How The Ad Industry Can Step Up To Fight CTV Fraud

Ivan Markman, Chief Business Officer, Verizon Media

On TV And Video” is a column exploring opportunities and challenges in advanced TV and video.

Today’s column is written by Iván Markman, Chief Business Officer at Verizon Media.

Ad spending on connected TV (CTV) has accelerated dramatically as people spend more time at home. CTV traffic is lucrative for publishers, but can also attract fraud.

In the first half of 2020, Pixalate uncovered DiCaprio, a CTV exploit designed to fool ad systems by making mobile devices look like Roku streaming apps, and Monarch, where bad actors rewrote ad requests from low-quality CTV apps to make them mimic more desirable inventory. White Ops also exposed ICEBUCKET which used a loophole in CTV ad streaming technology to request ads and claim revenue for an enormous number of fake user devices.

While fraudsters will always follow the money, the industry needs to combat a handful of issues in the rapidly expanding CTV category.

Content distribution complexities

CTV’s fragmented content distribution and ownership model is an obstacle in discerning human traffic from non-human traffic. Many apps distribute content produced by other parties who in turn have agreements with the content owners. There is presently no standard way to identify each of the respective parties in the OpenRTB protocol, so it’s common to see each partner send their own unique and non-standardized app identifiers in bid requests.

According to DoubleVerify, one CTV app can have more than five different IDs. This makes it difficult to identify the request source and can lead to duplication. And when multiple parties send ad requests simultaneously, it can look like fraud. Only 10% of recent bid requests sent properly formatted IDs for the relevant app store in accordance with IAB guidelines for app identification.

Bid volume also spikes because some parties send duplicate requests with different prices or metadata. These effects are magnified by the need to fill CTV ad pods, or blocks of consecutive ads, that tend to be longer than the creatives available. A two-minute ad pod might contain one 60-second ad and two 30-second ads. To optimize revenue, the managing partner will often prefetch extra ads of differing lengths, then choose a subset to actually show.

Server-side ad insertion

Server-side ad insertion (SSAI) produces a semi-seamless ad experience for the user while making it more difficult to block or skip ads with client-side technologies. But because the ads are received and stitched into the video stream on a server instead of the user’s device, all impressions and beacons must be read from the streaming server in accordance with the triggering events on the user’s device. The servers are further responsible for correctly annotating the events with real client information such as the device ID, IP address, etc.

This process requires advertisers to trust that the SSAI servers are accurately populating the information. It also assumes that rogue SSAI servers aren’t sending requests and beacons for nonexistent users.

Traffic quality issues

Discerning between good and bad traffic is also complicated by low quality longtail publishers and implementation issues brought on by CTV’s rapid growth.

Here’s why:

    • Invalid app and device identifiers: There have been a number of instances where apps are sending incoherent app identifiers, most likely due to incorrect instrumentation. Also, some bid requests have poorly constructed synthetic or dummy values in the device identifier field. While there may be legitimate reasons to pass synthetic values in that field, IAB guidelines spell out identifier formatting.
    • Inconsistent user agents: Generic user agents may not uniquely identify the device involved, or user agents may indicate devices inconsistent with the app identifier.
    • Excessive video ad completion rates: Engagement beacons for video ads track the percentage of the ad viewed by the user. However, some apps report more “video complete” beacons than “video start” beacons, which isn’t possible for ads viewed by humans. In some cases, there are issues with the order of beacons sent from certain publishers. In others, it indicates a misconfigured SSAI server or possible fraud.
    • Low quality supply: There are also many CTV apps that appear to be recycling public domain content like “old-timey” movies and television shows now out of copyright. Some were implicated in Pixalate’s “DiCaprio” investigation, and other apps show similar traffic patterns, but most of the time there is no smoking gun. Consequently, these apps are typically considered low-quality inventory instead of outright fraud, though an investigation could reveal otherwise.

Recommendations and Improvements

In the near term, the ad industry needs rigorous prebid analysis and filtering of invalid or potentially fraudulent bid requests through in-house mitigation technology and third-party partners.

But the most important preventive step is to adequately vet all supply partners. Publishers must ensure that their SSAI configurations are trustworthy and that they implement the relevant MRC and IAB guidelines. It’s essential to ask critical questions and validate claims when onboarding new supply. One should also revisit claims periodically to minimize available routes for fraudulent activity. But the industry needs more fundamental and long-term changes to effectively combat CTV fraud.

Fortunately, technologies that encourage transparency and enable reliable client device validation have attracted investment. Among them are the IAB Tech Lab and TAG’s efforts to update guidelines and specifications to accommodate the needs of CTV advertisers and publishers while improving transparency and accountability. These initiatives include, among others:

  • IAB OTT/CTV Store Assigned App Identification Guidelines
  • TAG Anti Fraud Guidelines to SSAI parameter validation
  • App-ads.txt for CTV
  • Standardization of content metadata taxonomies and OpenRTB guidelines

Media-buying platforms can also contribute to the body of research on CTV ad fraud by reporting anomalous traffic signals or issues with implementation of industry guidelines to TAG’s Threat Exchange, a designated Information Sharing & Analysis Organization (ISAO) for the digital advertising industry.

These measures are improving traffic monitoring and fraud detection and will let us adapt more quickly to emerging challenges. That way we’ll continue to lead the industry toward standardization and transparency as it matures.

Follow Iván Markman (@markmani), Verizon Media (@verizonmedia) and AdExchanger (@adexchanger) on Twitter.