How can online advertising fraud be detected and prevented? What should we look at, where should we look, and what methods and tools should we use?
These questions are relevant to anyone who buys online advertising. According to HBS professor Ben Edelman, an expert on the design of electronic markets, these are the kinds of concerns you should think about when setting payment terms and dealing directly with suppliers.
One tool to deter fraud: pay later.
Edelman's new research on a major advertising affiliate network demonstrates that by delaying payment by two to four months the network could eliminate more than 70 percent of fraud without decreasing profit. As he explained in his blog:
"By delaying payments, a merchant or network differentially harms bad affiliates (who rightly worry they may get caught) without unduly harming good affiliates (who know they'll get paid, and who receive a bonus in compensation for the delay). With a suitable delay, a merchant or network can deter many bad affiliates while retaining the good."
"Even if you deal with suppliers indirectly, that doesn't mean you couldn't have some say in the terms by which they are paid," Edelman tells HBS Working Knowledge. "Indeed, if you paid your suppliers more slowly they'd almost certainly pay their suppliers more slowly, which would have the desired effect.
"You have no control, and yet you have full control merely by not sending the check too quickly."
Edelman explains more in this Q&A, as well as the motivation behind his working paper "Optimal Deterrence When Judgment-Proof Agents Are Paid in Arrears—With an Application to Online Advertising Fraud."
Martha Lagace: How prevalent is fraud in online advertising?
Ben Edelman: In online advertising, it's often hard to know whether you've received the service you've contracted to receive and have paid for. You've got a bill. Have you also received the benefit of the service—the customers? Certainly you have some customers, but are they new customers, customers you wouldn't have gotten had it not been for the advertising?
An advertiser faces a bit of a conundrum. On one hand, you can pay the bill and continue receiving the advertising service. But, on the other hand, it's tough medicine to pay a bill without being sure that you've gotten what you were supposed to get. How do you know you're not being cheated?
I've been looking at this for five years from a technical perspective. But it has struck me that this is basically an economic problem, namely a problem with incentives. The fraudsters do what they do with reasonable comfort that they won't get caught. And they know that if they do get caught, it won't be all that bad. If the best that can happen is to get paid full value and if the worst is to be paid zero, they're guaranteed to come out positive.
There's an information asymmetry here. In particular, the merchant doesn't know whether the advertising supplier is what I call a good type (someone who is actually providing the contracted service) or a bad type (someone who is using one scam or another in order to get paid despite not actually having done the work or provided the benefit).
Q: Which online advertising markets are hotbeds for fraud?
A: There are two in particular that involve the largest number of unsupervised or poorly supervised suppliers.
First, any advertiser buying pay-per-click ads is subject to the problem of click fraud, among other problems arising out of improper placement or clicks that are somehow of reduced value.
Pay-per-click ads are a big market. They're more than 90 percent of Google's revenue. For Google, about half of pay-per-click traffic is placement on Google's own site, but the other half is placement that Google arranges on other companies' sites. To make an extra few dollars a day, someone might click on his own ads or hire a buddy to do so.
The second area of fraud—in some ways even more interesting to me—is online affiliate programs. The word "affiliate" simply means that the ultimate advertiser, the merchant, thinks of himself as being at arm's length from the advertising partner. "I don't know how good he is," a merchant might say to himself, "but I'm only going to pay him when he closes a sale."
The view is that because the merchant is only paying for purchases—not merely for people looking at or clicking on an ad—the system is either fraud-proof or dramatically less prone to fraud than other kinds of advertising. An advertiser might think: "Faking that a person paid money is very hard. You need a credit card, and if I'm getting the order, how bad can it be?"
In fact, fraud is not impossible. Maybe it's a little bit harder. But it certainly is the kind of thing a determined adversary can perpetrate if so inclined and if the money is there to make it profitable to do so.
But because these have been perceived to be low-fraud marketplaces, advertisers have omitted many of the kinds of protections that you would ordinarily expect when dealing with little-known suppliers; for example, easy tasks like determining whether the supplier is a bona fide business entity, or cross-checking the supplier's street address with its phone number and tax ID number. These very obvious and easy things haven't been done in many instances because they were believed to be superfluous. If fraud is impossible, then why should we waste our time looking?
Q: How could someone commit fraud in that scenario?
A: First, suppose there was tracking software on a user's computer. Many consumers have had this problem. You're browsing the Web, and you start getting pop-ups all over the place, perhaps five a minute. The pop-ups are coming from within your computer, not from the sites you're visiting. So suppose there was software on a (user's) computer that could track that the user was on the Dell Web site looking at a new Dell laptop. In one view, that would be a great time to force the user through one of the affiliate links back to Dell. And if the software did that, the Dell Web site would conclude, "This user got to the Dell Web site through an affiliate link. Therefore we should pay that affiliate a commission if the user makes a purchase."
The problem is, of course, that the affiliate did not actually cause the transaction. The transaction would have occurred anyway, and so any amounts paid to that affiliate are entirely wasted. Dell pays the money and gets no benefit; all the sales that occur would have resulted anyway. In principle, Dell would never know.
Second, suppose there was an ordinary banner ad on the Web. It could be on any site. And in the course of viewing that ad, just looking at it as you look on the page in which it appears, your computer is forced to go through one of these affiliate links and load up, say, the Dell site, potentially in a window that's only one pixel by one pixel—one tiny dot on your screen, so you can't see it. But in the background your computer has clicked through this tracking link, and loaded up the Dell site. If you made a purchase from Dell within the next seven days, Dell would believe that you had been referred to its site through the corresponding affiliate, when in fact the affiliate did nothing. In fact, the affiliate did less than nothing: The affiliate wasted some of your bandwidth making you load a site you hadn't requested.
The affiliate probably has to make hundreds or even thousands of people load the site in order to find one user who was going to buy a Dell within the next seven days. But when they find that user, the fraudsters really hit the jackpot: They bought an ordinary banner ad for fractions of a penny, got the benefit of the banner ad because they can still show a banner ad in the banner-ad spot, and there was as an ancillary source of revenue; namely, for that proportion of who were about to buy a Dell anyway, they get 2 percent of the purchase price. Two percent of a new Dell laptop—that's real money. And it's not just Dell. There are plenty of other merchants with these same marketing programs.
Q: How should consumers protect themselves from potential fraud?
A: It's highly desirable to keep your computer free of the sorts of bad software that I've described. There is a good reason for users to want to be free from these pop-up ads, not to mention the even more pernicious software that tracks every page you view, every product you buy, every Web site you look at.
It's also important to realize the externality that results from cleaning up a computer. Every time you clean up your computer or help a less-savvy friend clean up his, you're making the world a somewhat better place. It's a safer world in which to advertise, and a safer world in which to do business if more computers can be trusted to do what their operators want rather than what some unknown third party hopes to accomplish.
Q: What are the lessons for businesses and merchants? What should they know before signing a contract?
A: The main insight in my paper is that default contract terms—obvious contract terms—are not the only possible terms.
It may be that you pay most of your suppliers on standard Net 30 terms, and that makes sense for most suppliers most of the time. But even something as simple as how quickly a supplier is paid could be an important strategic decision. Paying more quickly might offer a benefit sometimes—consider a cash-strapped supplier that really needs the money and will offer a big discount for fast payment.
Delaying a while could also be beneficial sometimes in separating the wheat from the chaff. In this context, delaying payment distinguishes the rule-breaking affiliates from the good ones who are actually helpful. Rule breakers know that the longer they have to wait, the more likely they are to get caught. The more likely they are to get caught, the less likely they are to get paid.
So just by paying more slowly, it seems to be possible to reduce the number of bad affiliates and thereby reduce waste and increase profit.
My paper's main contribution is in presenting a methodology. How to compute the optimal delay given the particulars of your business is different depending on how prevalent bad affiliates are, the profit margins of bad affiliates, and what I call the discount rate of good affiliates—how quickly your good suppliers need to get paid. If they have to borrow money to support their business dealings with you, how are they borrowing it and how much does it cost? As a function of all of that, it's possible to compute a profitable range of delay and then to compute an optimal point within the range.
Typically it seems like a delay between two and four months would often be appropriate. It sounds like a long time, but if you could get rid of a substantial share of online advertising fraud, waiting two to four months wouldn't be bad. And crucially, for the good advertising partners, the ones who are being asked to wait two to four months to get paid, you're going to pay them a bonus. You'll have enough savings from imposing a delay and deterring fraud to pay a substantial bonus, more than the interest rate times the amount at issue. You can pay them a bigger bonus than that. So in principle they should thank you. They'll thank you for the bonus, maybe shrug about the delay, but on balance be pleased.
The idea here is to make everyone better off, except of course the fraudsters.
Q: What would it take to eliminate the remaining potential for fraud?
A: It's hard. For fraudsters whose profit margin is extreme, I don't have a tool in this toolkit to deter them. If the cost of committing the fraud is actually zero, we can't deter them when the worst we could/can ever do is not pay them. Because in the best state of the world for them they get paid; in the worst state, they get zero. If their costs are zero, then they are always going to be somewhere in the positive side of the equation.
For anyone with real costs of committing the fraud, be they costs of designing the fraud or costs of scaling it up, this method seems to work in principle, subject to the algebraic constraints of whether it can be implemented profitably.
As to other methods of fraud detection, I have programs in my testing lab by which I test advertising software and look for fraud. Some of them are manual while others are automated. There's no reason why I should have more sophisticated tools than online advertisers, yet in practice many online advertisers don't have these kinds of tools even when they are spending hundreds of thousands or even millions of dollars on potentially fraud-ridden advertising.
Q: Why is it so difficult to tackle fraud of this kind through the courts?
A: Many of the fraudsters are hard to find, particularly when advertisers have been under the mistaken view that fraud is impossible. Advertisers have entered into contracts with persons who either are or claim to be in the most far-flung of locations. I looked at one advertiser with fraudulent partners in Morocco, in Tanzania, literally all over the world. They couldn't be farther from the centers of business in the United States. Furthermore, figuring out whether partners really are where they say they are can be a challenge. One shouldn't assume that they're telling the truth about their location when they are lying about everything else.
So that's one important constraint in using the legal system to get redress.
Another constraint is the sense by many advertisers that it's their own fault: "We paid him for the last six months, and now we find out it was fraud. How can we sue when we ourselves paid the bill?" That's wrong as a matter of law. In fact, it sounds like a typical successfully perpetrated fraud. But the people who decide how to proceed often lack legal experience. They are marketers and advertisers, not legal professionals.
There are also serious agency problems within many companies. Often advertising buyers are compensated in proportion to how much advertising they buy. For example, an affiliate program manager might be paid a modest salary plus 10 percent of year- over- year growth in the size of the affiliate program. But consider the incentives of someone paid in that way. If there is fraud in the affiliate program and the staff person recognizes it and ejects it, that means the program is smaller and her bonus gets smaller. In fact, her bonus might be disproportionately smaller because it's based on growth, so if you took out the 10 percent of fraud in the program, there goes this year's growth and the Christmas bonus. So in many companies the incentive to get to the bottom of this quickly and successfully is tempered by the incentive of staff to do what is in their personal interest.
Q: What are you working on next?
A: I am working on other aspects of online advertising contracts that seem potentially suboptimal to me. For example, I've been looking at the shape of the compensation function—the bonuses offered to advertising partners as volume increases. Typically the more you sell, the more you get paid, and disproportionately so. Sell 20 percent more and you might get paid 25 percent more.
There's a certain logic to that. A productive salesperson is worth more. But often these contracts have sharp points at which the curve changes direction all at once, which can produce odd incentives. Even more strikingly, many of the compensation functions have jumps—sell just one more unit and your commission will go up 10 percent. These arrangements are readily gameable. If you need to sell one more unit and you can't find anyone to buy it, buy it for yourself or for your buddy.
Because these systems can be gamed, firms spend extra money on online advertising. That money might be better spent in increasing compensation for everyone rather than increasing compensation for the few who choose to game the system and increase their own profits. I'll have an article about that later in the year.2008 President and Fellows of Harvard College