How would you like it if your competitors replaced all your online ad with theirs? Chances are that you’d be quite annoyed, especially with the company you’d paid to show your ads in the first place.
Surprisingly, this practice is flourishing on the web as some companies are exploiting holes in online advertising infrastructures to put themselves ahead in the game. The process has been dubbed as ‘click fraud’, where companies end up paying for an inaccurate number of click-throughs from an ad or link.
While the legality is still being argued over, few perpetrators have been prosecuted or sued for it.
“Some companies, especially those in B2B marketing, just aren’t aware of click fraud,” says Akin Arikan, head of web analytics at marketing software firm Unica. “In general, there is still a lot to be learned about it and to what extent it is a problem.”
Anyone wanting to commit click fraud would have few problems in doing so; repeatedly clicking on online ads can either boost your revenue or kill a rival’s ad campaign. Although it is also easy to detect if someone is sending clicks from the same computer, you can now buy software and services to hide your tracks. A simple web search for ‘fake click software’ generates a plethora of useful tools for the would-be fraudster.
“Google can track someone coming in from the same [computer] address,” says Dr Dave Chaffey, an independent marketing expert, “but the software can disguise this and make it look like it’s coming from different addresses. In that case it’s difficult to detect if there’s no sequence.”
Man against machine
Other than hiring an army of people to repeatedly click on ad, unscrupulous companies are now hiring armies of computers to do this. So-called ‘botnets’ can be leased from gangs of hackers and used to do the same thing without a finger hitting a mouse.
“In theory, this kind of activity can be initiated by competing enterprises, which can use this tool to knock out their competition for top positioning on search engine sites,” says Raimund Genes, chief technology officer of antivirus company Trend Micro.
“In the case of click fraud, the technology is used to generate significant financial losses. From an advertiser’s point of view, an attack of click fraud may seem like a surge in interest by prospective buyers. In reality, however, this increase in clicks is generated by botnets.”
Two-pronged attack
Click fraud occurs in two ways. The first is where competitors click on each others’ adverts to make it more expensive for them to advertise – the more an ad is clicked, the more an advertiser pays. Because pay-per-click (PPC) ad models like this mean the buyer has to set a maximum budget to avoid hefty bills, rivals try reaching that as quickly as possible to knock fellow advertisers out of the game.
“No one knows how big the problem is,” says Neil Morgan, VP of marketing for web analytics company Omniture. “If you’re a competing company you might click on your competitors’ ads. The moment they run out of money they fall off the top. It’s about using up a competitor’s budget.”
The second type is where someone clicks on third-party adverts on their own website to boost their revenue. For instance, Google, which has a scheme called AdSense, pays website owners to host its ads. Last year it sued Texas-based company Auction Experts for repeatedly clicking on ads hosted on its own website. Although the move appeared to warn others against click fraud, it is just one of a handful of legal cases that made it all the way through court.
Yet while there is mounting pressure to create transparency in fraud detection techniques and results, it remains a foggy area to step into, says Steve Morris CEO of monitoring company Elertz. And this is making it even harder to get into online advertising.
“It’s a black art, which is a constant battle between the PPC [pay-per-click] guys and the scammers,” he says. “The PPC guys are naturally reluctant to publish their detection techniques. It’s why Yahoo and Miva are very fussy about who can become a partner and they never have a phone number on the page.
“Typically you have to fill in an online application form and get informed of success or failure of your application by email. New sites with no traffic have no chance of getting an account.”
Cause for concern
So how much of a problem is click fraud? This is where the online industry is at loggerheads. Google, for example, says that ‘invalid’ (rather than ‘fraudulent’) clicks account for less than 10 per cent of ad clicks it sees, a figure that has remained constant for years, it claims. Yet Google’s chief financial officer George Reyes said in an interview with CNN, “I think something has to be done about this really, really quickly because, potentially, it threatens our business model. Reports from click analysis companies suggest the figure is actually higher. Unica for example, believes that on average, fraudulent clicks account for up to 25 per cent total clicks.”
Yet Internet marketing is still growing fast in the UK. In the first six months of 2006 it grew £917.2 million to 40.3 per cent compared to £630.5 million the year before, according to the Internet Advertising Bureau. And some degree of click fraud is bound to be factored into the business model.
Dr Chaffey adds, “Financial services and gambling are two of the biggest [for clicking]. People talk about the rate being 20 per cent but no one really knows.”
There are alternative models of online advertising but they tend to work only in the context of e-commerce. Snap.com for example, pays only when a customer has completed a transaction that has come through an ad link. Yet while these pay-per-action models are gaining in popularity, they only work for a smaller number of advertisers on a different price plan that could exclude companies that do not trade online.
Taking action
While the big ad operators may be able to afford some degree of loss from click fraud, even though advertisers affected are refunded for their trouble, they do lose money through the time it takes to detect fraud. So will there ever come a day when click fraud is eradicated?
“There are ways to stop it,” adds Morgan of Omniture. “If someone makes a lot of clicks from the same address it’s easy to see that. There’s also software to track where your clicks are coming from.
“However, if you do suspect click fraud, we suggest you stop running your ad, collect the data and then take the information to Google, or whoever you use, and ask for your money back.
“It’s true you don’t have this problem with print but the benefit of using the web is that you know exactly how many clicks you have. Online search is very good at responsive advertising.”
Other initiatives have cropped up to encourage a culture of whistleblowing on click fraudsters. One of them, Clickhaus, works on the same basis as Spamhaus, a non-profit organisation that has built a global database of spammers. The organisation also advises governments on anti-spam laws and works with police to expose criminals.
Clickhaus, which launched last October, intends to work in the same way. However, it may not be smooth sailing for the organisation; staff at Spamhaus have received death threats from organised crime gangs around the world because of the damage the reporting system poses to revenues from spamming.
So perhaps there will be a slowdown in click fraud through such initiatives, but that could take time to kick in. In any case, the question of how often click fraud actually occurs in the first place has yet to be answered.
“It’s not technically difficult to fake ad impressions or clicks from anonymous IP addresses – the fact that it’s quite common proves this,” adds Dr Chaffey. “But I think Google detects the majority of click frauds. They can factor any click fraud that does occur into their return on investment.”