Fraudsters making a click buck

9 Aug 2006

Click fraud, the practice of purposely clicking on pay-per-click internet advertisements with no intention of legitimately browsing a site or making a transaction, has resulted in search engines Yahoo! and Google agreeing to pay out in the US courts this year.

In March, Google settled a lawsuit in the US alleging it had profited from bogus sales referrals generated through click fraud. It agreed to pay up to US$90m in refunds and attorney fees for past click fraud. Yahoo! also agreed to pay out to settle a similar lawsuit, although there has not been a cap placed on Yahoo!’s potential liability.

Nobody was claiming the search companies were involved in the fraud itself but Google and Yahoo! were called to task over their obligation to protect advertisers from this fraudulent activity.

US-based click fraud detection firm Click Forensics estimates that around 14pc of all clicks on search engine advertisements are fraudulent. Most click fraud results from companies clicking on competitors’ advertisements to drain their advertising budgets. In some cases, website owners click on ads hosted on their site to boost up figures and generate advertising revenue for themselves.

In an Irish context, click fraud usually manifests itself in fraudsters trying to click their rivals’ sponsored links off the top of internet search pages.

Google and Yahoo! both offer advertisement-placing mechanisms whereby companies have a daily budget and bid for listings. The search engines charge per click. Once a company’s daily budget is used up, its ads are no longer shown.

“Click fraudsters are going in early in the morning to click them off,” says Sean Owens, managing director of Willows Consulting, which provides click fraud detection as one of its e-commerce services. “It certainly exists in Ireland. It’s very hard to detect and it’s hard to find out exactly who’s committing fraud against you.”

He believes that in certain high-value markets, the practice is definitely hitting Irish businesses. “For online jewellers or people in fairly competitive markets like that — for example people selling photography equipment or electronic equipment — they could be surprised if they actually put click fraud detection on their ads,” he says.

However, he is quick not to overplay the prevalence of click fraud in Ireland, which he says is mostly caught by the search engines. He compares it to a hindrance that will probably have to be tolerated by internet merchants the same way shopkeepers have to put up with a certain amount of pilfering from their shelves.

Richard Firminger, Yahoo! Search Marketing’s regional commercial director for northern Europe, also downplays its prevalence. “Is it a big problem? No. Is it a serious problem? Yes. “It’s an important issue but the scale is small. For most of our advertisers most of our time it’s a negligible problem and rarely comes up as an issue.”

So what about the routinely touted 14pc figure? “We see lots of external figures. We’re obviously not going to reveal the figures we monitor but I would state categorically that 14pc is a wildly inaccurate figure. It overstates the position by many fold. There are certain people who have a vested interest to be perceived as being on the inside track or know more than others and therefore can help advertisers; they obviously have their own specific company objectives and that figure assists their position but it assists their position on a very inaccurate base.”

John O’Herlihy (pictured), European director of online sales and operations for EMEA with Google, is equally dismissive of the 14pc figure: “Google does not have insight into the methodologies used to produce these reported figures. “We believe click fraud is considerably lower than recent research reports would have us believe due to Google’s emphasis on detection and prevention.”

However, both search engines refuse to reveal what average percentage of advertisement clicks are fraudulent. They are equally, if understandably, reticent to divulge what methods they use to prevent click fraud, although both claim it is being effectively combated by their detection methods.

For Google, according to O’Herlihy, this incorporates picking up duplicate internet protocol (IP) addresses, user session information, network information, geographical targeting and browser information. “To avoid making it easier for fraudsters to try to defeat our systems, we don’t give exact detail on our technology as used,” he says, a line also adopted by Yahoo!, which states it uses “very specific software that evaluates each of our advertisers’ clicks, uses both search and click data and uses things such as rule-based references and pattern-recognition-based inferences that help us surmise what constitutes clicks made in bad faith”.

Obviously the search engines are going to sing the praises of their security, but is there a need for concerned Irish businesses to invest in third-party click fraud detection services? Owens, whose company mostly deals with clients who advertise with Google, asserts that Google does catch most click fraud. “Google catches most of it and it’s in their interests to catch most of it. I’d say they catch 80-90pc of it but there is a certain amount they don’t catch.”

The main benefit of using a third-party click fraud detection service, he says, is that it’s good for getting refunds from your click advertising company.

He explains a popular method for detecting click fraud. “Usually what you do is run a piece of software on your website; you buy click advertising off Google, for instance, and then instead of that going to your homepage you get that to go to a specific page that’s not accessible by anybody else from the internet coming into your site.

“It’s a cul-de-sac page, as it were. On that page you have a piece of code that feeds into your click fraud detection service. That logs the IP address and the multiple clicks coming from the same address off Google.”

Of third-party detection services, Firminger states: “The only businesses that are truly capable of gaining insight based on the data are the search engines themselves. I’ve not seen any third-party data that allows you to get any closer to the analysis, to the right reading.”

The threats to profitability created by click fraud and its exposure has recently prompted Google to make statistics regarding invalid ad clicks available to advertisers. Yahoo! operates a similar system whereby advertisers can log in to their account and check the amount of ‘unqualified traffic’. The charges for these clicks are deleted from the invoice. Yahoo!, Google and Microsoft have also recently announced they are to collaborate in addressing this issue.

Despite the assurances, Irish advertisers, who are already cautious about internet advertising, might be further tempted to seek marketing opportunities elsewhere. “List-generating-based advertising is having an effect but it hasn’t really crossed over into the mainstream here as it has done in the UK and the US,” says John Holohan, information and communications manager of the Irish Advertising Practitioners Institute (IAPI).

“We would like to see the most robust steps taken by the ISPs to ensure it doesn’t happen because advertising works on confidence: both consumer confidence and advertiser confidence. If that confidence isn’t there it will only limit growth further in this marketplace. These things could be quite damaging, especially as the Irish market hasn’t fully embraced online advertising fully yet.”

Preliminary figures from the IAPI estimate that more than €30m is spent a year by Irish businesses on internet advertising, a small segment of the market but larger than what’s spent on cinema advertising and almost as large as outdoor advertising.

Ultimately, Owens says perpetrators of click fraud are engaged not just in nefarious activity but poor business practice. “You’d spend more time clicking people off and doing all that mucking about when you’d be better off spending the time drumming up a sales call. It’s a bit childish. Small businesses like ourselves would be targeted by competitors and it wouldn’t even be large competitors who would be targeting us; it’d be people below us on the food chain — somebody who just wants to smash and grab business, somebody with that kind of business ethic.”

By Niall Byrne