Pay Per Click Fraud: The Blame Game
Advertising Age recently ran a piece titled “Ad-Fraud Operation Fools Detection Companies, Nets Millions” which covered a recent pay-per-click fraud. Let’s call this piece what it sounds like: the blame game.
What’s interesting to me about the title of the article is that they appear to be “throwing the fraud detection technology companies under the bus.” Now, before anyone asks, I personally don’t have a stake in any of the fraud detection technology firms listed in the piece, nor are they client’s of ours.
That said, the article about the pay-per-click fraud implies that if the fraud detection technology programs hadn’t been fooled the multimillion dollar pay-per-click fraud wouldn’t have occurred.
While that’s certainly possible it isn’t probable as these kinds of frauds happen all the time even in spite of the best fraud detection technology deployed.
Fraud Technology’s An Enabler – It Doesn’t Solve Everything
I’ve written about technology in the past as it’s an integral part of any anti-fraud operation, However, let’s be perfectly clear here. Anyone who thinks that fraud detection technology solves all fraud problems, like the pay-per-click fraud referenced in the article, is just wrong, dead wrong.
The reality here is that the “technology solves all mindset” is a dangerous place to be when it comes to any kind of fraud prevention. Yet, there are quite a few companies around the globe living in this realm.
Certainly, fraud detection technology is a much-needed and valuable part of the anti-fraud equation but the word “part” is integral to this conversation. Fraud detection technology should never be the total, the whole, or the entire part of your company’s anti-fraud program.
For if it is, that’s an operational flaw and you’re likely to get financially clobbered as a result which, of course, is what happened here.
So, since Advertising Age brought up the blame game in this pay-per-click fraud, let’s talk about some of the other contributing factors involved with frauds in general. Likely many, if not all, of these apply in this situation.
People are Integral to the Fraud Detection Equation
Despite the title of the Advertising Age piece, fraud detection programs are holistic in nature and must incorporate the 3 P’s into their anti-fraud program. The 3 P’s are people, processes and policies. Nowhere in this article was there even a mention of the role that the 3P‘s play in the company’s anti-fraud programs or the role they likely played in the click fraud that occurred.
Again, is the fraud detection technology involved in the discussion? Absolutely, but very seldom does any fraud issue lie 100% with the fraud detection technology.
So, if technology isn’t 100% of an organization’s anti-fraud efforts, then why does the Advertising Age piece focus almost exclusively on it? Likely because it sounded sexier to say that “the bad guys fooled the fraud detection technology.” Oooooh.
Super, but those of us in the industry know that’s not completely true and there are a number of other contributing factors at play in pay-per-click frauds like this.
Bad Actors Have Free Time on Their Hands
One reason why we can’t put 100% of our faith in fraud detection technology is that even if it’s the best software in the world, it cannot keep pace with the rapid growth of the work being done behind the scenes by the bad actors. Bad actors, it seems, have nothing better to do with themselves then to find backdoor methods to defeat anti-fraud technology.
Oftentimes, these aren’t rogue individuals (although they’re in the mix) but sophisticated multinational organized crime rings operating offshore.
When we flip this around, do we see these victimized companies actively gathering intel on their adversaries outside of the technology they’ve deployed to improve their people, policies and processes? Certainly, there are some…but these companies are the exception and not the rule.
Criminals Learn From Their Mistakes – Schemes Change Over Time
Schemes like this pay-per-click fraud case referenced in the Advertising Age article are not static. The schemes are fluid and change over time especially if they want to succeed in their nefarious mission to gain ill-gotten booty.
Yet, despite that many company’s people, processes and policies are static. Some fraud policies are so old when you go to review them you have to “blow the dust” off the cover. Given the rapidly changing fraud landscape, a five-year old fraud policy might as well be 100 years old.
To be successful in an anti-fraud operation, the people, processes and policies must change over time as well just as the criminals and schemes are doing.
People Review Output – Not Technology
The red flags section of the Advertising Age article started down the right path. It mentioned that there should have been some red flags associated with some of the content on the pay-per-click sites. Again, while the technology is involved in that process, in that it flags unusual transactions or anomalies, people (analysts or investigators) review them.
Despite the fact that the pay-per-click fraud occurred, there’s no mention of the people at the victimized company’s and what their transactional analysis of the technological output involved.
Organized Crime is More Evolved Than Many Businesses
Organized Crime (O.C.) is exactly what the word implies: organized. They are often more organized than many businesses. With affiliates all around the world, many of whom are specialists in their cyber fraud craft, O.C. rings are truly transnational in organizational structure.
This is a big part of the fraud problem in today’s landscape. Companies are always “behind the 8 ball” trying to institute defense mechanisms that meet the minimum bar and as a result pay-per-click frauds like this occur.
Simultaneously, O.C. rings are always on the prowl looking for ways to implement new technology tools, or new versions of old technology tools against their potential victims. Companies, despite the technology deployed, are struggling to keep up with the daily changes in the crime world and often only have minimum defenses deployed.
Final Word – the Advertising Age Article Has Value
The Advertising Age article about pay-per-click fraud has some value because it points out two vital flaws in many organizations anti-fraud efforts: technology is not a sole source solution and it can be beaten.
While this is not a news flash to those of us in the industry at all it should definitely serve as a wake up call to company’s who’ve thrown all their anti-fraud eggs into one technology basket. The message, it’s time to diversify your efforts.
Bottom line: fraud detection technology is a valuable part of the equation but certainly not the totality of the effort necessary. As such, despite what was written about it in the context of this pay-per-click fraud it cannot be 100% to blame for any fraud.
Those are my insights…what are yours?