Oded Frommer has been doing performance marketing for almost a decade, as an affiliate. 4 years ago, Oded founded Performance Revenues – one of the top Mobile Performance Marketing Networks in the world. Today the company works with several of the world’s top mobile advertisers, in various verticals, delivering high volumes of quality users worldwide.
The objective of this article is to help you, as an app developer or advertiser, to discover fraud in your performance based mobile campaigns. Fraud is a common phenomenon when buying mobile app users, so developers and advertisers must be aware of its existence and the methods to detect and deal with it. There are two approaches to detect fraud, a very short one and a pretty long one. The short version: If it is too good to be true, it is fraud!
The above is obviously a generalization, but it does hold true in about 90% of cases. Therefore, the problem with this method is not it’s inaccuracy, it’s the lack of ability/interest to terminate a campaign just because it is too good. Consequently, in most cases, you will take the extra steps to make certain you are not losing on a potentially good opportunity just because it is too good. The long version: Well, it is long, so let’s start.
Fraud may be divided into three different categories:
- Forbidden traffic
- Technical frauds
- Networks fraud
The most common method of using forbidden traffic is when a publisher sends incentivized traffic to non-incentivized offer. Meaning, the publisher used low quality traffic and is expecting you to pay premium rates.
The easiest way to discover this kind of activity is by looking at the conversion rate (from click to install). You know your product, so you should know the average conversion rates one may expect. If, for example, your conversion rate is 2.5% (and ranges +-2%), the likelihood of getting a 25% conversion rate with similar traffic is almost does non-existent. Therefore, in most cases as the above, you are getting incentivized traffic.
There are several other ways to get such a high conversion rate, the most common one is by using “brand bidding” on search engines, so make sure to forbid it in the IO’s you sign (more about negotiating IOs with advertising networks here). The “smart” fraud-publishers try to hide the incentivized traffic within non incentivized traffic. They usually buy cheap clicks in order to decrease the conversion rate. The best way we found to reveal this practice is by running an hourly report where you may see sharp peaks in clicks.
The other way to use forbidden traffic is when publishers use specific sources which you don’t want anyone to use. This may be because you have already tried them in the past and lost money (an action which you don’t want to repeat), or because you know that this is a good source and you want to work with them directly, or when these are the types of sources that may hurt your brand.
This fraud type is much harder to discover. The best way to fight it is to try and avoid it in the first place by using an aggressive IO: For example, you may place in the IO the following sentence: “The sources below: XXX, YYY, ZZZ are forbidden. Using them will terminate the agreement and the publisher will not get paid for his traffic”.
The meaning of “technical fraud” is that the publisher has the ability to make your platform count conversion where no such conversions ever occurred. This type of fraud is the shadiest one, as it is literally pure theft.
There are two types of such fraud: The first type can usually be identified when a network is promoting an advertiser and the conversion is registered only on the network side and doesn’t appear on the advertiser’s side. This scenario usually means that the fraudster hacked the network’s tracking platform (made the pixel/postback fire by technical means), yet there was no real transaction that took place and therefore the advertiser doesn’t see the transaction. It is pretty easy to fight such fraud: All that needs to be done is to whitelist the advertiser’s IPs, and only these IPs can launch your pixel. This might push the fraudster to hack the advertiser’s pixel, which leads us to the second type of technical fraud: The fraudster hacked the advertiser’s pixel (or postback).
By accomplishing this, the fraudster has caused the advertiser to see conversions that didn’t really happen. The advertiser can recognize this fraud when the user’s value is 0, and no actions were ever made by these users. Lots of fraudsters like to say that the “traffic was low quality, but not fraud” (and thus use it for incent campaigns), however, this is pure fraud, not worth anything at all.
The only way to fight it is by using a fraud detection tool. These tools detect and analyze several parameters per each conversion. The tool then alerts you, for example, when conversions come from abused IPs, or when there is unusual or suspicious behavior of the traffic, such as when 95% of the conversions came from Explorer for an iPad campaign. These tools also rely on information that they aggregate across multiple other networks, to detect specific proxies and other facilities commonly used by fraudsters. These tools provide alerts for suspected fraud traffic; however the decision remains in your hands. We are using Scrubkit as our fraud detection system. This tool, although designed for web and only later adjusted to fit mobile, usually finds the fraud conversions well before our clients become aware of it, which enables us to inform our clients about it in advance.
Since most of our clients are used to be the ones to complain about suspected fraud to their suppliers, this practice significantly tightens the cooperation between our companies, as it enables our clients to rely on us to detect and to terminate fraud sources, even without their feedback. Moreover, it saved us from paying fraud affiliates for traffic we were not going to get paid for once the advertiser would analyze his data at the end of the month.
Networks that are not using a dedicated fraud detection platform are gaining some easy revenues in the short term by getting paid for fraud traffic (and saving the cost of these tools), but eventually will be left out of the game. Advertisers are advised not to buy traffic from network that don’t utilize such fraud detection tools.
There are many networks out there. Some are decent, some fraud their clients (as you read above) and some fraud their publishers. The below specifies the latter. It is a common case to see a specific (usually a very popular) offer that many networks have at the same rate. Then all of a sudden, one network provides the offer at a significantly higher rate. In most cases this may be due to the network’s ability to get higher rates from the advertiser, however, some networks are able to extend higher payouts through deception, by deleting (“shaving” or “scrubbing”) conversions from the publisher (and thus offer higher rate per reported conversion).
Publishers who suspect that their network is practicing the above may detect it by running the said offer through several networks and comparing the conversion rate (Note that conversion rates may slightly fluctuate between networks due to different tracking platforms).
Another type of network fraud happens when networks don’t pay their publishers for unjustified reasons, such as claiming fraud where there is none, and networks that simply don’t pay until they vanish and leave all of their publisher’s debts unpaid. These are usually very small and shady networks or the ones that are over-flashy, promising their publishers to get rich fast. Such networks don’t have any right to exist, as they cut off the branch they sit on. So, if you see an unknown network that offers great payouts – Check it out carefully, and if you can – get a prepayment.
Another point which was mentioned earlier and should also concern publishers: Networks that intentionally frauds the advertiser, by sending incent traffic to non-incentivized offers (or by other means) are also dangerous for the publishers, because eventually the advertiser will not pay the network and the publisher will not get paid.
Therefore, if you are in the game for the long run, don’t do business with such networks. You can recognize them when they tell you that you may bundle incent with non-incent traffic (on specific ratio, 50-50 for example), or when the offer pays way too high for incent traffic – be suspicious! Remember – If it’s too good to be true, it’s usually fraud…