Home Ad Exchange News DoubleVerify And SpotX Flag New Type Of Ad Fraud: ‘Verification Stripping’

DoubleVerify And SpotX Flag New Type Of Ad Fraud: ‘Verification Stripping’

SHARE:

The ad server SpotX and ad verification company DoubleVerify have flagged a new type of fraud they’re calling “verification stripping.” DoubleVerify says the new method may be responsible for up to 10% of ad fraud spikes it identifies.

Verification stripping happens when fraudsters hinder the transmission of network calls between the ad server and measurement provider through the use of bots or malware.

That technique can stop a measurement pixel from even firing in the first place, or hide evidence of nefarious tactics like domain spoofing if a verification pixel fails to properly render.

Unfortunately, it’s unclear how pervasive this practice actually is – it’s essentially a new type of fraud and DoubleVerify is working out a solution to prevent it.

Other ad verification vendors neither confirmed nor denied awareness of verification stripping.

“All of the tactics employed by fraudsters are continuously evolving, from methods of avoiding detection or obfuscating what they’re doing to this technique of actually preventing the ad call from reaching the verification provider,” said Matt McLaughlin, COO of DoubleVerify.

DoubleVerify and SpotX discovered verification stripping when the impression counts between the ad server and verification provider didn’t match up.

“A few months ago, we started to notice a discrepancy between impressions SpotX counted internally and impressions that showed up in our DoubleVerify reporting,” said Nick Frizzell, senior director of brand safety and inventory operations for SpotX. “That’s what prompted us to notice we had some pockets of inventory where we weren’t firing DoubleVerify tags where they should have been.”

To prove that verification stripping was happening, SpotX and DoubleVerify fired an additional impression tracker – one the bad actors wouldn’t expect and therefore wouldn’t be ready to block.

Firing an additional pixel, Frizzell said, let SpotX and DoubleVerify locate exactly where the verification stripping was happening.

Mostly, it happened in video inventory, where higher CPMs made it a more attractive target, but the tactic isn’t limited to any single format, McLaughlin said.

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

As a result, the video ad platform has removed entire pockets of programmatic inventory where it suspected verification stripping was happening, said Josh Cariveau, SVP of global operations for SpotX.

The company has been educating premium publishers about this new attack, though premium inventory isn’t likely to be the most exposed to this form of fraud.

SpotX is working with measurement and supply partners beyond DoubleVerify to identify areas where verification stripping might mask a faulty URL or hide evidence of tactics like domain spoofing.

That work sometimes requires the video ad server to pass log-level impression data (and information about where the impressions were served) to the measurement partner on a daily basis.

“Then, they sift through the file and say, ‘These are the ones we didn’t see fire yesterday,’ and we work to fill in the blanks,” Cariveau said.

To prevent verification stripping, similar to SpotX, DoubleVerify’s McLaughlin advises buyers and other ad platforms to ensure the impression counts recorded in their ad server are similar or equal to those originating from their verification provider or publisher partner.

Must Read

Comic: Off-Platform Media

How RMNs Use MFA And Cheap Inventory To Game Attribution Rules

Retail media is built on its attribution quality, but real purchases can be gamed by programmatic metrics and create perverse incentives for RMNs to serve ads across low-quality inventory.

There’s A Lot Wrong With Google’s And Meta’s Non-Transparent ‘Refund’ Practices

Google and Meta are playing with fire. Their opaque refund practices have already exposed them to customer blowback – and could lead to class-action lawsuits by disgruntled advertisers.

Comic: The Great Online Privacy Battle

How US Intelligence Agencies Buy And Use Programmatic Data For Surveillance

Mike Yeagley, an independent contractor who has scouted and acquired commercial data and technology on behalf of intelligence agencies, is one of the earliest evangelists of using ad tech tracking information to identify and surveil government targets.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters

Comic: The MFA Cafe

Adalytics Report Torches Ad Tech For Touting MFA Prevention While Scarfing MFA Supply

Practically every ad tech vendor has put out a press release in recent months full of bluster about cutting out made for advertising sites – and yet supply sources remain oversaturated with garbage inventory.

Cloud-Based Collaboration Is Ad Tech’s Post-Cookie Lifeline – But Will It Last?

Cross-cloud data collaboration technology is the best bet for a post-cookie solution. But it’s vulnerable to similar privacy concerns.

Topsort Raises $20 Million To Seize The Post-Cookie Market Opportunity This Year

Topsort raised $20 million, with plans to seize the 2024 opportunity for post-cookie ad tech.