Prevent fraud with server-based systems

If you are in the business of detecting ad fraud, infrastructure matters, and efficiency is the name of the game.

There is a big push in DevOps right now for server-less environments, and the cloud continues to grow in popularity. But if your network requires massive horsepower and customization, the cloud isn’t your best bet. Many players in the advertising technology space—including publishers, brands, agencies, and even ad tech solution providers—are overlooking the advantages of an on-site, server-based network.

The faster you can process data, the faster you can identify fraudulent patterns, which is why infrastructure can be an ad fraud solution’s competitive advantage. I’ve personally worked with teams to roll out new ad fraud detection rules, only to have a fraudster figure out how to get around them three hours later. That is how quickly digital criminals can adapt, and that is why the “good guys” have to work just as fast to protect themselves.

When to Think Twice about the Cloud

A lot of people think identifying ad fraud is difficult and complex. That is true in some cases, but often it’s quite simple. Fraudsters sometimes show their hand by creating suspicious patterns—for example, clicking an ad every 10 seconds is too routine of an action to be human traffic. These patterns can be easy to spot if you know what you're trying to find.

An on-site server-based network can be custom built to process data faster than most cloud-based networks and thus can spot ad fraud more quickly. Outsourcing to a cloud-server, such as Amazon, Oracle, IBM or Google, is great for streamlining your business, since it will free up your developers’ time, but it is not great for efficiency. Cloud solutions use “cookie-cutter” builds designed to work for everyone. If you are building something for WordPress or a CMS, a server-less approach makes sense; but when efficiency is paramount, it is not the right move.

The Importance of Real-time Ad Fraud Detection 

Ad fraud detection tools use artifical intelligence to process data and spot suspicious patterns quicker than a human ever could. The tools do this by creating rules, such as telling the system to flag a traffic source if ads are being clicked too quickly or at too regular an interval.

I believe it is important to assess traffic quality in real time, but that seems to be a dying practice. Many solutions detect ad fraud post-process, in part because that can be easier, and also because of recommendations from the Media Rating Council (MRC). The logic is that fighting fraud post-process can make it harder for fraudsters to reverse-engineer a fraud solution’s approach. For example, a fraudster that recognizes a system’s rule set could then vary its tactics in order to fly under the solution’s radar. To be MRC-accredited, you need to either detect ad fraud post-process, or if you are doing it in real time, demonstrate that you are updating your method of detection to stay ahead of reverse engineering.

I think if ad fraud is happening, it is best to recognize it immediately. Then you will know not to display the ad, and you won’t have to deal with the process of crediting an impression after the fact. If ad detection tools are taking the necessary steps to update their tactics, this can be done without giving anything away to the fraudsters.

Ask Your Ad Fraud Detection Solution Provider These Questions

As organizations evaluate different ad fraud detection solution providers, it is important they ask questions to understand the vendors’ infrastructure and processes. Consider the following:

1. Do you use the cloud or on-site servers?

Remember, on-site servers can yield faster network speeds than cloud servers. If your provider uses the cloud, ask which provider was chosen and why. There should be a reason for that decision.

2. What new products and/or updates are you working on, and when are you rolling them out?

Here you want to get a sense of how quickly the provider introduces new features. This will help you assess agility. A challenge with both infrastructure and ad fraud protection is that best practices change all the time. Vendors need to update their approaches accordingly and as quickly as possible. In one instance, we had to update our system 12 times in a day in an effort to keep pace with ad fraud! Other times we can go a week or two without needing an update. What is important to note is whether or not the vendor is monitoring its approach constantly and updating its rule set as needed.

3. Have you mitigated the issues that stemmed from the recent Spectre and Meltdown vulnerabilities?These malicious programs steal a wide range of data, from passwords stored in a browser to a user’s personal photos or emails. By now, these threats are well-documented, but ask the vendor how quickly they addressed the problem, and how they did it. If a vendor cannot properly monitor its own system, then how can you expect it to sufficiently monitor ad fraud on behalf of its clients?

 

The bottom line is that you need ad fraud solutions that work as hard, and as fast, as the fraudsters do. Infrastructure plays a big part in this. By educating yourself and asking the right questions, you can make an informed decision about your ad fraud detection tool.

 

Joe Rodichok is the Chief Technology Officer at eZanga. He attended Wilmington University where he studied Web Information Systems.