 
|
|
In partnership with:
November/December 2006 issue Click fraud is just another business taxWilliam Knight
Andrew Kellet, senior analyst with Butler Group, thinks this is
because we are incapable of taking security seriously at the outset
of an innovation. “Security always comes second to the delivery
of the service,” he says, and the latest scheme, following
that never ending pattern, is click fraud: the phenomena where online
adverts are clicked upon for purposes other than interest in a product. But the system is inevitably open to abuse. The PPC operators share the click revenue with the publisher, and therefore there is a temptation for the publisher to click his own adverts to bump up earnings. More broadly, webmarketing.com define click fraud as, “any paid-for click that originates in a malicious attempt to drain an advertiser’s budget.” Furthermore, some publishers are industrial in their attempts to de-fraud. Fraudsters are recruiting syndicates of low-paid workers to click for hours on end, or running botnet controlled automated click campaigns. Click fraud has quickly grown into a massive business. According to the 2nd quarter 2006 report published by Click Forensics, the industry click fraud rate was 14.1% , slightly higher than the average of 13.7 percent for the first quarter. This is an enormous leach feeding on PPC advertising. Google reported revenues of US $2.25 billion for the quarter which ended March 31, 2006. According to Goldman Sachs analyst Anthony Noto, almost all of Google’s revenue comes from online ads, including those that are pay per click. Google is cagey about revealing its own estimates of fraudulent click rates. Shuman Ghosemajumder, Google’s business products manager for trust and safety, did say however, “I can now tell you that it’s in the single digits, less than ten per cent. That includes not only what you would call ‘click fraud,’ but other categories of invalid clicks also.” The other categories of invalid clicks include unintended double clicks and innocent ‘webcrawlers’ that follow the advertising links. Ghosemajumder explains how such clicks are handled: “If someone does click twice, there is no dispute about whether those two clicks occurred. The question is, what do you want to do with the second click? Even though those are two separate clicks registered, we choose not to charge for that second click.” So, what is a click? He was unable to state the time delay Google uses to distinguish a double click from two single clicks, and Paul Cook, founder of the web analytics company Red Eye, is irritated by the PPC operator’s secretive approach. He says they are selling a service but are not being entirely open about what that service is and can thus change the rules on a whim. “No one will give you a definition of what a genuine click actually is,” he says. But Ghosemajumder seems quite clear, “The click is the request. Specifically it’s the HTTP request, which is registered on our servers.” They are all clicks then, only some are not charged to the customer at Google’s discretion: “We do that not because of click fraud, but because it is obvious that someone who has double clicked is just double clicking from a navigational perspective, not because they are trying to hurt the advertiser, but instead just to optimise their [the advertiser’s] ROI,” says Ghosemajumder. And yet, perhaps wary of criticism that Google is acting as service provider and auditor, the corporation recently joined an Interactive Advertising Bureau (IAB) working group to define valid clicks. Along with Ask.com, LookSmart, Microsoft, Yahoo!, and others, the Click Measurement Working Group will create guidelines providing the detailed definition of a “click” and the standard against which clicks are measured and counted including the identification of invalid clicks and/or fraudulent clicks. “The establishment of these guidelines will provide marketers with a standard for the consistent and reliable measurement of their performance based marketing,” says the IAB. Defining a click may help identify erroneous clicks, and synchronise providers’ figures with those of the advertisers, but it’s unlikely to dent the burgeoning fraud business. There is resignation among advertisers. Tim Davies, marketing director for independent ISP IDNet, controls a modest budget for PPC advertising. He sees click fraud pragmatically as a business expense, something to be countered like you would counter advert-fatigue by creating a zinging new campaign. “We’ve seen a drop in conversion rates,” he says, but explains this is not all down to click fraud. “A lot of it is down to user behaviour. Users are more savvy and fickle.” He argues that surfers have grown up, they are no longer wowed by the Internet and as such, marketers must work harder to capture attention. “You have to make a fast impression with your landing page [the first page a surfer sees after clicking an ad].” Davies is enthusiastic about PPC advertising as a concept, as it gives him flexibility, control, and accurate figures for return on investment. His campaigns are constantly changing and the mix of websites on which his adverts are published is regularly reviewed and cautiously targeted. He’s careful to monitor statistics for the first signs of a problem, he understands the business well and is little affected by click fraud above a low, systematic level. He is clearly an expert user, but Butler Group’s Kellet takes this as a sign that, as usual in security matters, the naïve suffer. “Click fraud follows spam and phishing,” he says. “It is the care and control argument. The vulnerable are the ones that don’t have the infrastructure or the knowledge.” This might not be such a problem if it wasn’t so easy to become an online advertiser. Small businesses, bloggers, sole traders, in fact anybody with a website can sign up to a PPC scheme, far more easily than they could hope to understand how to run a secure, targeted marketing campaign. The law can't help But at least if marketing budgets are consumed by click fraud, they can always turn to the law? Well not really. Gavin McGinty, IT lawyer at Pinsent Masons, is not aware of a single case of prosecution for click fraud in the EU. “It’s very rare that the police want to get involved in any of these sorts of things. It’s hard to get them interested in some of the really nasty stuff that’s going on the Internet, let alone when somebody is just losing money.” And then there’s the question of whether it’s really fraud at all. “Click fraud in a practical sense is hard to pin down. Fraud, or the legal position of fraud in the UK, tends to come from criminal statutes,” says McGinty. He reflects on whether it is really a fraud? “It probably is, criminally a fraud, in most cases, the fraud of obtaining money by deception. [But this] makes it very hard to be civilly enforceable. The basis on which the court would award damages doesn’t automatically mean there is a civil right to obtain damages.” So what’s to be done? Advertisers are experimenting with pay-per-conversion strategies — but it’s not suitable for all, and how would Google know when a purchase took place? PPC providers continue to improve fraud-identification techniques raising the entry barrier for fraudsters; and it’s probable that big advertisers will, from time to time, embarrass PPC providers into bigger efforts. This was demonstrated recently when Google settled for US $90 million in a US class action filed by lead plaintiff, Lane’s Gifts and Collectibles. But right now, if you really can’t bear to pay a percentage to online scam artists, the best thing you can do is stay away from PPC advertising. Otherwise, think of it as a tax on your advertising budget. And like any tax, it’s best to get expert advice on how you minimize the bill.•
|
|
