Beware Of These 4 Ad-Tech Issues In 2018

As an ad-tech entrepreneur, I have been observing how lately, tricksters in the digital advertising industry are notoriously causing billion-dollar revenue losses, encouraging parallel counterfeit industries and duping end-consumers. I thought I’d put these draconian problems in context, along with some immediate actionable solutions to insulate one’s own company, clients and customers.

 

Fraud Is The Real F-Word

 

We’ve all been sceptical about those “ad impressions” and “clicks” mentioned in performance reports. Do they actually come from a human being? After displaying the exact message, you designed? On the actual publishing platform, you paid for?

There are countless number of cunning websites and apps that monetise purely through advertising revenue. Their line of business? Domain Spoofing. Many ad exchanges misrepresent web traffic as coming from a top portal, by falsely tagging the link parameters with the publisher’s name attached to them. As ad buyers, you get the wrong idea that you’ve bought visibility on the most relevant platforms, while in reality, sneaky bots are doing all the dirty work!

In the case of mobile, fake devices and counterfeit apps, mask legitimate entities to hike up ‘views’ through junk media. So actual publishers lose out on potential ad dollars and your CPMs still go through the roof!

The Solution (well, almost): In order to prevent such malpractice, the Interactive Advertising Bureau (IAB) Tech Lab in June of 2017 devised a solution enabling brands to verify that a 3rd party offering ad space anywhere on the internet, is actually authorised by the publisher to do so. It is called “Authorised Digital Sellers” or “ADS.TXT”. This is a text file containing a list of authorised sellers, hosted in the root folder of every publisher’s site domain. It isn’t a bullet proof remedy, but this centralised document makes it easier for publishers and brands to compare their own data against that of agency partners and vendors.

But ads.txt isn’t complete without ads.cert. Almost functioning like a digital signature, ads.cert ensures authentic inventory and prevents modifications or human errors in ads.txt. It uses cryptographically signed bid requests to validate data flowing between buyers and sellers in the digital media supply chain.

So, what’s the catch? One can implement ads.cert only with expensive engineering and updated tech infrastructure, namely OpenRTB 3.0. Released by the IAB, it is specifically designed to handle complex programmatic buying and selling. Its adoption will prove expensive for demand-side platforms (DSPs), supply-side platforms (SSPs) and ad exchanges.

If the industry doesn’t widely adopt ads.txt and ads.cert across media campaigns, domain spoofing could easily fur-ball into a bigger monster in 2018. So, do your part and insist on partnering with publishers and agencies that follow at least ads.txt, until further developments.

 

World Wide Web Of Lies

 

Fake News has the power to influence politics, people and business. Mainly because it’s smart, hard to spot and integrated into our newest and most important news source – social media.

Hence, monitoring your media placement will become a tricky affair. There is a very thin line between Fake News and Fake Brands. If your ad accidentally plays next to an inaccurate smear campaign or on a news source that commits major blunders in basic journalism, your brand will immediately become guilty by association.

I feel PR and crisis management will become truly crucial in 2018 in this regard: On one hand, the smaller a brand you are, the more vulnerable you would be to fall prey to lies and deceit on the internet; and on the other hand, the bigger a name you are, the more you stand to lose by way of goodwill.

So, vet your display sites, quality control your filtering process and try not to listen to people when they say, “Fake it till you make it.”.

 

Hands Up! It’s GDPR.

 

The Global Data Protection Regulation (GDPR) is a new regulation, created by the European Union (EU), intended to strengthen and unify data protection for all individuals within the EU. This means that the ad-tech industry will have to comply with stricter cybersecurity and privacy rules going forward. Aimed at curtailing abusive surveillance, the GDPR will come into effect from May 2018 as a new legal framework.

This is going to globally impact the way organisations collect, share and use customer information. Vague disclaimers about cookies won’t be enough. Users will be required to give clear cut permissions via ‘affirmative actions’ and explicit consent regarding ’sensitive’ information, like race or age. This evidence, then, will have to be logged and stored for the record by publishers and networks.

If you engage in digital advertising or content distribution of any kind, Big Brother is watching you! Regardless of whether your company operates on EU soil or not, if you take personally identifiable information (PII) of a EU user, GDPR applies. Fines can run up to 20 Million Euros or 4% of global annual revenue, whichever is higher.

Complying with GDPR warrants advanced security solutions technology, data protection compliance, user permissions and of course, additional budgets. So, make sure you prepare for these steps, with your senior management and partners, well before May 2018. Failing which, heavy penalty fees, legal implications and hindrance to business-as-usual will surely be part of this year’s horoscope as consequences.

Our communications team at BPRISE will run a series of GDPR related articles this month detailing the risks of GDPR and how brands should step up efforts to become compliant with the new regulations.

 

Who Cares About Your Data?

 

After striking off all of the above to-do items (as you should), what a shame it would be to fall prey to data breach and theft yourself! Laptops getting stolen is not the only way one can lose confidential and professional records. I am very particular about security against hackers, malware and phishing sites on the prowl for prey on the net. At BPRISE, I have implemented some iron clad practices that afford me a sound sleep every night. Here they are, if you want to wisely follow suit…

End user security awareness: Train your team and employees. Nobody will notice odd behaviour by malicious creepy crawlers online, if they haven’t even been told what the problem looks like.

Secure all systems:  Empower IT to build highly secure computers in your office, with Antivirus, Drive Encryptions, password complexity policies and local and remote data backup services. Also ensure that you buy only genuine software.

Patch ‘em up: There’s only so much a regular password sign-in feature and Microsoft update can accomplish. What about comprehensive patching on apps that aren’t a Bill Gates product, like Adobe? And what about other operating systems like Linux and MAC? Get to work right away, chop-chop!

Deploy intrusion detection prevention systems: All mission-critical systems, ones that are accessible via the Internet (web servers, e-mail clients, servers that hold customer or employee data, active directory servers) and just about the entire office should be covered.

Stop drive-by downloads: All it takes to catch a virus is an innocent intern browsing a seemingly harmless site. Use powerful firewalls to block phishing sites and websites that hack into computers through malicious spyware and pesky pop-ups.

Run more vulnerability assessments than fire drills: On a weekly basis. Against every system in your network, internal and external.

Monitor Inside-Out:  A system monitoring program where HR or a compliance officer can replay the behaviour of an insider will come in handy. Also, employing data loss prevention (DLP) technology will allow you to block content that you don’t want to leave the company.

Keep the pipes secure: Communication to and fro between the servers you deploy globally, and your development environment should take place in an encrypted channel. You don’t want your customers’ details leaking out to hackers because you shipped them via the post office.

Once you cover all these bases, dare I say, 2018 could potentially be your oyster. That is, until another occupational hazard veers its head in the ad-tech market.

Have a happy and secure new year!

Ads.txt & Ads.cert

When working (or like, surfing the web), I’m often shown ads of goodies I’d be interested in swiping my card for. There is little surprise as to how this show-of-the-most-cool-ads happens, as I work in an adtech startup! Nonetheless, when it comes to shopping online, I’m giving no “site” any benefit of the doubt. What I’m trying to say is that I am not willing (or even cuckoo enough) to enter my card details at a random site just because it displays the “computer mouse” I’m in need of. Say for example, I’m on one of the big retailer sites looking for a black Puma* backpack and I see the same bag displayed in an ad (at a discounted rate of course!) by “BuyGoodStuffForCheapHere.com”.

How am I to even know if a third-party, selling goods of a retailer, online, is an approved seller? From my example above, is “Buy Good Stuff For Cheap Here” authorized to actually sell Puma goods? Will I get an original product? Has Puma approved this seller? How would I know? These are a few questions that run around in my head every time attractive ads by various third-party sellers grab my attention.
*The product and company names are trademarks of its respective owners. Use of them does not imply any affiliation with or endorsement by them.

I can also say that the same logic applies to brands buying ads programmatically. But, luckily for them, in late June, the IAB Tech Lab set up a method permitting brands to confirm that a third-party offering space on a publisher’s site is really approved to do so. This is called “Authorized Digital Sellers or ads.txt”. And as the name clearly suggests ads.txt is a simple text file uploaded to a publisher’s site listing the official sellers or resellers of the publisher’s inventory along with the publisher’s ID for buyers to match. Though it might be difficult for a publisher to list the unique IDs its sellers and resellers use to identify its inventory, it has been identified as an efficient means to fight fraud in the marketplace.

Given that ads.txt takes care of the authorization process, entities that are granted permission can access the designated areas. However, if an entity is not properly authenticated it can easily access areas it shouldn’t. Now, say for example, I order a super-duper expensive designer bag from a well-known ecommerce site. There are fraudsters along the way ready to swap my bag for a cheap one without the knowledge of my courier company. And since my transaction is happening online, I will need a way to make sure that that the bag is indeed the one that was sent by the store, i.e. I need to authenticate the source of my bag. What if the store were to send me a unique digital tag number imprinted on the bag and send the same to me via email? That way when I receive the bag I can verify that it came from the right source. Similarly, in the programmatic buying business, advertisers/buyers can now know of the authenticity of an inventory’s source with the help of ads.cert – an authentication initiative by IAB Tech Lab.

Ads.cert is a follow up to ads.txt by IAB Tech Lab and it uses cryptographic security measures to authenticate inventory.

Ads.txt can help authorize inventory sources and ads.cert can help authenticate the same by creating a “signature process”. Publishers can now incorporate cryptographically signed bid requests on showing the path of inventory thereby authenticating the inventory. This process will be able to certify units of inventory coming from verified publishers. This digital signature prevents fraudsters from tampering with the inventory simultaneously letting buyers verify a specific site’s inventory. Ads.cert can block any manipulations done to variables like device, domain, IP address, location to make it look like valuable impressions. Now everyone in the supply is required to provide and signature; this promotes good behavior and is a means of tracking bad behaviour.

I have simplified this further and prepared an infographic that lists why ads.txt and ads.cert is actually important to you if you’re part of the programmatic’s supply chain…

If you’re a publisher or an advertiser give us a ring to take your ad inventory game to the next level, well whaddya waiting for?