The State of Click Fraud in 2018

While watching the President’s recent State of the Union address, we got to thinking, why not do something similar in regards to the state of click fraud in 2018. As a leader in monitoring and prevention, perhaps we could offer a summary of where things stand that would be helpful to our many customers around the world. So, here goes…we proudly present PPCSecure’s unofficial “2018 State of Click Fraud” address:

No matter the President, when giving their address, they will typically start out by saying something similar to “The state of the union is STRONG” or “The state of the union is GOOD”.

Well, unfortunately for our friends reading this who engage in online advertising, the state of digital media fraud in 2018 is not so good. We’ve been providing click fraud monitoring for almost 10 years now and honestly, the situation has not changed much overall. As a percentage of total clicks, the amount of clicks which are fraudulent is still between 16 and 27% for most advertisers, virtually unchanged from ten years ago. Invalid clicks are still costing businesses between $10 and $20 billion dollars per year, depending on whose statistics you believe. And the worst industries for click fraud are still the worst (we’re looking at you, locksmiths and plumbers). Competing businesses still click on each other in hopes it will eat up their competitor’s daily budget, and bots still roam the web seeking for targets to exploit.

What has changed is the TYPE of click fraud that is most prevalent. The search engines do a much better job than they used to in detecting and stopping the most obvious forms of click fraud (such as 20 clicks in a row from a single IP address on a device being controlled by a human targeting a single ad over a 2 minute period). These simpler types of fraud have been reduced significantly in the last five or six years.

Many people will see this development and say “bravo”. And certainly, the search engines should be applauded for their efforts. But let’s not kid ourselves on their motivations. Fixing this problem is just good business. Imagine a world where the majority of clicks are fake. We’re relatively certain the major search players have sat around a board room table and discussed that very real concern. And they know that their bread is buttered by advertisers who need to feel SAFE when they hand over their ad budgets. Advertisers who believe their money is being wasted on fake clicks are going to naturally seek greener pastures. So, it is incumbent on the search engines to ensure click fraud is monitored and kept at a reasonable level.

With that said, click fraud detection is still key because although certian loopholes have been closed, other ones are now being exploited. Invalid clicking has become more sophisticated in the past few years, which has provided new challenges for the industry. Excessive clicking used to be mostly “friendly fire” and “competitor driven” which is frankly, easier to identify and stop. But, today, we are seeing more bot-driven fraud, especially in display network advertising. This is because the owners of websites where your ad is displayed earn a profit for each click. And some people will go to great lengths to artificially inflate their click numbers. Bots are a good way of doing this.

Another new and concerning development is competitors using VPNs and proxies to hide themselves and click each other’s ads. This is problematic because it makes it much harder to block a single IP or group of IPs and it also increases the difficulty of locating the offender geographically. PPCsecure was on the forefront of building a solution to deal with this type of click fraud by introducing “device ID tracking” a few years ago. We can many times track a device even if they switch IPs, delete their cookies and cloak themselves.

The third major factor for why click fraud continues to remain steady and may even be growing despite the efforts of advertisers, search engines, and third party firms like PPCSecure, is the increasing amount of users on the internet, especially from emerging countries. In 2002, most internet traffic (and ad clicks) were confined to the U.S., Europe and a few pockets in first-world industrialized nations among a few hundred million relatively wealthy users. But today, there are literally billions more people connected (and clicking ads) compared to ten years ago. And many of them hale from poor or emerging countries where there are no laws set up to deal with online crime and there is little in the way of concern regarding malicious online behavior. This is why we always recommend strictly geo-targeting your advertisements. If you are selling widgets in Kansas City, USA, and suddenly see clicks coming from Nigeria and India, you may need to be concerned.

One final type of fraud that is not new but has changed forms slightly is “friendly fire”. With the advent of so many small touch screen devices over the past decade, it is easier than ever for people to accidentally click your ads. This is why monitoring time on site and conversion rates is so important in 2018. If your ads are being shown within apps, videos, or games, for instance, you may have significant problems with this type of invalid clicking and not even know it. PPCSecure offers a solution to this by allowing you to monitor how much time each user spends on your site. By monitoring this, you can plainly see which clicks fall into this category.

In summary, the state of click fraud in 2018 is that it is more well controlled, but still growing, because even though certain types have been curtailed, others have emerged. The criminals are always one step ahead of the law and the technology, because they have a vested interest in doing so. And with more people connected to the Internet than ever before, the amount of fraud should not be surprising. So, if you are expecting the situation to improve heading into 2019 or 2020, you may be sorely disappointed.

And this is why solutions like PPCSecure still exist and are still so important in the overall fight against digital advertising fraud. Monitoring is still key. Actively blocking IPs that are doing the most damage is still the smart choice. Don’t leave yourself unprotected.