The Dangers of Blocking Fraud in Real Time | AppsFlyer
3 Min. Read

Necessary Cautions When Blocking Fraud in Real Time #FoolsNoMore

Shachar Guz Shachar Guz Apr 09, 2018

As an attribution provider, both marketers and media sources trust us to measure and report their performance. While marketers would like to block 100% of  fraud in real-time, there is a risk in overzealous blocking as well – damaging publisher relationships, ad network revenues and data accuracy. Today, we will take a deep dive into how we identify and validate every fraud signature, delivering optimal coverage without compromising your data accuracy.

Our Protect360 team operates like an antivirus or cyber-security solution, rather than your standard SAAS product team. Most of our R&D team operates on an agile release process, testing and releasing product updates in standard sprints. However, our Protect360 team is expected to take action in fraud in near-real time, blocking emerging fraud sources without compromising data integrity. This requires a far more agile, and vigorous update cycle.

By transparently blocking fraud in real-time, marketers save both time and money. Behind the scenes, maintaining real-time protection against bots, click flooding, install hijacking, behavioral anomalies and device farms is challenging. Blocking fraud requires (a) a massive data set for analysis, (b) supervised and unsupervised machine learning that can detect new and emerging anomalies and fraud patterns and (c) deep experience in mobile advertising, app marketing and fraud industries.

Not Every Anomaly is Fraud

Given the fragmented nature of mobile marketing, there are dozens of points of failure, any one of which could set off false fraud alarms. Unsupervised machine learning is great for detecting anomalies, but treating anomalies as fraud would be dangerous and misleading. Something as basic as a server delay or an external API bug can result in abnormal activity, even though no fraud has occurred. Knowing when and what to block without compromising data quality and integrity is very difficult. Every new fraud signature suggested by our automated system undergoes extensive testing and validation by our data scientists. In order to validate that an anomaly was the result of fraud and not a technical error or edge case, our data scientists must consider dozens of potential points of failure, comparing data across thousands of campaigns and advertisers. Given the speed and agility of today’s mobile fraudsters, everything from our SiteID blacklists to our click flooding protection and bot signature database must always be up to date, protecting against the latest and greatest threats as they emerge.

The Data To Map The Mobile Fraud Genome

Protect360 is powered by our unique mobile engagement database. We now process over 1,000,000,000,000,000 (1 trillion) mobile events every month across over 5,700,000,000 (5.7 billion) devices. These aren’t just big numbers, they are key to our ability to find and block fraud.

Consider the following analogy. One hundred years ago, physicians diagnosed diseases based on their symptoms. As our understanding of science and medicine improved, the industry began conducting clinical trials that adhered to scientific method, improving results. Thanks to advances, including the mapping of the human genome, genetic testing can now accurately identify which specific diseases and genetic mutations are best treated with specific drugs. In the business world, the only way to accurately identify the root causes of fraud and remove the bad actors without damaging the broader ecosystem is through big data. By carefully calibrating our machine learning, we are better able to find additional variables for each fraud signature. This technique allows us to cut off even the most advanced fraud at its root.

Speed Vs. Accuracy

Finding the right balance between speed and accuracy is never easy. Compromising accuracy for speed is short-sighted and leaves marketers exposed. Our solution has been to distribute the workload.

We invest heavily in global fraud research, innovation and collaboration. Over the last six months, we onboarded additional mobile fraud-focussed data scientists, and founded an internal global task force to find and share potential fraud. Regional fraud leads and CSMs regularly share their new anomalies and advertiser challenges, collaborating with colleagues across 14 global offices. A few team members started exploring outside the box, joining gray hat and black hat cybersecurity forums and dark web meetups, learning how fraudsters avoid blacklists, purchase DeviceID lists, operate and maintain botnets and more. We met with a Russian broker who had visited an Asian device farm and interviewed a US college student running his own device farm to cover his tuition. We also met with partners and networks around the world, sharing insights and learning from our shared experience. With dozens of team members collaborating on fraud challenges and potential solutions, the insights poured in.

Though this investment in resources across Product, R&D, CSM and Support teams has been significant, I am proud to say that nobody has ever questioned the amount of time and effort we put into mobile fraud research, or any of our measurement products. An investment in delivering better data accuracy for our clients and partners is an investment in our future as a measurement provider.

In summary, blocking fraudulent traffic in real-time saves time and money while improving your data accuracy. However, this strategy demands extreme care and precision. Blocking fraud in real-time requires a massive amount of fresh data, as well as deep expertise in both machine learning and the mobile ecosystem. To learn more about mobile fraud, please check out our latest report, The State of Mobile Fraud or book your complimentary fraud consultation today.