To fight fraud means commitment for a fair game from every player in the market and advanced performance metrics, says Inna Ushakova, the CEO and Co-Founder at AI fraud prevention firm, Scalarr, in this interview.
Inna Ushakova is the CEO and Co-Founder at AI fraud prevention firm, Scalarr.
What has caused the issues and recent growth of ad fraud in the Asian market? Why is Asia among the tоp 5 regions with the highest estimated cost of ad fraud?
The Asian advertising market is fragmented with a diversity of app stores, and various kinds of traffic providers and publishers. The whole ecosystem is quite chaotic and arguably not as well regulated, giving a huge range of opportunities to bad actors. It does not require too many resources, compared to the US where industry players are more aware of fraud and alert to its impact on business.
An issue faced is that ad techs/vendors lack incentive to fight fraud. As their main interest or KPI is volume, addressing fraud issues means cutting their ad volume. So there is no incentive for them to clean traffic if their clients don’t demand that or don’t look for the solutions when a fraud case appears. In turn, publishers that provide traffic (especially those who monetise only through ads from long-tail app lists) within a time become open to various ad manipulations aiming to sell “more traffic” and receive bigger payouts.
To fight fraud means commitment for a fair game from every player in the market and advanced performance metrics.
What are the different types of ad fraud, such as fake installs/impressions and click spam?
To give an overview of the most common methods we see, these include:
- Classic Click Spam: In the case of click spam, fraudsters send a huge number of clicks (in different ways) aiming to deliver the last-click prior to the organic installs and ‘steal’ them. All this is done to “catch” the organic installs made by these infected users and attribute it to themselves.
- Click Injection: In most cases, this type of fraud is found as a part of the work of big teams, who are engaged in making real mobile apps with an embedded malware virus, through which the infection directly occurs. Click Injection can be found only on the Android platform since it uses technical features particular to Android.
- VTA Spoofing: the method of faking tracking links to spoof clicks as impressions.
- Bots: Bots have been one of the first types of app-install ad fraud. Simple Bots are disclosed by the absence of any post-install activity, or by the most primitive ways of faking the app openings.
- Smart bots: a very advanced fraud type, capable of fully emulating user behaviour by performing all post-install activities for a long period of time. Smart bots are the closest emulators of human behaviour and have the right parameters to pass undetected such as a personal IP address or a device ID. Smart bots can fully emulate user behaviour by performing all in-app activities for up to 30 days.
- Device Farms: Device farms also belong to one of the most traditional types of fraud. Partially they were used for incentive campaigns, but very soon fraudsters switched their attention to non-incentive campaigns.
- Incentive Traffic: Incentive fraud means the amount of installs that come from independent users who receive a reward in various forms for the install taking place.
- App Spoofing: This occurs when the app on which the ad impressions are generated is misrepresented. Instead of sending a fake URL as is the case with domain spoofing, the app sends a fake bundled ID, which is the identifier of the app. The bundled ID allows the fraudulent app to disguise itself as a premium app.
- Different kinds of fraud blends in one media source
Which methods are used by fraudsters in their attempt to stay one step ahead?
Fraudsters’ techniques are evolving by the day, becoming more sophisticated and complex among all mentioned types — we even detect AI-powered fraud. That’s why marketers as well as app developers need increasingly more sophisticated approaches to combat them. To make digital campaigns successful, marketers need to ensure their ad spend is being used to reach real people – and to do so effectively, you need anti-fraud software.
To carry out illegal activity across the web, all a fraudster needs is a sound technical understanding, access to the internet, and devices to get online. Within the realm of criminal activity, ad fraud has incredibly high pay-out potential at a low risk to the fraudster, as it is difficult to penalise by law. Increased privacy, such as Google’s FLoC and Apple’s iOS 14.5 update are making it easier for fraudsters to fly under the radar, meaning the risk to reward ratio is skewed in favour of the cybercriminals.
How do technologies that incorporate machine learning help solve the problems marketers and advertisers face?
The best approach to catch cybercriminals is to use artificial intelligence and machine learning that possess a huge capacity of analysis and data enrichment. Unfortunately, the traditional rules-based methods let down by their lack of data input. Their techniques identify when key characteristics and events exceed or fall below specific parameters, and often use 2D or 3D tactics, such as analysing clicks per minute. Frankly, it just isn’t sophisticated enough to catch the fraudsters and protect valuable marketing spend.
By contrast, Machine Learning algorithms analyse data by breaking it into clusters and compare every single cluster against that of real user behaviour. The algorithm then calculates the probability and deviation degree to identify significant anomalies and detect fraudulent traffic.
Ultimately, ML based anti-fraud solutions are capable of providing well-rounded protection against well-known as well as emerging types of app install fraud – an area that is very important as fraud becomes more sophisticated.
How does Scalarr help businesses fight ad tech fraud?
Our R&D team is constantly investigating new types of fraud, ML engineers are implementing the latest R&D findings into the ML models, and the data analytics team is validating the results at every fraud detection level. That’s how we build a truly sophisticated AI engine, which unites more than 16 different models to detect all types of fraud and envision new unknown crimes and threats. We usually verify up to 40% of fraud activities after traditional rules-based anti-fraud solutions.
We use 3 layers of next-generation Machine Learning (ML) algorithms that detect all types of mobile app install fraud with dramatically improved accuracy of up to 99%. The ML algorithms automate the investigation of more data than is possible for a human, continuously learning and generating a personal model of fraud identification for every mobile app. In 2020 we saved $22M for our clients.
Our flagship product, the Protection Suite, is used by customers to stay ahead of fraudsters without any need to constantly update the rules, as they modify their attack techniques.
For example, we work with a South Korean mobile app developer with a strong presence in iOS and Android. We started working with them and what we found was nothing short of surprising.
With over 330,000 installs analysed, we found 29% of fraudulent billable installs where 87,818 had fraudulent CPI and 9,638 had fraudulent CPA billable conversions. When considering average USD costs of $1 for CPI and $2 for CPA, the direct losses due to ad fraud totaled $107,094.
Without any form of optimisation, if the company had spent approximately 5% every month on fraudulent sources, the potential fraud spend in 2021 alone would have amounted to $1,704,629, meaning fraud losses of $3,000-6,000 per day.
We help our clients keep a proactive approach to user acquisition (UA), test new sources, find the best ones, and remove bad actors. Our fraud detection reports help UA managers be more confident about the traffic they buy and quickly understand which partners are trustworthy and which are not within the first test, avoiding sufficient investment.