Industry Standards To Fight Fraud Might Be A Double-Edged Sword

“Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.

Today’s column is written by Salah Shami, senior director of product at Bidtellect.

It’s not news that leaders in the digital advertising industry have expressed concern over the prevalent challenges with fraud, brand safety and transparency. In response, industry bodies such as the IAB and the Trustworthy Accountability Group (TAG) have developed specific compliance guidelines and standards for companies throughout the digital supply.

For example, the IAB released the Ads.txt guidelines, and TAG has developed various programs, particularly around malware and fraud. Many in the industry on both the buy and sell sides have announced general compliance and enforcement. It is great to see adoption on the rise, with power players setting the stage around the new norm, thereby increasing the importance of falling in line.

While I greatly applaud and see tremendous value in the introduction of industry standards, simply following these guidelines is not enough to move the industry forward in cleaning up the ecosystem and eliminating fraud. Unfortunately, many companies believe that simply complying with these initiatives is sufficient.

There are still a number of gaps, even in the most recent iteration of the Ads.txt guidelines, released last month. Keep in mind that, at the time of writing, there is barely 13% adoption across the top 1,000 domains, and the app space still left wide open. Announcing compliance now is no different than bragging to the rest of the class that you did the homework everyone is expected to complete.

Ads.txt’s Fundamental Shortcomings

To put Ads.txt into perspective, let’s revisit what it does. Domain X sells inventory to supply-side platform (SSP) Y. Demand-side platform (DSP) Z buys inventory from Y. So, when Z checks X’s Ads.txt file, all looks good and the impression is served.

But non-premium domains can still spoof themselves as premium domains. Publishers, which deal with larger SSPs, may not properly vet the inventory they’re onboarding. SSPs may not even be verifying these domains as they put together the RTB request. With so much changing hands, simply creating a tool that allows buyers to ask sellers if they know an agent isn’t enough. And with Ads.txt files being public, motivated spoofers just need to ensure that their stories line up with what’s been published.

We Must Be Proactive, Not Reactive

With the emergence of fraudulent behaviors that question the integrity of advertising, some brands have begun to lose consumer trust. And as we’ve seen for many years, bad actors and fraudsters will continue to find new ways of gaming the system. Therefore, it is vital that technology companies not turn a blind eye to the deeper challenges the industry faces. Instead of only complying with existing industry initiatives, those that do more will be in the best position to offer safe environments.

For example, participating in these industry initiatives and integrating with leading third-party vendors such as Integral Ad Science should be table stakes and not considered “leading the charge.” Companies that view these efforts as enough will be vulnerable.

More than just developing “proprietary methodologies” – a term heard all too often that actually discourages sharing – we should actively facilitate open dialogue between all players, sharing what we’ve learned. It’s critical that DSPs and SSPs work together to be a part of the solution, not simply hope that someone else is taking care of it. Did the domain of the RTB request match the domain of the impression? Are these flagged impressions coming from the same IP? Where is this central repository so that the industry can share, reference and take action against these learnings?

When you look at it like that, it becomes clear that Ads.txt is no more than simple baseline guidance. Compliance around a larger industry initiative does not mean that we shouldn’t be actively exploring other ways in which we can cut off fraudsters, even if that means we have to work in smaller, more tactical groups to take them down while we wait for meaningful guidance.

Make no mistake, this is not, by any means, intended to undercut the importance of taking the right steps, though once again, there’s still a lot to be done. If we really feel strongly about bringing around change, we must remain proactive. Future iterations of Ads.txt and RTB guidelines should hit fraudsters where it hurts: their pockets.

How do we ensure that Domain X is getting credit for what DSP Z bought? When we figure that out, spoofing a domain will carry no value.

This doesn’t guarantee that the problem will not move elsewhere. However, it is this kind of thinking that can put us on the offensive instead of simply playing defense.

Follow Bidtellect (@Bidtellect) and AdExchanger (@adexchanger) on Twitter.

This post was syndicated from Ad Exchanger.