Billing itself as an online version of television’s Nielsen ratings, Click Forensics released figures for the third quarter of 2007 that track click fraud. They aren’t pretty. According to the company, a little over 16 percent of all online ad clicks are fraudulent. That’s a rise of more than three percent from the same period last year.
Sadly, those are the best figures that Click Forensics reported. Taking a close look at the traffic on the major search engine networks, such as Google’s AdSense and the Yahoo Publisher Network, revealed click fraud rates of around 28 percent for the third quarter of 2007. That’s particularly disheartening because the rates for the same time last year were more than two percent lower – and the rates for the first three months of this year were just under 22 percent.
And the bad news just keeps coming. For parked domains and “made for AdSense” sites designed specifically to funnel traffic to advertisers for money, Click Forensics said the click fraud rate was more than 60 percent for the third quarter of 2007. When click fraud rates go this high, many expect smart advertisers to start putting their money elsewhere.
Click Forensics CEO Tom Cuthbert believes we’re seeing that trend already. “”The issue of click fraud on these major networks is becoming a real problem for advertisers, and increasingly, they are choosing to stay away and look into alternatives,” Cuthbert insists. He’s particularly upset at Google and Yahoo for not doing a better job of ferreting out click fraud. His company puts its figures together from statistics provided by 4,000 advertisers and agencies participating in its Click Fraud Network group.
Click Forensics is not a totally disinterested party. It wants to develop itself into an “objective third party” used by advertisers and even the search engines themselves for identifying online ad fraud. So naturally it has a vested interest in hyping the numbers. But is there some truth behind those statistics?
Click fraud is defined by Wikipedia as “a type of internet crime that occurs in pay per click online advertising when a person, automated script, or computer program imitates a legitimate user of a web browser clicking on an ad, for the purpose of generating a charge per click without having actual interest in the target of the ad’s link.” The problem with detecting click fraud should be obvious: how do you tell the intention of the clicker just from the actions traced in a web log?
In some cases you can spot robot software or zombie computers clicking repeatedly on ads. But when the bots are programmed to behave in a “human” manner it gets trickier. In some parts of the world you can even find ads running in newspapers for people to make money by clicking on ads online, which further clouds the issue.
And then there are the reporters. In mid-October the New York Times published an article by Adam Liptak titled “Competing for Clients, and Paying by the Click.” For someone familiar with the pay-per-click industry, there were relatively few surprises. He did list a useful site I hadn’t heard of before: CyberWyre, which features a list of the highest paying (or most expensive) search terms on the web.
He pointed out that “mesothelioma,” a kind of cancer one gets from inhaling asbestos, is going for a premium. Advertisers who use that word in their pay-per-click ads pay $50 and $60 per click, and often more. His article discussed the fact that lawyers are now using pay-per-click to attract clients for relatively easy and lucrative cases. One of the people he interviewed indicated that it was a sign that PPC had become a mature tool because “Lawyers are usually the slowest to adopt any form of new technology.”
All of this is interesting, but why am I mentioning it? It’s the tag line of the article that stopped me short. Every time you click on a sponsored link, you cost someone money – and if you’re a reporter researching an article, you can cost advertisers quite a bit of money. “This had not occurred to me,” Liptak admitted. “In working on this column, I looked at a bunch of lawyers’ web sites, at a cumulative cost to them of, oh, $1,000. Sorry.” This is a legitimate reporter working on a legitimate article that was published in a legitimate newspaper – but he clearly had no personal interest in whatever the lawyers were offering. So, do his clicks amount to click fraud? Perhaps this is a small problem – but with the number of reporters in the world, to say nothing of all the bloggers who take their craft seriously, who can say?
So what does Google have to say about these disturbing figures? For that we need to turn to Shuman Ghosemajumder, the search engine’s senior product manager and, according to Forbes, “resident click-fraud czar.” He insists that third-party auditors such as Click Forensics deliver inflated click fraud numbers, in part because they count “fictitious clicks” in their estimates, clicks that Google does not count. They also don’t take into account Google’s own efforts to detect click fraud; instead, they “estimate the amount of click fraud that’s being attempted, not how much is going undetected and is charged to advertisers. That means they’re counting the clicks that we throw away as invalid, not just the ones advertisers pay for.”
Ghosemajumder also notes that click fraud numbers reported by third-party auditors are all over the place; some estimates are as low as less than one percent, while others are as high as 15 percent. That makes it hard to know who to trust. But why should we trust Google when they say the problem is not as bad as the auditors make it out to be? Ghosemajumder points to one reason: “You need a lot of data to do any sort of statistical analysis, and auditors don’t have nearly as much as we do.”
So what exactly does Google see that the third-party auditors don’t? Ghosemajumder explains that it is “impression data – not just when the ads are clicked, but how often they’re viewed…Since we know exactly how many times an ad appears, we have much more data than the third-party auditors for any given advertiser.”
In his interview with Forbes, Ghosemajumder also argued that, contrary to popular opinion, Google does not have an incentive to ignore click fraud because of the extra revenue it generates. Google itself is a publisher, after all, and gets all the revenue for the ads that appear on Google.com. If there are bad publishers in the system, advertisers will pay less to runs ads in the system, because of the decrease in the return on their investment. Ultimately that means less money for Google. “It also means the clicks on Google.com make less money for us,” Ghosemajumder notes.
But when Ghosemajumder is asked whether the search engine has seen an increase in click fraud in recent months, he becomes evasive, explaining that it’s difficult to measure. He does state that the number of cases in which Google has refunded advertisers for click fraud has remained stable, but that’s hardly an answer to the question unless you assume Google is infallible at spotting click fraud.
But the lack of transparency, and the suspicion it breeds, seems to be one of the biggest issues in combating click fraud. Ghosemajumder said that “the real power of our detection systems lies in the fact that we analyze hundreds of different factors, the majority of which are secret.” As Forbes correctly points out, revealing too much about these metrics might help criminals engage in click fraud more successfully, while revealing too little about them will make advertisers suspicious.
It isn’t just Google who is hiding metrics. Tom Cuthbert also gave Forbes an interview. He explained that independent auditors like Click Forensics have access to several kinds of data that Google doesn’t have. “Most importantly, we see what happens on an advertiser’s site when a click leaves Google’s page and goes to the landing page. We see how deep the clicker goes and whether the click converts into a sale,” Cuthbert said, describing such data as “really critical in exposing click fraud.”
And why doesn’t Google have this data for analysis? Cuthbert explained that advertisers don’t trust Google enough to hand over the data because “Google’s pricing system is a black box…based on many factors that are built into Google’s algorithm, which is constantly changing.” Advertisers are afraid that keyword prices will go up if Google ever finds out the exact value of a click, particularly the conversion rate. It’s a sort of vicious circle: Google won’t share data with advertisers, so advertisers won’t share data with Google.
For its part, Google says it is opening up a little and even offering more traffic quality tools than any of the other major search engines. In June, Google launched IP exclusion and Performance Placement Reports. The former lets users tell Google what IP addresses they want to avoid with their ads, while the latter lets advertisers see which sites are performing the best among those displaying their ads. This knowledge lets advertisers use various site exclusion and targeting tools to tackle click fraud.
The problem, however, is ultimately Google’s – and perceptions matter. If advertisers truly believe they are not getting their money’s worth, they’ll go elsewhere – and crooked sites and honest sites alike will lose out on the potential ad revenue. In a situation involving a lot of money, relatively little trust, and real fraud, having a genuinely disinterested independent party – outside of Google, the advertisers, and perhaps even the current crop of auditors – is starting to sound like a good idea after all.