Last year, the average click fraud rate of pay-per-click advertisements appearing on search engine content networks rose to 19.2 percent for the last quarter of 2006, the highest yet, according to Tom Cuthbert, CEO of Click Forensics.
As detailed in Part 1 of this series, Internet advertisers and security pros are seeing increases in click fraud activities that siphon both sales and advertising dollars from vendors. Click fraud occurs when online advertisers pay search engine companies and advertisement Web publishers a fee for each click made by either real or phony would-be customers.
A more recent form of click fraud involves criminal gangs in foreign countries that set up rogue Web sites that run the same ads and hire people to click on these unauthorized ads, thus diverting payment to the rogue Web site owner.
One recourse e-commerce vendors have is to use the resources of Cuthbert’s ClickForensics.com, an independent click fraud reporting service. He started tracking click fraud four years ago and publishes quarterly fraud reports on www.ClickFraudIndex.com.
“Click fraud is similar to what’s been happening with spam. It gets worse. There were no aggregate figures to measure the size of the problem,” Cuthbert told the E-Commerce Times. “We found 14 percent of the clicks fall into a high threat category. That’s about (US)$1 billion to advertisers annually.”
The Click Fraud Index monitors and reports on data gathered from the Click Fraud Network, which more than 3,000 online advertisers and their agencies have joined. The network provides statistically significant Pay-Per-Click data collected from online advertising campaigns for both large and small companies, Cuthbert explained.
Cuthbert’s approach is to give his members a fighting chance by dealing with click fraud on two fronts. Armed with his click fraud data, e-commerce vendors can go back to the Web sites hosting their ads and demand a refund.
Last summer, Cuthbert formed a trade group called the Click Quality Counsel. This is a group of 20 advertisers who meet monthly and press Web publishers with their recommendations for battling click fraud.
“Results are moving along, but the outlook remains very dismal. It will take a few years,” Cuthbert said about progress in fighting back. “The technical challenge to catch perpetrators is a really great.”
Online advertisers need to know they can fight back to hamper click fraud, he added. Cuthbert hopes to eventually see results similar to the success of ad monitoring agencies such as the Nielson ratings for TV networks and Arbitron ratings for radio stations.
Other technologies are also available to track down click fraud artists, Michael Caruso, CEO of ClickFacts, told the E-Commerce Times. ClickFacts is a third-party auditing service that detects fraud differently than its competitors. Instead of relying on log analysis, Caruso employs a solution which captures a snapshot of organic and paid traffic to Web site advertising.
ClickFacts puts a Java script on the ads its members place online. The Java script allows Caruso’s organization to accurately track where else the ads appear and who is clicking on them. Members then use that data to prove the number of fraudulent clicks in pursuit of refunds from the ad publishers.
“This provides a real view of the patterns. Not a lot of companies do this type of [click] auditing. Advertisers do not know where their ads go,” Caruso said.
This auditing process lets him identify the time of day a click was done, he said. It also sees through the click fraud perpetrators’ efforts to conceal their location.
“Fraudsters can change the IP address [to mask their location] but usually do not change the language used in the botnet instructions and other virus coding,” he added.
His approach is getting results through more than just click fraud monitoring. His customers are seeing improvements to their return on investment (ROI) as well, Caruso explained.
This happens because they get a full account on how their current online search and cost per click (CPC) dollars are spent in comparison to how their customers behave, he said.
“In many cases, the fraud percentage takes a back seat to behavior patterns. We’ve moved away from focusing exclusively on click fraud into verifying the click stream in its entirety and looking at the total online spend holistically across many platforms, not just per click by search engine,” Caruso stated.
ClickFacts charges its customers 2 to 3 cents per click. Caruso’s company functions more like an ad source company, he said.
Online advertisers must become very vigilant in protecting against click fraud, according to Patrick Peterson, vice president for technology at security firm IronPort Systems. Malware, viruses and botnets are fueling click fraud crimes.
“This won’t stop until they are all blocked. The more we can learn about who is in the botnets, the more we can create easy tools [to stop it],” he said. “We need to filter out the bad Web sites for the advertisers. We need to suck the oxygen out of the criminal world.”
Automated botnets make it easy for criminals to monetize the pay-per-click process to their own advantage, Peterson said.
“The biggest source for click fraud is coming from South Korea, China and Asia in general. It is an international problem,” said Caruso.
Ad publishers have to do more to block international traffic for domestic-based ads. In addition, online advertisers can change their keywords to defeat botnets and can change the times of the day or night that their ads are displayed to coincide with times that produce apparent fraudulent clicks but no sales.
“Pay per click is good business model. We need to develop a sense of trust among advertisers. It will take working together in the industry to solve this problem,” concluded Cuthbert.
I don’t think most advertisers realize the scope of the click fraud problem. A new scheme (undetectable to the networks) is growing like wildfire.
Our company has been investigating this system and will publish an in-depth article on our web site at trafficsentry.com within the next week. Email us for info prior to that time. (info at trafficsentry dot com)