Invalid Traffic: What is it and how publishers can combat it?

Every publisher’s goal is to increase traffic. Seeing traffic spikes should be a sign of a growing audience, which can lead to more ad revenue, but not all traffic is good traffic. This is due to an issue that has plagued the digital advertising industry for almost as long as it has existed – ad fraud.

Ad fraud, also known as Invalid Traffic (IVT), is rampant. Even though warnings have come out year over year, the numbers are sobering. Depending on the source, the actual costs vary but reputable data shows one thing is clear: fraud is increasing and showing no signs of slowing down. 

The Association of National Advertisers (ANA) estimated $5.8 billion in ad spend was lost to global fraud in 2019. According to IAB Europe, at least €31 million of European display ad spend was potentially intercepted by fraudsters in 2019. Statista predicts ad fraud costs will rise to $81 billion in 2022 and a staggering $100 billion in 2023.  

Integral Ad Science’s (IAS) H1 2020 Media Quality Report determined that fraud fluctuated from 0.4% – 11.7% depending on whether buyers implement an ad fraud prevention or detection strategy. While ad fraud is a huge hit to advertisers, it negatively affects publishers in just as harmful ways. Fraud can impact a publisher’s data and distort measurement analytics, and it can cut into monetization opportunities if advertisers lose trust in ad-supported content. 

With money and reputations on the line, publishers must understand what IVT is and what causes IVT. But that is not enough. While industry bodies and tech companies develop ways to combat IVT, responsible publishers still need to take proactive steps to detect it in order to protect ad spend and ensure impressions are valid and viewable.  

What is Invalid Traffic? 

Invalid traffic (IVT) comes from advertising impressions generated by bots or any other form of non-human traffic. In contrast, valid traffic is generated by a human with a genuine interest in the ad content.

There are two types of invalid traffic – general invalid traffic (GIVT) and sophisticated invalid traffic (SIVT). The difference between them is stark as one is considered benign while the other is ad fraud. 

What is GIVT? 

GIVT isn’t malicious in nature, doesn’t attempt to mimic human behavior, and can easily be identified through routine filtration using known and reputable lists or with standardized parameter checks. 

Common categories of GIVT include: 

Known Data Centers: This ad traffic originates from servers in known data centers with IPs that are included in industry lists from organizations such as the Trustworthy Accountability Group (TAG), making this traffic identifiable. 

Known Crawlers or Bots: This type of ad traffic comes from a program or automated script that requests content and transparently identifies itself as non-human. These sources are on the IAB International Spiders and Bots List and can easily be filtered out of traffic. 

Irregular Pattern: This is ad traffic that includes attributes associated with known irregular patterns such as refresh traffic or duplicate clicks. 

A real-world example of GIVT: An increasing number of internet users activate VPNs to protect their privacy. When a person connects to a VPN, their traffic is routed through a proxy server (data center), making it unidentifiable and considered invalid. Again, there was no malicious intent or fraudulent activity. 

What is SIVT? 

SIVT is more difficult to detect and requires advanced analytics, multi-point corroboration, or a human analyst that can identify it. This type of fraudulent traffic is a genuine attempt from bad actors to generate more revenue or inflate traffic statistics to make sites look more appealing to advertisers. 

Common categories of SIVT include: 

Automated Browsing: This traffic comes from a program or automated script that requests web content or ads without declaring itself a crawler. It’s commonly referred to as a botnet. 

False Representation: This occurs when an ad request for inventory is different from the real inventory, including when the ad is rendered to a different site, app, or device. 

Misleading User Interface: This happens when a digital property or visual element is modified to falsely include an ad. In these instances, the ads might not be visible to users, might trick a user into clicking them, or might appear without the publisher’s consent. 

Manipulated Behavior: This is triggered by a browser, app, or program that causes an interaction with an ad without the user’s consent, such as an unintended click or conversion. 

Incentivized Behavior: Traffic falls into this category when users are incentivized to interact with an ad without the advertiser’s knowledge of the incentive (usually financial). 

Undisclosed Classification: This covers invalid, fraudulent traffic that doesn’t fall into other categories. 

A real-world example of SIVT: A fraudster uploads instructions to their data center botnet. Then, on command, the computers produce fraudulent traffic that’s proxied through hijacked IPs or infected devices. 

Types of SIVT 

Beyond categories, the advertising industry looks at SIVT by type, essentially showing the techniques fraudsters use. 

Bots: Bots are pieces of software programmed to perform certain actions such as intentionally viewing ads or videos, clicking on ad content, siphoning off ad spend. They are often delivered to computers through a virus, operating in the background without the owner’s permission or knowledge. 

Domain Spoofing: In this type of fraud, a bad actor impersonates a company’s domain, passing off low-quality inventory as high quality. Although the impressions are from real users, advertisers pay a higher cost as they believe they are advertising on premium sites. 

Pixel Stuffing: With this tactic, ads are served in a single 1×1 pixel frame and can’t be seen by real users. 

Ad Stacking: This happens when multiple ads are served on top of each other in a single placement. Only the top ad is viewable, but each advertiser is paying for impressions. 

Location Fraud: Fraudsters will send false location information, convincing advertisers their ads are being served invaluable geo-locations when they are really served in cheaper regions. 

Cookie Stuffing: Bad actors can add third-party cookies to a person’s browser without their knowledge, and if a conversion happens, it is attributed to the wrong site. 

User-Agent Spoofing: Web page requests are sent with ‘headers’ that contain the browser’s description. When spoofing happens, the description is modified to obfuscate browser information, interfering with user targeting and hiding bot tracks. 

Malicious Apps: These apps generate fraudulent impressions without users knowing about them. 

Cloud Hosting: In-app impressions are displayed on devices hosted in the cloud. With this type of SIVT, fraudsters control and change signals, making it appear as though there are multiple user devices instead of one hijacked device. 

App Name Spoofing: Similar to domain spoofing, fraudsters will disguise the name of an app, tricking the advertiser into thinking their ad is appearing on a premium app. 

What is the advertising industry doing to combat SIVT? 

As fraud impacts both sides of the advertising ecosystem, the industry has aligned to fight IVT through multiple, coordinated efforts, such as establishing the Media Rating Council and the IAB’s ads.txt, sellers.json, and SupplyChain Object (SCO) initiatives. The latter two, which publishers may be less familiar with, provide DSPs and intermediaries with the necessary transparency into ad inventory origins, paths, and legitimacy. 

Although the industry is working hard to develop advanced technologies that detect harmful activity, fraudsters are also working hard to better replicate user behavior. Several vital organizations are attempting to and making progress towards tackling ad fraud issues at the industry level. 

The Trustworthy Accountability Group (TAG) is the leading global initiative fighting criminal activity and increasing trust in the digital advertising industry. TAG’s mission is to eliminate fraudulent traffic, facilitate the sharing of threat intelligence, and promote brand safety.  

Companies that meet TAG’s rigorous guidelines can earn a Certified Against Fraud Seal to demonstrate their commitment to combating fraud, increasing advertiser confidence. 

The U.S. Department of Homeland Security has designated TAG as the first and only Information Sharing and Analysis Organization (ISAO) for the digital advertising industry, meaning it is the primary forum for sharing ad industry threat intelligence. 

Companies in the private sector are also stepping up to combat fraud. For example, cybersecurity company HUMAN, which verifies the humanity of more than 10 trillion digital interactions per week, provides its partners with an advanced Human Verification Engine, the Technology works to protect applications, APIs, and digital media from bot attacks, preventing losses and improving the digital experience for real humans. 

Looking to the Future: Advances in Adtech  

Given that digital ad spend is projected to grow from $491 billion in 2021 to $785 billion in 2025, according to eMarketer, ad fraud must be addressed. As long as criminals can exploit something and profit off their nefarious ways, expecting them to stop without putting up a defense is futile.   

However, with buy-in from advertisers and publishers and the advances in verification tools and machine learning technology being developed by ad tech companies, the industry can band together and tackle this ever-growing monster.