In this blog, a group of experts from Adjust, Appsflyer, mFilterIt, and Singular share their insights on fighting ad fraud and what iOS 14 means for fraud detection.
Preventing ad fraud is an evergreen topic for advertisers. The increasing sophistication of fraudsters keeps the entire advertising industry on their toes, looking for solutions, and most importantly, for better ways to prevent fraud altogether. Knowledge is power and it’s the best weapon to face this threat. Since fraud is an ever-complex issue, we asked top experts in the industry to share their perspectives on the best ways to confront and prevent fraud in these modern times. We also discuss the impact that the post-IOS 14.5 changes in the industry might have on mobile fraud activity.
How do you see ad fraud evolving, and how are you going about it?
Mobile app usage has surged due to COVID-19, and recent Adjust data shows that, unfortunately, fraudsters didn’t stay behind. Fraudulent activity in gaming, for example, increased by 172.95% between August 2019 and August 2020 worldwide, and 310.29% in the US. Our research found that fraudsters are now faking not only paid installs but also organic traffic — installs that cannot be attributed to any marketing activities — to deceive the inflated numbers of installs they cash out. Luckily, with a basic understanding of mobile ad fraud, you can combat fraudsters with simple common sense. Whenever numbers don’t add up, it’s your settings and KPIs you should be questioning. Apart from our constantly improving technical capabilities, we ensure our clients and industry are kept up-to-date with the latest industry-wide developments, including events, webinars, reports, and blogs.
You can read the Adjust Guide to Mobile Fraud here.
How does your tech/product help advertisers in preventing and fighting ad fraud?
«Adjust’s Fraud Prevention is not just a ‘reactive’ anti-fraud product but a proactive toolset that focuses on prevention. Reactive fraud detection models don’t prevent fraud; they only provide you with after-the-fact information on whether fraud took place — and it’s then up to you to negotiate with networks over what was or wasn’t legitimate traffic. The only way to approach fraud is with a real-time rejection model on the most granular level with all involved parties notified. We take a proactive approach and reject fraud before attributing it, taking fraudsters out of the equation, so data-sets stay clean and reliable. We make sure that false attribution doesn’t lead to budget reductions and cut the cashflow to fraudsters. The lack of funds disincentivizes fraudsters from attacking the same target, so when they move on to the next target, you can free up valuable time to focus on what’s most important — driving growth.”
How do you see ad fraud evolving, and how are you going about it?
“AppsFlyer’s recent data study about the state of mobile ad fraud highlights mixed trends when it comes to fraud. On the one hand, app install fraud rates seem to be on a general decline, falling to around 15% on average across all verticals (with non-gaming apps still showing high install fraud rates of over 31%). The general decline can be associated with the general growth in awareness of fraud, and multiple vendors and advertisers taking actions to mitigate it. On the other hand, we see an alarming increase of more sophisticated in-app fraud, targeting more lucrative CPA rates and bypassing standard install fraud detection solutions, which can only be detected post-install.
Common industry misconceptions are that all fraud can be identified and blocked in real-time and that in-app activity is an indicator of real user activity — many advertisers even went as far as relying on these measurements as a fraud prevention solution. This is no longer the case.
Fraudsters understand where the money is and abuse these misconceptions to deliberately target in-app events. AppsFlyer’s solution is the only one to offer post-attribution fraud detection that’s designed to catch such sophisticated fraud cases. In addition, we recently released a dedicated dashboard for our customers to see first hand the level of in-app fraud on their accounts, associate value to CPA events and understand the impact of such sophisticated fraud methods. We also improved our existing validation rules setup to allow greater flexibility for customers when creating custom fraud rules, including rules for in-app fraud prevention.”
How does Protect360 help advertisers in preventing and fighting ad fraud?
«Protect360, AppsFlyer’s dedicated anti-fraud solution, evolves together with the fraud methods we encounter.
Combining advanced machine learning algorithms, dedicated fraud specialists and data science teams, we do everything we can to try and think like fraudsters to trace anomalies that help us identify their activity and block it. Access to the largest mobile attribution database globally, covering over 9.7 billion devices globally, allows Protect360 to identify and block existing and new fraud trends faster, better and more accurately than anyone else in the market.»
How is fraud prevention looking/changing post-IOS14?
«iOS 14 has taken the entire industry into a privacy-centric reality, a reality where end-user data is dramatically limited, and where personal identifiers are no longer used for measurement.
This means fraud methods will change and adapt to this new reality, and so will fraud detection and protection methods. We’re already working on identifying potential loopholes which in turn will help us protect our customers in this new reality, as we work with all relevant partners to stay ahead of the curve in terms of identifying and blocking new ways of exploiting the new technologies and methodologies.”
Can fraud exist in iOS 14 and SKAdNetwork?
“Apple has introduced several anti-fraud mechanisms that are meant to obstruct different types of attribution manipulations, mostly focusing on validating the postback’s authenticity, while neglecting to address the user’s interaction authenticity. Our team has found several possibilities to trick the SKAdNetwork protocol into thinking an attribution has taken place, meaning that attribution fraud is very possible with iOS 14.
You can read more about it here.
Once we know this fraud can manifest, we can also address ways of protecting our customers from it accordingly.
How do you see ad fraud evolving, and how are you going about it?
«Ad fraud is here to stay. It’s not something that one fine day, we declare the world is ad fraud-free. Fraud is becoming more sophisticated, and as advertisers try to fix this issue by hardening the KPIs, fraudsters are smartly overcoming this challenge. This is making the strategy of fighting ad fraud through KPI hardening fail.
We see many now going brands D2C, especially post-pandemic. They are digitally novice brands and are just at the beginning of their ad fraud learning curve, making them highly vulnerable. Also, since they will look for more inorganic growth, their spending ratio will be higher than the industry average, which means they will waste more on ad fraud if not handled optimally. From a tech perspective, we see no single solution being able to offer a fraud-free experience. Be it biddable, non-biddable, programmatic, affiliate marketing or any other approach a marketer adopts, ad fraud can happen in all of them.
Lastly, ad fraud is resulting in erosion of brand reputation and integrity. Brands need to look beyond the dollar impact of ad fraud and be aware of how ad fraud is reversing the customer experience, which is the essence of any digital transformation endeavour.»
How does your tech/product help advertisers in preventing and fighting ad fraud?
«mFilterIt uses proprietary machine learning algorithms powered by AI to neutrally audit and examine the entire journey of a digital ad from the point of being pushed into various channels to engage any customer. This offers a lot of transparency to everyone in the value chain – advertiser, agency and publisher. Basis this, the advertiser can judge the quality of the media, the agency can plan for relevant media and the publisher can revenue optimize.
We look at ad fraud holistically, hence adopt any device, any platform approach that enables our clients to achieve zero tolerance for ad fraud. Our solutions on ad integrity and brand safety focus on saving dollars for advertisers and help agencies and publishers create high-quality engagements that add to the brands’ reputation.
We establish the footprints of a digital ad campaign along the value chain by validating over 70 parameters, the highest in the industry, which gives everyone – advertiser, agency and the affiliates maximum visibility about how the money is being spent and how the quality of engagement is elated.»
How is fraud prevention looking/changing post-iOS 14?
«For India, we don’t see much of an impact as iOS penetration is still less than 3%. We expect a higher impact on the overall measurability and trackability of advertising spending in markets such as the Middle East and the Americas.
IDFA is one of the key resources which advertisers use at the moment to serve personalized target-oriented ads. Eliminating it will result in increased challenges to figure out fraud. We have a diverse range of data points to analyze fraud and will continue to identify ad fraud effectively, post users getting the option to block IDFA at the app level. Remember that Ad Fraud will only increase in the post-IDFA world since even fraudsters will be able to hide behind anonymity and evade «normal» methods of detection. Fighting ad fraud will require a more advanced approach that uses patterns and clusters to identify human-made versus machine-made traffic.»
How do you see ad fraud evolving, and how are you going about it?
«Ad fraud is ever-evolving, and although traditional methods like click-spamming and click-injection are still relevant, better-implemented, more sophisticated fraud schemes are on the rise. We’re seeing an increasing number of fraudsters that mimic legitimate user behavior, making detection challenging. A particular fraud scheme to watch out for is click hijacking techniques, fraudulent clicks triggered by actual ad clicks, similar to the headline-making SourMint attack of 2020.
But when fraudsters attack, our fraud-fighting team at Singular strikes back. Leveraging extensive data research and reverse engineering, our cybersecurity team implemented first-to-market Click Hijacking prevention to detect and stop attacks like the Sourmint attack from wreaking havoc on marketers’ reporting and budgets.
We strongly believe in deterministic methods, which, if available, are always superior to probabilistic ones. We have the most-advanced receipt validation mechanism and the only solution for Android install Validation, allowing us to protect against fake installs and bots accurately. And fraud prevention can’t be a one-size-fits-all solution since each app has unique needs. That’s why Singular’s Fraud Prevention Suite is fully customizable, allowing marketers to dictate precisely how aggressively they want to protect against potential fraud attacks.
Looking forward, it’s clear that iOS14 will shuffle the cards, but it’s early to say what techniques fraudsters will take on. We do expect new types of attacks to surface, so we’re mapping possible attack vectors so we can be quick to develop the required techniques to protect our customers.»
How does your tech/product help advertisers in preventing and fighting ad fraud?
«Singular’s Fraud Prevention Suite is built on four pillars: proactive rejection, complete transparency, customization, and innovative detection techniques.
Proactive fraud rejection is all about stopping fraud in real-time before the attribution decision. That allows us to protect the integrity of our marketers’ reporting and protects against wasted budget.
We believe fraud prevention should be completely customizable. With our custom rules feature, we give marketers granular controls to define strict or permissive rules by partner, app, country, and more based on their tailored needs. Complete transparency means providing detailed reporting on fraud data to allow our customers to understand when and why traffic was marked as fraudulent to better reason and communicate fraud decisions to partners and internally. Lastly, we have more detection methods than any other solution available, including proprietary methods like Android Install Validation. Our innovative cybersecurity team is consistently leading the way in developing first-to-market fraud detection solutions.
The combination of visibility, customization, active protection, granular controls, and innovative techniques provides the best support for advertisers to run UA at scale while protecting their investment from fraudsters.»
How is fraud prevention looking/changing post-IOS14?
«iOS 14.5 is the most significant shift our industry has seen in a while. All aspects are changing; UA strategy, optimization techniques, measurement, and of course, ad fraud. It’s already clear that SKAdNetwork will be the leading measurement method for iOS moving forward, but it’s new for everyone and has its challenges.
While advertisers work to reinvent their UA strategy, fraudsters are working hard to reinvent fraud methods. SKAdNetwork makes some classic methods obsolete, like click spamming, but new methods will surface.
We already identify different weaknesses with the new mechanisms, which require protection:
- SKAdNetwork postbacks can be altered, duplicated, or re-used to claim multiple installs since Apple does not sign all fields.
- Manipulating the new mechanisms introduced to issue genuine postbacks based on fake SKAdNetwork clicks and views.
Since data is still limited, our team focused on protocol research and mapping the landscape to ensure our customers will be safe.
We already offer unique solutions, including Secure SKAdNetwork postback standard and fake installs and bot protection, and are continuing to innovate as the industry evolves.»