The Media Rating Council, an independent cross-media measurement standards and auditing organization, announced updates its display, video and mobile measurement guidelines on Friday to address the epidemic of traffic fraud in digital advertising.
The MRC’s new guidelines will include the most up-to-date methodology for detecting and filtering non-human traffic. Once the update is published, digital measurement providers seeking MRC accreditation will have to meet the new requirements.
MRC CEO George Ivie said that although all of the MRC’s guidelines already require providers to filter non-human traffic, “What we want to do is strengthen the language in that process.”
“As we cycle through accreditation audits, we will be applying the new standards to all the companies that are accredited,” he added.
To determine the best methodologies to detect fraud, the MRC is working with fraud detection specialists and security companies focused on digital advertising. These partnerships began as part of a parallel initiative by the MRC to develop a standalone accreditation standard for fraud detection.
The MRC hopes to complete its audits of fraud detection specialists this year, and issue accreditation to several providers. Ivie said this can be a difficult process, since any disclosure about the fraud detection process during an audit could potentially be reverse-engineered by bad actors looking to avoid detection.
Although the MRC’s fraud detection audits aren’t closed or secret, the organization has been careful to temper its disclosures about providers’ methodology, Ivie said.
Once several providers have been audited, the MRC hopes to work with them to arrive at an objective, independent benchmark of the amount of fraud in the ecosystem, a number that has so far eluded the industry. Recent estimates of fraud prevalence range from 13% of aggregate inventory volume up to 61%, though providers tend to agree that fraud is more prevalent on open RTB exchanges than on direct sales channels.
“We feel like if we can audit some of these vendors, and have confidence in the validity and completeness of their procedures, then we can use the vendors to help size the issue,” said Ivie. “Because right now there are a lot of discussions about invalid traffic and fraud, and we think maybe there’s a lot of hyperbole out in the marketplace that needs to be straightened out.”
Bots get smart and slippery
One of the challenges that the MRC hopes to address is bad actors’ talent for innovating and staying ahead of the good guys. The new MRC guidelines will require that providers take a proactive approach to identifying new kinds of fraud, and have systems in place to detect and filter new forms of invalid traffic as they emerge.
Another solution the MRC is considering is a public security document that identifies techniques that fraudsters are using – similar to the IAB’s International Bots and Spiders List, but for general practices rather than specific bad URLs or botnets. Such a document would make it easier for security experts like White Ops, DoubleVerify and Telemetry to communicate new fraud schemes and signatures across the industry as they’re identified.
On the other hand, Ivie notes, such a document would also pose a security risk, since fraudsters would know which techniques to stop using.
Another enabling factor for fraud is the distance between publishers and demand-side measurement providers. In real-time digital advertising, impressions are often sold through several networks or exchanges before they reach the buyer. As the impression travels up the supply chain, much of the information that could be used to detect fraud is lost.
“To detect some of these bad actors today, you have to go downstream, and leverage the full set of information that you can get cooperatively about an internet transaction – which sometimes passes through multiple hands,” Ivie explained. “We may need to set up communication links for analytical purposes, to help us create a full picture of what these agents do. This is a new type of sophistication that has to be driven into the process.”
Ivie said the MRC “intends to push the boundaries to build a better analytical base,” which can ensure that fraud detection providers are able to access data about an impression’s complete journey through the supply chain. He said the requirements had not been fully worked out yet.
So far, the MRC has not firmed up its working group for the initiative, but Ivie said he expects the IAB and other ad tech trade associations will be involved since the decision will have significant implications for their constituents.