Impact

Impact

Botnets v. Humans: Avoiding Fraud in Your Viewability Measurement

Viewability has become an important measurement for digital ad effectiveness—no one wants to pay for ads that don’t load all the way, appear so far down on a web page that they can’t be seen, or are miniscule beyond recognition. But you also don’t want to pay for fake traffic either. This is why it is vital to ask your verification partner, “Are your viewability measurements based on valid human traffic, and not invalid or automated traffic?”

A few years ago, one easy way to detect fraud was to look more closely at placements that had significantly below average viewability rates. Botnets at the time either overlooked this or didn’t know how to do a good job to ensure realistic-looking viewability rates. But things have changed.

What are headless browsers and why do they matter?

Bots are often running on a “headless browser,” which is a UI-based browser test that doesn’t actually show the browser UI. Headless browsers provide an efficient way (typically 2-15 times faster) to automate tedious tasks or perform regression testing of all sorts of web-based applications without requiring the browser UI to start up, so basic functions occur in the background. However, headless browsers have been repurposed by botnet operators to run invisibly in the background of malware-infected devices in their botnet and generate false impressions. As this practice was emerging, botnet operators didn’t concern themselves much with viewability metrics— uncoincidentally, viewability was not yet the bedrock of media buying.

But botnet operators have learned in the past two years that anomalous viewability metrics are a signal for fraud detection platforms. Correcting for lower than average levels, bad actors have since figured out how to simulate viewability really well—a bit too well, in fact. Now fraudsters stack a whole slew of ads above-the-fold so that, ironically, botnet traffic exhibits higher than average viewability rates compared to real publisher traffic.

Viewability cannot be measured independently from fraud, especially with the prevalence of viewability-simulating botnets. Yet, too many participants in the industry still measure viewability in isolation, neglecting to account for the overlap between these two indicators of traffic quality.

Human vs. botnet viewability

Ensure that your ad vendor can accurately measure legitimate viewability, and not just traditional viewability. What’s the difference? Traditional viewability metrics simply provided measurements based on predetermined criteria, even if it was simulated by viewability-spoofing bots. Even in the cases where it was a human viewing the advertisement, traditional viewability measurement failed to account for stacked ads that did reach a human user, but never human eyes.

Legitimate viewability allows you to measure viewable ads that were associated with actual legitimate human traffic, and not with automated, fraudulent, or invalid traffic. The MRC’s viewability standards in fact require that you first eliminate high-risk GIVT traffic – and we advocate eliminating both GIVT and SIVT – before making any viewability measurements. Partner with a vendor that provides a “net viewable” metric to verify the overall effectiveness of ad inventory in reaching the eyes of valid users.

Are you asking all the right questions when it comes to your partner in the fight against fraud? Download Forensiq’s eBook, 14 Things to Ask When Looking for a Verification Partner, and make sure you have your bases covered.  

Back to Resources