Connect with us


Is there any incentive to crack down on programmatic ad fraud?



Is there any incentive to crack down on programmatic ad fraud?

For nine months last year Gannett, publisher of USA TODAY and other news outlets, ran billions of ads in places that weren’t what the buyers wanted. Gannett and the buyers only found out about this after a March report in the Wall Street Journal. Earlier this week The Journal revealed that more than a dozen ad-tech companies failed to detect this, despite having all the information needed to do so.

We talked to cybersecurity and anti-ad fraud consultant Augustine Fou about this. He says the first instance was the result of a mistake. The second was intentional.

What happened at Gannett and why do you think it wasn’t intentional?

What happened was that the USA TODAY domain names were declared local. The reason I say it was a mistake and not deliberate is that the domains were misdeclared in both directions. If this were malicious, where the publisher is trying to make more money, they would always declare the local news sites to be the national one, not the other way around. 

The bigger issue is that none of the fraud detection companies called it. None of the exchanges caught it and stopped it, and no advertiser agencies knew it happened right until the Wall Street Journal article hit.

Why is that more important?

A real publisher like New York Times, Wall Street Journal, USA TODAY, they have humans that go visit the site. OK? If you have a fake site, like, no human would have ever heard about it and there’s no humans visiting that site. So how does that site have a ton of traffic and therefore can sell a bunch of ad impressions? Basically the fake site would use fake traffic, It uses a bot that basically is a browser that causes the page to load. When that happens then all the ads get called. So that’s what the advertisers are paying for. But the ads are not being seen by humans. That’s why we call it fraud. 


But that’s not what happened here.

Right, this happens on fake sites, not necessarily on USA TODAY or quality journals. But the point is these fraud detection companies, it’s their job to detect the bots and detect other problems, like a fake site claiming to be a real one.. You know if the bad guys have fakes like, they’re not going to put their own domain in the bid request. They’re going to say they’re USA TODAY or whoever. They’re going to say this is my domain and the advertiser will submit their bids.

But the point is they didn’t catch any of the Gannett stuff. This is a legitimate publisher that made a mistake. So if they can’t catch that, how in the heck are they going to catch the cases where the bad guy deliberately misdeclared the domain?.

Why don’t they catch that? 

Because they’re not even looking at the right places. I’m going to tell you my hypothesis based on my experience. So they would need to run their JavaScript and detect the page USA TODAY and then cross reference it to the domain that was passed in the bid request. They clearly are not doing that right. It’s so trivial. It’s so easy. They have code on the page that should be doing that. Their whole point is that they would find these mistakes or deliberate fraud and all that kind of stuff, but they’re failing at even the most basic stuff. so you know the March article from Wall Street Journal. Was that OK? They missed it. Today’s article says they had code on the page. They shouldn’t have missed it.

And they didn’t detect it because they weren’t looking for the right thing.


Why aren’t they looking for the right thing? 


I build fraud detection technology. I have a developer to actually code, I don’t code it myself, but I’ve been tuning the algorithm for the past ten years myself. So I can tell you that what happened, it’s no fault of their engineers,. They live in the code. They would not have accounted for these scenarios [like page fraud]. Maybe their code is tuned for looking for bot traffic and not this is stuff that occurs on the page itself. [A situation] where they should have run the code to detect the page, where it came from and then compared it to the domain that was passed in the bid request. So they may simply not have known to do that because they’re coders, they’re not ad tech people. They don’t understand how ad tech works and they don’t understand what constitutes fraud or not. So it’s hard for them to proactively catch any of this stuff. 

Most of their work is reactive, like, oh, there’s been this huge botnet, huge amount of fraud that’s so obvious. For example, I’ll tell you something that came up yesterday. Twenty-eight million clicks were delivered on the same day to a particular publisher. OK, how is that possible. It didn’t even pass a gut check. Once they see that kind of stuff, then they go back and figure out what their detection missed, and then they try to catch up. It’s really like the arms race. Bad guys are always ahead and on occasion they mess up and we see something that we missed and then we try to update our algorithms. So, that’s why they’re missing a lot of this stuff. They simply didn’t even know to look for it.

Get the daily newsletter digital marketers rely on.

So it’s like with computer security software. They can only look for what they know. They’ll miss anything new.

Exactly. So you know once one company sees a malware signature then they share it with everyone else. Everyone else can look for the malware signature,. 

Does malware play a part in this?

Yes. How does malware make money? Historically, they’ve just harvested people’s passwords and other private information. Because it sits on your mobile phone it can listen to everything and most humans don’t turn it off, and when people are at home they have constant Wi-Fi access. 

Now, the malware is loading ad impressions in the background. They’re making money through digital advertising because the advertisers don’t know that they’re paying for ad impressions that end up being loaded by malware. The advertisers want to buy 10 billion ad impressions,. There’s not enough humans to generate that much traffic. So then all of these fake sites will come in and will manufacture the quantities out of thin air and sell it to you. 


Is this a fundamental problem with ad verification or is this something that can be dealt with? 

From the fraud perspective it hasn’t been solved because people don’t want to solve it. Let me be a little more specific. The advertisers who are paying the money, they want to buy hundreds of billions of ad impressions. You can’t buy that much quantity without the fraud. Most humans visit a small quantity of sites repeatedly. That’s where you get the large quantities of human audiences.  When you get into the long tail, there’s just not enough humans to generate that many ad impressions. The only way to do that is by using bot activity to repeatedly load the web pages and cause ads to load. 

How does this work?

As a result, basically every middleman, every ad exchange, every publisher has incentives to use more fraud. So that’s why I said ad fraud has not been solved because nobody wants to solve it. Even the advertisers, even the middle men. Everyone wants it to continue because they’re making money. The main people that are harmed are the publishers. So the big publishers, newspapers, they now can’t compete against fake sites.

Maybe I’m naive, but I would think that as an advertiser, I’d want to get the actual views I’m paying for.

They don’t know. They think they’re getting it because they’re getting Excel spreadsheets that tell them how many ads they bought and how many clicks they got. They never asked the follow up question. “Are those real ads seen by real people? And are those clicks real?” 

I’ve been writing about it for 10 years. Among the ad purchasers, they know it exists, but basically they’ll say, “Oh well, I think it happens to somebody else because [our ad verification firm] tell us that the fraud is less than 1%.”

In fact, I’ll show you in my article from yesterday: “One way to tell obviously fake bid requests is to see if there’s a deviceID present — Identifier for Advertising (IDFA) or the Google Advertising ID (AAID). So what do bad guys do? They pass a deviceID in the bid request. If the fraud detection doesn’t check if the deviceID is a real one, all they have to do is generate a random deviceID that has the same format as real ones. The fraud detection only checked for the presence of the deviceID, not whether it was real or not. So defeating that kind of fraud detection is laughably simple.”


Is there any point to asking you what can be done or what should be done? 

We can’t incrementally solve this. We have to have the entire house of cards crash so that we can actually get back to real digital advertising and all that means is advertisers like CPG companies, financial services or whomever buying from real publishers like New York Times, Wall Street Journal, Hearst, Condé. That’s where the humans are.

So we’ve had ten years worth of fake sites and all the ad exchanges in the middle, basically spewing false metrics to say you got this many ad impressions. You got such a high clickthrough rate, so everyone thought it was working really, really well when it was 100% fabricated. Still, the way to solve this is we have to make this whole thing crash and come down so that we can go back to advertisers buying ads from publishers.

Read this: Gannett ad fraud mishap highlights concerns about programmatic advertising

About The Author

Constantine von Hoffman is managing editor of MarTech. A veteran journalist, Con has covered business, finance, marketing and tech for, Brandweek, CMO, and Inc. He has been city editor of the Boston Herald, news producer at NPR, and has written for Harvard Business Review, Boston Magazine, Sierra, and many other publications. He has also been a professional stand-up comedian, given talks at anime and gaming conventions on everything from My Neighbor Totoro to the history of dice and boardgames, and is author of the magical realist novel John Henry the Revelator. He lives in Boston with his wife, Jennifer, and either too many or too few dogs.

Source link


8 major email marketing mistakes and how to avoid them



8 major email marketing mistakes and how to avoid them

As email marketers, we know we need to personalize the messages we send to subscribers and customers. I can’t think of a single statistic, case study or survey claiming an email program of one-to-everyone campaigns outperforms personalization.

Instead, you’ll find statistics like these:

  • 72% of customers will engage only with personalized messages (Wunderkind Audiences, formerly SmarterHQ)
  • 70% of consumers say that how well a company understands their individual needs affects their loyalty (Salesforce)
  • 71% of customers are frustrated by impersonal shopping experiences (Segment)

But what marketers often don’t understand, especially if they’re new to personalization, is that personalization is not an end in itself. Your objective is not to personalize your email campaigns and lifecycle messages. 

Rather, your objective is to enhance your customer’s experience with your brand. Personalization is one method that can do that, but it’s more than just another tactic. 

It is both an art and a science. The science is having the data and automations to create personalized, one-to-one messages at scale. The art is knowing when and how to use it.

We run into trouble when we think of personalization as the goal instead of the means to achieve a goal. In my work consulting with marketers for both business and consumer brands, I find this misunderstanding leads to eight major marketing mistakes – any of which can prevent you from realizing the immense benefits of personalization.

Mistake #1. Operating without an overall personalization strategy

I see this all too often: marketers find themselves overwhelmed by all the choices they face: 

  • Which personalization technologies to use
  • What to do with all the data they have
  • How to use their data and technology effectively
  • Whether their personalization efforts are paying off

This stems from jumping headfirst into personalization without thinking about how to use it to meet customers’ needs or help them solve problems. 

To avoid being overwhelmed with the mechanics of personalization, follow this three-step process:

  • Start small. If you aren’t using personalization now, don’t try to set up a full-fledged program right away. Instead, look for quick wins – small areas where you can use basic personalized data to begin creating one-to-one messages. That will get you into the swing of things quickly, without significant investment in time and money. Adding personal data to the body of an email is about as basic as you’ll get, but it can be a start.
  • Test each tactic. See whether that new tactic helps or hurts your work toward your goal. Does adding personal data to each message correlate with higher clicks to your landing page, more conversion or whatever success metric you have chosen?
  • Optimize and move on. Use your testing results to improve each tactic. Then, take what you learned to select and add another personalization tactic, such as adding a module of dynamic content to a broadcast (one to everyone) campaign. 

Mistake #2. Not using both overt and covert personalization

Up to now, you might have thought of in specific terms: personalized subject lines, data reflecting specific actions in the email copy, triggered messages that launch when a customer’s behavior matches your automation settings and other “overt” (or visible) personalization tactics.

“Covert” personalization also employs customer preference or behavior data but doesn’t draw attention to it. Instead of sending an abandoned-browse message that says “We noticed you were viewing this item on our website,” you could add a content module in your next campaign that features those browsed items as recommended purchases, without calling attention to their behavior. It’s a great tactic to use to avoid being seen as creepy.

Think back to my opening statement that personalization is both an art and a science. Here, the art of personalization is knowing when to use overt personalization – purchase and shipping confirmations come to mind – and when you want to take a more covert route. 

Mistake #3. Not maximizing lifecycle automations

Lifecycle automations such as onboarding/first-purchase programs, win-back and reactivation campaigns and other programs tied to the customer lifecycle are innately personalized. 

The copy will be highly personal and the timing spot-on because they are based on customer actions (opting in, purchases, downloads) or inactions (not opening emails, not buying for the first time or showing signs of lapsing after purchasing). 

Better yet, these emails launch automatically – you don’t have to create, schedule or send any of these emails because your marketing automation platform does that for you after you set it up. 

You squander these opportunities if you don’t do everything you can to understand your customer lifecycle and then create automated messaging that reaches out to your customers at these crucial points. This can cost you the customers you worked so hard to acquire, along with their revenue potential.

Mistake #4. Not testing effectively or for long-term gain

Testing helps you discover whether your personalization efforts are bearing fruit. But all too often, marketers test only individual elements of a specific campaign – subject lines, calls to action, images versus no images, personalization versus no personalization  – without looking at whether personalization enhances the customer experience in the long term.

How you measure success is a key part of this equation. The metrics you choose must line up with your objectives. That’s one reason I’ve warned marketers for years against relying on the open rate to measure campaign success. A 50% open rate might be fantastic, but if you didn’t make your goal for sales, revenue, downloads or other conversions, you can’t consider your campaign a success.


As the objective of personalizing is to enhance the customer journey, it makes sense then that customer lifetime value is a valid metric to measure success on.  To measure how effective your personalization use is, use customer lifetime value over a long time period – months, even years – and compare the results with those from a control group, which receives no personalization. Don’t ignore campaign-level results, but log them and view them over time.

(For more detailed information on testing mistakes and how to avoid them, see my MarTech column 7 Common Problems that Derail A/B/N Email Testing Success.)

Mistake #5. Over-segmenting your customer base

Segmentation is a valuable form of personalization, but it’s easy to go too far with it. If you send only highly segmented campaigns, you could be exclude – and end up losing because of failure to contact – many customers who don’t fit your segmentation criteria. That costs you customers, their potential revenue and the data they would have generated to help you better understand your customer base.

You can avoid this problem with a data-guided segmentation plan that you review and test frequently, a set of automated triggers to enhance the customer’s lifecycle and a well-thought-out program of default or catch-all campaigns for subscribers who don’t meet your other criteria. 

Mistake #6. Not including dynamic content in general email campaigns

We usually think of personalized email as messages in which all the content lines up with customer behavior or preference data, whether overt, as in an abandoned-cart message, or covert, where the content is subtly relevant.

That’s one highly sophisticated approach. It incorporates real-time messaging driven by artificial intelligence and complex integrations with your ecommerce or CRM platforms. But a simple dynamic content module can help you achieve a similar result. I call that “serendipity.”  

When you weave this dynamic content into your general message, it can be a pleasant surprise for your customers and make your relevant content stand out even more. 

Let’s say your company is a cruise line. Customer A opens your emails from time to time but hasn’t booked a cruise yet or browsed different tours on your website. Your next email campaign to this customer – and to everyone else on whom you have little or no data – promotes discounted trips to Hawaii, Fiji and the Mediterranean.


Customer B hasn’t booked a cruise either, but your data tells you she has browsed your Iceland-Denmark-Greenland cruise recently. With a dynamic content module, her email could show her your Hawaii and Mediterranean cruise offers – and a great price on a trip to Iceland, Denmark and Greenland. Fancy that! 

An email like this conveys the impression that your brand offers exactly what your customers are looking for (covert personalization) without the overt approach of an abandoned-browse email.

Mistake #7. Not using a personal tone in your copy

You can personalize your email copy without a single data point, simply by writing as if you were speaking to your customer face to face. Use a warm, human tone of voice, which ideally should reflect your brand voice. Write copy that sounds like a one-to-one conversation instead of a sales pitch. 

This is where my concept of “helpful marketing” comes into play. How does your brand help your customers achieve their own goals, solve their problems or make them understand you know them as people, not just data points?  

Mistake #8. Not personalizing the entire journey

Once again, this is a scenario in which you take a short-sighted view of personalization – “How do I add personalization to this email campaign?” – instead of looking at the long-term gain: “How can I use personalization to enhance my customer’s experience?”

Personalization doesn’t stop when your customer clicks on your email. It should continue on to your landing page and even be reflected in the website content your customer views. Remember, it’s all about enhancing your customer’s experience.

What happens when your customers click on a personalized offer? Does your landing page greet your customers by name? Show the items they clicked? Present copy that reflects their interests, their loyalty program standing or any other data that’s unique to them?  

Personalization is worth the effort

Yes, personalization takes both art and science into account. You need to handle it carefully so your messages come off as helpful and relevant without veering into creepy territory through data overreaches. But this strategic effort pays off when you can use the power of personalized email to reach out, connect with and retain customers – achieving your goal of enhancing the customer experience.


Opinions expressed in this article are those of the guest author and not necessarily MarTech. Staff authors are listed here.

About The Author

Kath Pay is CEO at Holistic Email Marketing and the author of the award-winning Amazon #1 best-seller “Holistic Email Marketing: A practical philosophy to revolutionise your business and delight your customers.”


Source link

Continue Reading

Subscribe To our Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address