The world of online advertising can be a dark and scary place at times. Just this week, spider.io announced that they’d uncovered a massive “bot net” aimed at defrauding advertisers. Scammers took over thousands of computers in the United States, and developed a sophisticated network to generate traffic to “fake” websites. In many ways, this traffic was indistinguishable from legitimate traffic, and bilked an enormous amount of money from advertisers.
At Luminate, attempts to defraud our advertisers are taken very seriously. We’ve been at this for a while, and while you’re never really a step ahead of the scammers, we do our best to stay right on top of them. There’s no one perfect approach to keeping advertisers safe, so we rely on several different signals to alert us to fraud.
Our first line of defense begins before a publisher is even allowed to join our network. Each candidate publisher is both algorithmically analyzed and reviewed by a human to assess their quality. We look for tell-tale signs of a scammer: red flags include low-quality content, rip-off domains, and questionable domain registry. Our goal is to ensure that inferior publishers don’t ever make it in the door.
Once a publisher joins our network, we apply several approaches to detecting fraud.
- We continually watch traffic for abnormal patterns. Using a variety of approaches, we monitor each publisher’s traffic, and compare that with known patterns from similar publishers on our network. Any abnormality flags a deeper review of the offending publisher — and any other sites that publisher owns.
- We rate-limit traffic from each user. For example, in order for a click to be considered legitimate — and therefore billable — we require it to be the only click that a particular user has made in that session. Realistically, a user can generate more than one click in a session, so we realize how conservative this approach is: in fact, it costs us about 10% of our potential revenue. Nevertheless, we feel that ensuring our advertisers receive quality traffic is well worth the price.
- All accounting is performed off-line. The Luminate widget is a fairly complicated piece of software. Part of its normal operation involves signaling back to our servers as the user interacts with it. We correlate these signals with one another, and ensure that the pattern they form corresponds to normal human behavior. If not, the session is considered suspect, and is discarded as invalid — along with any impressions or clicks it may have generated.
Finally, if a significant portion of a publisher’s traffic appears to be fraudulent, we initiate a formal review. This review can ultimately result in the publisher being removed from our network.
Going forward, we’re hoping to incorporate even more aggressive fraud detection tactics: for example, incorporating filters for known bot nets (like the one spider.io uncovered), using machine learning techniques to predictively identify fraudulent publishers, and taking advantage of the breadth of our network to look for distributed fraud attempts.
Unfortunately, scammers are here to stay. But we’re doing our best at Luminate to ensure that we have a state-of-the-art system to identify fraudulent activity and protect our advertisers.