trend moves to a server-to-server approach, programmatic transactions will become increasingly susceptible to manipulation. Any time there is a server-to-server connection, the IPs, domains and other browser metadata passed on the query as part of the media transaction can be altered.
Methbot-type fraud works by manipulating IP addresses within the perpetrator’s data center. When an ad platform or other code executes within a browser, the code asks the browser for its location. This location can reference an IP inside the data center, making it look like a legitimate domain.
Server-side header bidding isn’t bad; there’s no doubt it solves header bloat for the publisher and moves auction-type mechanics back to the server. But there is an inherent risk associated with more server-to-server connections. In this model, the SSP that is connected to the publisher will need to closely manage the data entry points to prevent future Methbot-style fraud.
This type of fraud is difficult to eliminate, since the browser remains the source of truth for domain reporting in the industry. That said, publishers can take a stand in controlling their digital identity by carefully vetting their programmatic partners and advocating for their own interests and needs with fraud and verification companies.
Protecting The Future Of Programmatic
Methbot may have been largely dismantled by the significant press coverage and release of associated IPs, but it’s only a matter of time before the next operation arises. Protecting data integrity and brand identity from this kind of fraud in the future will be paramount for both publishers and advertisers.