Choosing the ingredients for your fraud protection

By Michel Hayet
choosing fraud protection ingredients

Fraud in its many forms has existed in our industry since the early days of desktop click flooding (yeah, that used to be a thing). 

However, awareness to fraud and its business implications seems to have grown rapidly in recent years with the growing maturity of our industry.

Terms like attribution manipulation, bots, and other schemes were introduced into our lives when the first pioneers of ad fraud protection started measuring KPIs and abnormal performance behaviors to help expose foul players and malicious sources. 

Clearly a blessing, initial fraud solutions helped raise awareness to an industry illness in an effort to optimize ROIs by cutting out harmful sources.

As awareness and demand for fraud protection grew, so did supply. New companies started offering varied solutions and approaches to tackling fraud, with the best intentions and goals in mind. However, one must take the responsible approach when choosing which solution best fits their requirements. 

So just like when choosing your cereal in the supermarket aisle, make sure you carefully examine the “ingredients” of your mobile fraud protection provider.

Here are a few points to take into account.

what to look for in a fraud protection provider
Fraud solution ingredients

Match between your vendor and operation 

Matching your selected vendor’s technological capabilities with your requirements might seem trivial, but is important nonetheless. 

Many solution providers out there could address the general issue of fraud, but not necessarily the fraud topic you need addressing. 

A company specializing in preventing desktop-based mobile ad fraud, for example, may look to expand its business to try and tackle mobile fraud, but might not hold the infrastructure, technology or experience to provide the best protection.

Be sure the solution you’re looking into doesn’t only support services that match your needs, but actually has all the right tools, technology and experience to properly fulfill your expectations. 

Mobile attribution is dramatically different in nature than desktop-based fraud protection and requires deep understanding to properly treat potential threats and risks.  

A rule of thumb for in-app fraud prevention is to rely on a mobile-app expert, attribution-based technology. 


Mobile fraud: Marketers’ massive hidden threat


Ain’t no party like 1st party

Keeping in mind the importance of mobile attribution measurement, your fraud solution should ideally rely on 1st party data as much as possible.

There are a couple reasons for this:

  1. Accuracy. A solution patched with 3rd party data will inevitably be less accurate as it relies on indirect data you have to deliver from your attribution provider. An attribution provider who also offers fraud prevention services will be more capable of analyzing and processing data generated in its own platform and will most likely provide more accurate inputs and results.
  2. Delayed response. When it comes to fraud, real-time blocking is crucial for minimizing long term effects on performance, data and targeting. 3rd party solutions, as good as they may be can only report or detect at best, leaving you with the exhausting reconciliation process.

Out in the open

Marketers often look for a fraud solution either in preparation for a potential problem (best case) or when already suffering from one (common case). 

When fraud strikes, you’ll want to make sure that all defense mechanisms are applied, as fraudsters, by nature, will always look for loopholes they can exploit. 

While an attribution SDK-based solution is the recommended choice, it’s important to stress that not all attribution-based solutions are safe. 

Some attribution companies use open-source SDK solutions, claiming that the transparency far outweighs any potential disadvantages. In reality, an open-source SDK poses a massive security breach – a loophole for fraudsters to exploit. 

A fully-exposed SDK code library makes the job significantly easier for fraudsters by providing the basis for reverse engineering and decryption of server communications. 

Fraud is almost impossible to completely eliminate (despite what you may have been told). Fraudsters will keep coming up with innovative methods, and it’s your job to make their lives as difficult as possible.

By presenting any part of the code as an open-source library, reverse engineering becomes that much easier, even encouraging new fraud types like SDK spoofing– typical in open-source SDKs. Doing this essentially creates even more fraud, rather than eliminating it.

The safe choice would be a post-compilation, closed-source, obfuscated SDK, relying on a sophisticated encryption mechanism. An encrypted solution, one that’s not open and visible for anyone to see, places essential additional steps that make the fraudster’s job that much harder, to the point where their efforts become ROI negative.

Which brings us to our final, but very important, point.

Numbers can be deceiving

You’re going to have a lot of numbers thrown at you once you start looking for a fraud solution. Pricing aside, what you should be suspicious of is fraud blockage percentages and volume guarantees. 

While fraud is indeed an industry-wide problem, the right solution is still an individual one when it comes to volumes, business implications and protection. Any guarantee or obligation should be taken with great suspicion and raise serious concern for potential false positives.

False positives, when discussing fraud, mean falsely flagging or blocking actions as fraudulent when in fact they’re legitimate.

This could be caused by many reasons like inaccurate identification rules, miscommunication between systems or (most dangerously) overzealous platforms looking to provide impressive numbers. 

False positives could cause even greater damage to your business than fraud, as in this case you’re accusing legitimate partners of fraud, damaging your relationship with them and wrongfully harming their ROI.

Bottom line – don’t be fooled by promises of inflated numbers. Big numbers can also mean a big problem.

A high blockage volume can also mean a lot of targeted attacks. Why are there so many attacks to block in the first place? 

Fraudsters seek loopholes, security breaches and generally- an easy payday. 

A strong fraud solution will be identified by a low number of attacks – one that fraudsters think twice before they attack i.e- the one that’s harder to crack into.

You don’t pick a fight with the biggest kid in the playground 

Usually looking for the easiest way to get their piece of the pie, fraudsters will naturally go for the easy target. They don’t mess with the “big kids”; it requires a lot of effort and they are likely to reap no rewards.

Ironically, the strongest fraud protection product will be the one rarely facing fraud attacks.

Opting for a solid defense will save you significantly more work and leave you facing fewer problems than what other solutions will require solving. 

Michel Hayet

A former entrepreneur and digital strategy consultant, Michel is a digital advertising veteran and an expert in mobile ad fraud. Over the past ten years Michel has been studying the intricacies of the digital advertising space, focusing efforts on technology innovations, studying ad fraud methods in-depth and exploring techniques of fighting it.

Follow Michel Hayet

Ready to start making good choices?