As an ad-tech entrepreneur, I have been observing how lately, tricksters in the digital advertising industry are notoriously causing billion-dollar revenue losses, encouraging parallel counterfeit industries and duping end-consumers. I thought I’d put these draconian problems in context, along with some immediate actionable solutions to insulate one’s own company, clients and customers.
Fraud Is The Real F-Word
We’ve all been sceptical about those “ad impressions” and “clicks” mentioned in performance reports. Do they actually come from a human being? After displaying the exact message, you designed? On the actual publishing platform, you paid for?
There are countless number of cunning websites and apps that monetise purely through advertising revenue. Their line of business? Domain Spoofing. Many ad exchanges misrepresent web traffic as coming from a top portal, by falsely tagging the link parameters with the publisher’s name attached to them. As ad buyers, you get the wrong idea that you’ve bought visibility on the most relevant platforms, while in reality, sneaky bots are doing all the dirty work!
In the case of mobile, fake devices and counterfeit apps, mask legitimate entities to hike up ‘views’ through junk media. So actual publishers lose out on potential ad dollars and your CPMs still go through the roof!
The Solution (well, almost): In order to prevent such malpractice, the Interactive Advertising Bureau (IAB) Tech Lab in June of 2017 devised a solution enabling brands to verify that a 3rd party offering ad space anywhere on the internet, is actually authorised by the publisher to do so. It is called “Authorised Digital Sellers” or “ADS.TXT”. This is a text file containing a list of authorised sellers, hosted in the root folder of every publisher’s site domain. It isn’t a bullet proof remedy, but this centralised document makes it easier for publishers and brands to compare their own data against that of agency partners and vendors.
But ads.txt isn’t complete without ads.cert. Almost functioning like a digital signature, ads.cert ensures authentic inventory and prevents modifications or human errors in ads.txt. It uses cryptographically signed bid requests to validate data flowing between buyers and sellers in the digital media supply chain.
So, what’s the catch? One can implement ads.cert only with expensive engineering and updated tech infrastructure, namely OpenRTB 3.0. Released by the IAB, it is specifically designed to handle complex programmatic buying and selling. Its adoption will prove expensive for demand-side platforms (DSPs), supply-side platforms (SSPs) and ad exchanges.
If the industry doesn’t widely adopt ads.txt and ads.cert across media campaigns, domain spoofing could easily fur-ball into a bigger monster in 2018. So, do your part and insist on partnering with publishers and agencies that follow at least ads.txt, until further developments.
World Wide Web Of Lies
Fake News has the power to influence politics, people and business. Mainly because it’s smart, hard to spot and integrated into our newest and most important news source – social media.
Hence, monitoring your media placement will become a tricky affair. There is a very thin line between Fake News and Fake Brands. If your ad accidentally plays next to an inaccurate smear campaign or on a news source that commits major blunders in basic journalism, your brand will immediately become guilty by association.
I feel PR and crisis management will become truly crucial in 2018 in this regard: On one hand, the smaller a brand you are, the more vulnerable you would be to fall prey to lies and deceit on the internet; and on the other hand, the bigger a name you are, the more you stand to lose by way of goodwill.
So, vet your display sites, quality control your filtering process and try not to listen to people when they say, “Fake it till you make it.”.
Hands Up! It’s GDPR.
The Global Data Protection Regulation (GDPR) is a new regulation, created by the European Union (EU), intended to strengthen and unify data protection for all individuals within the EU. This means that the ad-tech industry will have to comply with stricter cybersecurity and privacy rules going forward. Aimed at curtailing abusive surveillance, the GDPR will come into effect from May 2018 as a new legal framework.
This is going to globally impact the way organisations collect, share and use customer information. Vague disclaimers about cookies won’t be enough. Users will be required to give clear cut permissions via ‘affirmative actions’ and explicit consent regarding ’sensitive’ information, like race or age. This evidence, then, will have to be logged and stored for the record by publishers and networks.
If you engage in digital advertising or content distribution of any kind, Big Brother is watching you! Regardless of whether your company operates on EU soil or not, if you take personally identifiable information (PII) of a EU user, GDPR applies. Fines can run up to 20 Million Euros or 4% of global annual revenue, whichever is higher.
Complying with GDPR warrants advanced security solutions technology, data protection compliance, user permissions and of course, additional budgets. So, make sure you prepare for these steps, with your senior management and partners, well before May 2018. Failing which, heavy penalty fees, legal implications and hindrance to business-as-usual will surely be part of this year’s horoscope as consequences.
Our communications team at BPRISE will run a series of GDPR related articles this month detailing the risks of GDPR and how brands should step up efforts to become compliant with the new regulations.
Who Cares About Your Data?
After striking off all of the above to-do items (as you should), what a shame it would be to fall prey to data breach and theft yourself! Laptops getting stolen is not the only way one can lose confidential and professional records. I am very particular about security against hackers, malware and phishing sites on the prowl for prey on the net. At BPRISE, I have implemented some iron clad practices that afford me a sound sleep every night. Here they are, if you want to wisely follow suit…
End user security awareness: Train your team and employees. Nobody will notice odd behaviour by malicious creepy crawlers online, if they haven’t even been told what the problem looks like.
Secure all systems: Empower IT to build highly secure computers in your office, with Antivirus, Drive Encryptions, password complexity policies and local and remote data backup services. Also ensure that you buy only genuine software.
Patch ‘em up: There’s only so much a regular password sign-in feature and Microsoft update can accomplish. What about comprehensive patching on apps that aren’t a Bill Gates product, like Adobe? And what about other operating systems like Linux and MAC? Get to work right away, chop-chop!
Deploy intrusion detection prevention systems: All mission-critical systems, ones that are accessible via the Internet (web servers, e-mail clients, servers that hold customer or employee data, active directory servers) and just about the entire office should be covered.
Stop drive-by downloads: All it takes to catch a virus is an innocent intern browsing a seemingly harmless site. Use powerful firewalls to block phishing sites and websites that hack into computers through malicious spyware and pesky pop-ups.
Run more vulnerability assessments than fire drills: On a weekly basis. Against every system in your network, internal and external.
Monitor Inside-Out: A system monitoring program where HR or a compliance officer can replay the behaviour of an insider will come in handy. Also, employing data loss prevention (DLP) technology will allow you to block content that you don’t want to leave the company.
Keep the pipes secure: Communication to and fro between the servers you deploy globally, and your development environment should take place in an encrypted channel. You don’t want your customers’ details leaking out to hackers because you shipped them via the post office.
Once you cover all these bases, dare I say, 2018 could potentially be your oyster. That is, until another occupational hazard veers its head in the ad-tech market.
Have a happy and secure new year!