Skip to main content
The Deep Dive 14 Oct 2019 - 5 min read

Australian ad fraud up 66% as GDPR pushes criminal syndicates, bot herders beyond EU

By Paul McIntyre - Executive Editor
AD Fraud

“Now more than ever, global advertisers demand greater clarity and confidence in their digital investments,” Mark Zagorski, CEO of DoubleVerify, says.

The EU's GDPR legislation has driven a surge in advertising fraud levels in Australia and other less-regulated markets this year as criminal syndicates build out sophisticated cookie profiles to extract higher advertising yields in programmatic exchanges. Ad fraud, or 'sophisticated invalid traffic' as it is now called, is sucking an estimated $100m-plus from advertisers and publishers locally.             

"A lot of the bots that have been built were targeting inventory pools in the UK and throughout Europe. Now with GDPR, that's impacting the ability of the bot herders ... So they are sending bots to other [softer] markets ... We're seeing high levels of fraud in Australia"

James Diamond, managing director, Integral Ad Science

Advertising fraud levels have been on the rise in Australia this year and much of it has to do with the EU's GDPR, says Integral Ad Science (IAS) managing director, James Diamond.

It's a surprise to some media buyers Mi3 spoke with, but according to global analysis from IAS, Australia is one of a number of countries reaping an upward swing. Bad actors, says Diamond, are focusing on markets with weaker regulation around cookies, consent and privacy, affording bots and their masters the freedom to build up detailed, high-value "user profiles" and trade across online exchanges as "sophisticated invalid traffic". 

In the first six months of this year, Australian ad fraud across desktop display was up 66 per cent; desktop video was up 43 per cent and mobile web display was up 20 per cent on the same period in 2018. 'Sophisticated invalid traffic' is now sitting at 1.5 per cent in Australia, up from 0.9 per cent last year and now worth north of $100m annually. 

 
James Diamond

IAS Managing Director James Diamond

 
How the bad bots work  

"The ability to monetise bot traffic in exchanges is contingent on how attractive that bot is and that attractiveness is dictated by the cookie profile, among other things," says Diamond. "But to a large extent it's the cookie profile - and that cookie profile fakes user behaviours. By sending your bots to places like home loan comparison sites or real estate sites and, say, the Financial Times, all these data end up being surfaced by DSPs."

And the trick, says Diamond, is that when a bot finally emerges in a demand side platform, it carries behavioural data that will often see the exchanges bid higher prices. The fraudsters are chasing "yield optimisation" strategies and they're now focusing  beyond Europe,

"A lot of the bots that have been built were targeting inventory pools in the UK and throughout Europe," says Diamond. "Now with GDPR, that's impacting the ability of the bot herders to build these cookie profiles so they can send their bots off and generate these ads. Without the cookie profile you just don't get as high a bid price. The ability to generate that return is being reduced in Europe so they're saying why don't we send these bots to markets where they can still do it as a cookie profile. We're seeing high levels of fraud in Australia."

 

Christmas risk

Diamond has two concerns. The first is, surprisingly, that some blue chip advertisers and agency groups still don't deploy ad fraud blockers. Second, he expects an uptick in more fraudulent activity in the lead-up to Christmas.

"You get this surge in advertising demand and publishers needing to respond to that demand," he says. "Hopefully they try to generate traffic in responsible ways. The risk leading into Christmas is higher because as demand increases, the likelihood rises that you end up on something that's poor quality with invalid traffic fraud."

Omnicom Media Group's (OMG) chief investment officer Kristiaan Kroon says GDPR as the trigger for this year's rise in Australian sophisticated invalid traffic fraud "is a new one, but doesn't sound illogical". He says OMG hasn't seen the issue surface. "We run either IAS or one of its competitors like DoubleVerify on every single client we've got. There's already a fair bit of GDPR compliance in this market. It's why we have an enormous governance effort. It's where I spend a lot of my time and it's why agency groups exist. I'd be a lot more concerned in South East Asia."      

"We have a massive issue with publishers not having enough revenue in this country - and yet marketers are giving it to fraudsters. We have banks and retailers funding crime. There's no excuse not to shut it down"

James Diamond, managing director, Integral Ad Science

More fraud coming

Diamond says brands that do deploy ad fraud blocking are typically quarantined but warns more fraudulent activity is coming to the Australian market.

"Sophisticated invalid traffic is ultimately bad for consumers," he says. "It's funding stuff that's bad for users because ultimately that money goes to creating more viruses, more trojans, more worms that screw up more people's computers. And the money is not going to publishers. We have a massive issue with publishers not having enough revenue in this country - and yet marketers are giving it to fraudsters. There's also the corporate social responsibility bit: we kind of have banks and retailers funding crime - and there's no excuse not to shut it down."

So there really are still blue chip advertisers that are not using fraud blockers?

"There are," says Diamond. "I think that question goes to the agency because none of the blue chips run their own campaigns. So the question is why are some agencies not running fraud blocking by default? Is it because of cost? I don't know. I doubt it because we're talking about $100m leaving the industry in Australia each year."

What do you think?

Search Mi3 Articles