Click Fraud: A Growing Nuisance for Web Advertisers
February 7, 2007
Click fraud -- the practice of falsely inflating online ad clickthroughs -- has hit an all-time high, according to a recent report. How big a problem is it? Will click fraud vanish once publishers and advertisers place a high enough demand on authenticity? Or will the fraudsters grow in sophistication as the practice becomes more lucrative?
Having difficulty verifying wireless or other hard-to-find contact information? Verify the accuracy of name, address and phone information instantly with TARGUSinfo On-Demand VerificationSM. Eliminate calls to banks and customers and decrease your cancelled order rates. Start a Free 10-day Trial.
Click fraud is a growing problem for online advertisers who rely on paid search services. Marketing experts are urging e-commerce vendors have to take proactive steps to combat it.
Online advertisers pay the search engine company hosting their ad a set amount of money each time a computer user clicks on the ad. Click fraud occurs when an individual or group of people, either manually or through a computer program, repeatedly clicks on an ad to inflate the payment owed the publishers.
A more recent form of click fraud involves criminal gangs in foreign countries setting up rogue Web sites that run the same ads, then hire people to click on these unauthorized ads, thus diverting payment to the rogue Web site owner. This results in the advertiser paying for both the legitimate and illegitimate ads.
Billions On the Line
Some industry watchers complain that search engine publishers such as Google and Yahoo downplay the extent of the problem. As billions of advertising dollars are shifting to paid search, click fraud is a worsening problem that needs to be addressed more aggressively, they say. If click fraud is not tamed, major online advertisers could become disillusioned with this advertising medium.
However, other direct marketers say click fraud is merely part of the price of online advertising. Direct marketers describe click fraud as falling between media myth and marketing menace. They view click fraud as a real possibility that can be minimized by taking the proper precautions.
Rob Friedman, executive vice president of Digital Element, which specializes in IP (Internet protocol) intelligence, is certain that, eventually, the online marketplace will force ad publishers to change their policies involving click fraud.
The advertising networks will have to figure out how to detect click fraud more efficiently and comply with advertisers' demands for protection to stay in business, he predicted.
"Click fraud will be gradually reduced. Now there is not yet enough incentive for publishers. But we do see a reaction from advertisers and publishers setting in," Friedman told the E-Commerce Times.
Fraud Dynamics
Click fraud incidents are not spiking. They have been at high volumes for a while and they often go unreported, according to Patrick Peterson, vice president for technology at network security firm IronPort Systems.
"There is a much bigger picture developing. For the last three years, we've seen capitalism set in. Just as other aspects of organized crime, all the click fraud perpetrators see is money," Peterson said. He observed that online criminals are demonstrating renewed innovation and sophistication.
Peterson said click fraud occurs through two primary types of attacks. The first one uses botnets -- networks of thousands of infected computers that carry out tasks over the Internet without the computer owner's knowledge.
"The bad guys have invested a lot to infect computers. No other business is so easy as what the click fraud artists are pulling off. This crime is still in its infancy," he said.
The second attack type is the pay-per-click model. The fraud teams set up a Web site and provide phony content. They create links to syndicated ads and hire people to work the click rings as full-time jobs. These click rings earn from 10 to 20 percent from advertisers who do not know the clicks are fraudulent.
"Online advertising is huge business today. Over (US)$10 billion is being spent this year alone. Half of that amount is generated by pay-per-click transactions. Advertisers love this method because it is incredibly popular," Peterson said.
"Yahoo or Google gets paid from the advertiser regardless of whether the click is from a potential customer or a click ring worker," he continued. "So there is no reason for the hosting sites to do anything to stop the fraudulent clicks. Why would they want to reduce their own revenue potential?"
Different View
Click fraud increases demand on the pay-per-click engines and causes the price to rise on what merchants are spending, according to Cord Silverstein, director of engagement marketing at Capstrat.
Silverstein disagrees with the view that search engine companies such as Google and Yahoo are not able to detect most of the fraudulent activities.
Rather, he referred to a report that Google released in December that shows click fraud represents less than 2 percent of all clicks through Google's system.
"Google, Yahoo and MSN have all taken click fraud very seriously and have instituted several safeguards to ensure if fraud happens it will be recognized [as] invalid click detection," according to Silverstein.
"In today's PPC (pay-per-click) world, because of possible click fraud, but much more because of increased competition, the casual PPC merchant has been pushed out of the market," he continued.
"At one time, merchants could put in their bids and pretty much run on auto-pilot and still see significant ROI (return on investment). That is not the case in today's world. To be successful in PPC, you must utilize a number of tracking and analytics tools as well as being diligent on changing bids, keywords, landing pages, etc. on the fly and in real time," Silverstein noted.
Despite any concerns over click fraud losses, PPC still produces the highest ROI and is the lowest cost marketing tool in the online world today, noted Silverstein.
What's Too Much?
The last quarter of 2006 was the worst period yet for advertisers being victimized by click fraud. Click Forensics, a market consulting firm monitoring online advertising trends, recently released the results of its latest report on pay-per-click (PPC) fraud figures for the fourth quarter of 2006.
The organization's Click Fraud Index monitors and reports on data gathered from the Click Fraud Network, which more than 3,000 online advertisers and their agencies have joined. The Network provides statistically significant pay-per-click data collected from online advertising campaigns for both large and small companies.
The key finding in the report: the overall industry average click fraud rate was 14.2 percent versus 13.8 percent for the third quarter of 2006. This compares to 14.1 percent for the second quarter and 13.7 percent for the first quarter. However, the average click fraud rate of pay-per-click advertisements appearing on search engine content networks was 19.2 percent for the last quarter.
"The data confirms what other recent independent investigations have uncovered about click fraud. [It] remains a concern for online advertisers, and affiliate sites represent a large and growing source of click fraud traffic," said Tom Cuthbert, CEO of Click Forensics.
Avoiding Bad Clicks
The aim of successful advertising online is to target the intended audience, advised Friedman. For instance, if you are targeting buyers in Atlanta, you should only expect to get legitimate clicks from people in Georgia.
Advertisers must monitor their ad click results to ensure they are not paying for what they are not getting. One way to do this, said Friedman, is for advertisers to understand their natural market. They can do this by watching for responses from out-of-area replies.
They should also provide their ad publishing sites with a list of domains and companies on a banned list, including their competitors.
"To compete against ISP (Internet service provider) search engine complacency, you need to use a very focused adverting network," suggested Friedman. "The cream will rise to the top. Advertisers must demand affirmative measures of protection against click fraud."
Last year, the average click fraud rate of pay-per-click advertisements appearing on search engine content networks rose to 19.2 percent for the last quarter of 2006, the highest yet, according to Tom Cuthbert, CEO of Click Forensics.
As detailed in Part 1 of this series, Internet advertisers and security pros are seeing increases in click fraud activities that siphon both sales and advertising dollars from vendors. Click fraud occurs when online advertisers pay search engine companies and advertisement Web publishers a fee for each click made by either real or phony would-be customers.
A more recent form of click fraud involves criminal gangs in foreign countries that set up rogue Web sites that run the same ads and hire people to click on these unauthorized ads, thus diverting payment to the rogue Web site owner.
Click Tracking
One recourse e-commerce vendors have is to use the resources of Cuthbert's ClickForensics.com, an independent click fraud reporting service. He started tracking click fraud four years ago and publishes quarterly fraud reports on www.ClickFraudIndex.com.
"Click fraud is similar to what's been happening with spam. It gets worse. There were no aggregate figures to measure the size of the problem," Cuthbert told the E-Commerce Times. "We found 14 percent of the clicks fall into a high threat category. That's about (US)$1 billion to advertisers annually."
The Click Fraud Index monitors and reports on data gathered from the Click Fraud Network, which more than 3,000 online advertisers and their agencies have joined. The network provides statistically significant Pay-Per-Click data collected from online advertising campaigns for both large and small companies, Cuthbert explained.
One-Two Punch
Cuthbert's approach is to give his members a fighting chance by dealing with click fraud on two fronts. Armed with his click fraud data, e-commerce vendors can go back to the Web sites hosting their ads and demand a refund.
Last summer, Cuthbert formed a trade group called the Click Quality Counsel. This is a group of 20 advertisers who meet monthly and press Web publishers with their recommendations for battling click fraud.
"Results are moving along, but the outlook remains very dismal. It will take a few years," Cuthbert said about progress in fighting back. "The technical challenge to catch perpetrators is a really great."
Online advertisers need to know they can fight back to hamper click fraud, he added. Cuthbert hopes to eventually see results similar to the success of ad monitoring agencies such as the Nielson ratings for TV networks and Arbitron ratings for radio stations.
Different Tactics
Other technologies are also available to track down click fraud artists, Michael Caruso, CEO of ClickFacts, told the E-Commerce Times. ClickFacts is a third-party auditing service that detects fraud differently than its competitors. Instead of relying on log analysis, Caruso employs a solution which captures a snapshot of organic and paid traffic to Web site advertising.
ClickFacts puts a Java script on the ads its members place online. The Java script allows Caruso's organization to accurately track where else the ads appear and who is clicking on them. Members then use that data to prove the number of fraudulent clicks in pursuit of refunds from the ad publishers.
"This provides a real view of the patterns. Not a lot of companies do this type of [click] auditing. Advertisers do not know where their ads go," Caruso said.
This auditing process lets him identify the time of day a click was done, he said. It also sees through the click fraud perpetrators' efforts to conceal their location.
"Fraudsters can change the IP address [to mask their location] but usually do not change the language used in the botnet instructions and other virus coding," he added.
Accounting Cents
His approach is getting results through more than just click fraud monitoring. His customers are seeing improvements to their return on investment (ROI) as well, Caruso explained.
This happens because they get a full account on how their current online search and cost per click (CPC) dollars are spent in comparison to how their customers behave, he said.
"In many cases, the fraud percentage takes a back seat to behavior patterns. We've moved away from focusing exclusively on click fraud into verifying the click stream in its entirety and looking at the total online spend holistically across many platforms, not just per click by search engine," Caruso stated.
ClickFacts charges its customers 2 to 3 cents per click. Caruso's company functions more like an ad source company, he said.
Always Watching
Online advertisers must become very vigilant in protecting against click fraud, according to Patrick Peterson, vice president for technology at security firm IronPort Systems. Malware, viruses and botnets are fueling click fraud crimes.
"This won't stop until they are all blocked. The more we can learn about who is in the botnets, the more we can create easy tools [to stop it]," he said. "We need to filter out the bad Web sites for the advertisers. We need to suck the oxygen out of the criminal world."
Automated botnets make it easy for criminals to monetize the pay-per-click process to their own advantage, Peterson said.
Fighting Back
"The biggest source for click fraud is coming from South Korea, China and Asia in general. It is an international problem," said Caruso.
Ad publishers have to do more to block international traffic for domestic-based ads. In addition, online advertisers can change their keywords to defeat botnets and can change the times of the day or night that their ads are displayed to coincide with times that produce apparent fraudulent clicks but no sales.
"Pay per click is good business model. We need to develop a sense of trust among advertisers. It will take working together in the industry to solve this problem," concluded Cuthbert.
