Is Ad Fraud 9% or 90%?
Industry-wide estimates are wrong, here's why
I have said many times over the years that I will not give an industry-wide dollar estimate of ad fraud. This is because I don’t have complete data. Neither does anyone else. Everyone sees only a slice of the universe, both in quantity of impressions, and type — display ads, video ads, CTV/OTT ads, etc. So ANY estimate of industry-wide ad fraud is wrong because of the gross assumptions, approximations, and extrapolations that have to be done to estimate it. At the very least, eMarketer in 2019 cited a range, “$6.5 billion to as high as $19 billion, a range that points to the difficulty in measuring fraud’s true impact.” But if we review estimates from others, you can quickly see it is all over the place, both in dollar and in rate.
A handy reference, from January 2020, from BusinessofApps.com
- The total cost of ad fraud is debated: TrafficGuard/Juniper set it at $34 billion, predicting it will increase to $87 billion by 2022; most of this will be lost in the APAC region, with the current $19 billion set to rise to $56 billion
- The WFA predict ad fraud will become the biggest market for organised crime by 2025, worth $50 billion
- On the other hand, White Ops Inc. And the Assocation of National Advertisers state that only $6.5 billion was lost to ad fraud in 2017, down from $7.2 billion in 2016
- 21.3% of iOS app and 26.9% of Android app installs are fraudulent, according to Interceptd
- 28% of web traffic comes from non-human actors, says Adobe (thus setting the overall cost of ad fraud at $66 billion according to one commentator)
- Interceptd stats show that in Q4 2018, device farms accounted for 25% of ad fraud, incent abuse for 20%, bots/emulators for 18%, SDK spoofing for 13%, click spamming for 9%, click injection for 8%, and other sources for 7%;
- MarTech Advisor peg levels for the same quarter at 57% click injection, 24% click spam, 11% SDK spoofing, and 8% fake users/bots; levels vary across the year in both estimations
- TrafficGuard/Juniper stats show that of $25.8 billion lost to the three most-prevalent forms of ad frauds, app install farms/SDK spoofing account for 42%, click injection for 30%, and click spam for 27%
- SDK spoofing can siphon off 80% of ad budgets, warns MarTech advisor’s Michael Paxman
- In response to the rising cost of ad fraud, in January 2018, Procter & Gamble announced it was planning to save $750 million by cutting its ad budget, and halving the number of agencies (from 2,500 to 1,250); this was to be followed by a further $400 million cut
- In 2017, JPMorgan Chase reducted the number of sites it advertised on from 400,000 to 10,000 (and saw no change in business outcomes)
You can’t estimate fraud if you don’t know what you don’t know
Another key problem with estimating the dollar impact of ad fraud is that you don’t know what you don’t know. That means, you don’t know if you got it all — all of the fraud, that is. Every year, we see new discoveries of ad fraud that was there all along, except that the good guys didn’t even know it was occurring. Bad guys find new ways to steal ad budgets, and they are really good at covering their tracks. This is similar to the phenomenon of “zero-days” in cybersecurity. A “zero-day” is a new vulnerability that has been discovered for the first time by the good guys. But that security vulnerability has been there all along, and exploited by the bad guys while remaining hidden. Enormous quantities of ad fraud go undetected simply because good guys’ detection tech was either not looking for it (didn’t know to look for it) or was looking but got tricked by the bots into not marking it as invalid or fraudulent.
But you CAN estimate what is measurable and verifiable
So I flip it around and discuss what we CAN measure and ascertain, and avoid what we cannot know completely. Have a look at the following slideshare deck.
The TL;DR is that (using round numbers), out of the $100 billion spent in the U.S. on digital advertising, about $10 billion can be accounted for, as spent with big, reputable publishers that you probably recognize — like Hearst, Conde’ Nast, Meredith, NY Times, etc. The other $90 billion goes to ads that went somewhere else. We don’t have to call it fraud; we just say it went somewhere other than where most humans go.
So the ratio of known to unknown in dollar terms is 10 to 90.
If we look at the quantity of impressions, instead of dollar amounts, we can easily see that the collective long-tail sites that sell inventory through ad exchanges can generate 10s of trillions of ad impressions, whereas mainstream (good) publishers have finite human audiences that don’t expand or contract more than 1% year-over-year. So, using round numbers, the ratio is 1% of impressions comes from good publishers, while the other 99% of impressions come from somewhere else. Again we don’t have to call it fraud; it’s just that the ads went somewhere else where we probably can’t measure for fraud, viewability, and brand safety completely or correctly.
So the ratio of known to unknown in terms of impression quantities is 1 to 99...