Bad actors exploited ads.txt in scheme targeting high-profile publishers
UPDATE: Feb. 8, 2019: Dennis Buchheim, SVP and GM of the IAB Tech Lab, provided the following comment to Marketing Dive in response to the ads.txt story: "Ads.txt is a valuable solution in helping to fight fraud — but only if it is used correctly. From what we can tell from the DoubleVerify report, the issue with this scam wasn't ads.txt — but improper implementation of the spec. Publishers need to be cautious about only adding trusted monetization platforms to ads.txt. They should routinely audit their programmatic exposure with friendly buyers to ensure that their exposed volume matches their actual avails. In addition, platforms need to qualify ads.txt validation using the seller IDs listed by the publisher. Stakeholders need to follow these basic steps if they want to use ads.txt correctly and effectively."
- Bad actors in the online ad ecosystem found ways to exploit the industry fraud prevention solution ads.txt, according to The Wall Street Journal. DoubleVerify, which first sussed out the scheme late last year through its Fraud Lab, said the operation targeted "high-profile" news publishers and entertainment websites, though the company didn't disclose specific names.
- DoubleVerify estimated that, if the scheme had not been tamped down on, it could've cost advertisers up to $70 million to $80 million per year in lost spending, per the Journal. The ad measurement and analytics firm said it immediately told clients and partners, including ad tech company SpotX, about the operation to set up new safeguards. SpotX confirmed to the Journal that DoubleVerify was quick to make contact and work to prevent the fraud in October.
- The IAB Tech Lab introduced ads.txt two years ago and the solution has steadily grown in adoption. It's now used by roughly 41% of the top 1,000 websites listed in Alexa rankings, according to data cited in a DoubleVerify report detailing the fraud scheme. The schemers' workaround flew under the radar of the software because they opened accounts under the names of vendors that were marked as approved resellers under ads.txt files.
Ads.txt is still in its relatively early days, but DoubleVerify uncovering bad actors who exploited weaknesses in the system shows how quickly fraudsters can adapt and find workarounds, even for prevention tools that are complex and fairly widely adopted in the industry. The news also underpins the potential risks in hedging bets on a catch-all solution for fraud prevention, and how all players in the online ad space must be actively vigilant despite some of the progress made in cleaning up the digital media ecosystem.
"While ads.txt is a significant step toward resolving unauthorized reselling and associated fraud, it's not a complete failsafe," Roy Rosenfeld, head of DoubleVerify's Fraud Lab, said in a statement. "This scheme was specifically designed to take advantage of the industry-wide ads.txt initiative and commit fraud that would not trigger ads.txt violations with programmatic buyers."
After its initial rollout, ads.txt appeared to help to drive up online ad prices, a sign that fraud activity was going down. The solution has been warmly received by marketers, with the Verizon media unit formerly known as Oath previously finding that nearly two of every three surveyed advertisers believed ads.txt was a step in the right direction in reducing fraud.
The impact of fraud overall still has appeared to go down in recent years. Studies from the ANA and White Ops found that ad spend lost to fraud was $6.5 billion in 2017 versus $7.2 billion in 2016, the Journal noted.
That's still a high figure, however, and fraudsters are in many ways getting more advanced in their methods as they target different ad channels like video and mobile apps. Around three-fourths of mobile clicks and 10% of app installs were fraudulent in Q4, according to new data marketing intelligence firm Kochava shared with Marketing Dive.
As the scope and scale of online ad fraud operations becomes more apparent, U.S. law enforcement agencies have begun doling out more severe punishments. The Department of Justice in November charged eight people with running two expansive alleged ad fraud schemes that resulted in tens of millions of lost advertising dollars, per the Journal.
- The Wall Street Journal Scammers Target Ad Industry's Initiative to Thwart Fraud
- Marketing Dive AppNexus begins enforcing ads.txt by disabling buying from unauthorized sellers
- Marketing Dive Can marketers unify to turn the tide against ad fraud in 2018?
Follow Peter Adams on Twitter