According to the latest Click Fraud Index, 15.8% of clicks on pay-per-click ads are fraudulent, rising to 25.6% if you look solely at content networks, such as Google Adsense.
This is a can of worms. Almost any question you can ask is hard to answer with confidence.
What is the real level of click fraud? Google’s Shuman Ghosemajumder says that estimates such as the Click Fraud Index are overstated. In addition, a proportion of the fraudulent clicks are detected by Google and not charged for. Which leads to another question -
How many fraudulent clicks are actually charged to advertisers? Google says very few – but they would. Intriguingly, it also apparently discounts content network ads on the grounds that there is more fraud there:
We know there is a more direct incentive for fraud on the content network and we do much more to protect advertisers, ban bad publishers, and improve ROI through SmartPricing discounts. As a result, average ROI on our content network is nearly the same as on Google.com. Yes, you read that right. ROI is the same on average – and not by accident, but because we automatically provide discounts to advertisers to make it so.
Is that not a tacit admission that advertisers are paying for some fraudulent clicks? It sounds like that to me – Google discounts all the clicks to compensate for for the fact that some are bogus.
How is click fraud detected? Some of this is obvious – rapidly-repeated clicks from the same IP number, for example, and clicks from known botnets. As I understand it, the Click Fraud Network goes further by attempting to analyze the activity after the click has landed. However, nobody is going to publish the exact algorithms they use, for fear of helping the fraudsters (and giving away secrets to competitors).
What about clicks from unknown botnets? What about click fraud programmed skillfully enough to replicate likely human behaviour? I’m sure the fraud detection is imperfect; the question is, how imperfect?
Probably the best way to figure this out would be to penetrate the criminal underworld that executes the fraudulent clicks and discover their techniques. Even this would not catch the casual fraud – for example, someone who goes into an Internet cafe from time to time and clicks on a few ads on their sites.
How can advertisers audit their bills? Difficult, because as I understand it the agencies (such as Google) do not supply enough detailed information. You would need the exact time and IP number of every billed click, which you could then match to your log records, analyze behaviour, and check out against known compromised IP numbers. There is a general lack of transparency.
About the only thing you can measure is results. In other words, attempt to correlate sales against ad expenditure. Google says the same – watch your ROI. The reason advertisers meekly accept a certain (unknown) level of fraud is because they feel it is worth it. After all, there is waste in every other form of advertising – TV viewers who skip ads, print ads that are never opened, etc.
That’s all very well, but the main difference with click fraud is that it is not just waste, it is also fraud. How many people are getting prosecuted? Another question that I can’t answer, but I suspect, nowhere near enough.