In 2001, the Chase Law Group, a group of attorneys based in California, was spending huge sums on pay-per-click advertising. Because they were competing for traffic in a crowded (and lucrative) niche, they were paying a hefty $3 to $10 per click. The firm's PPC bill was "in the six figures monthly," says Jessie Stricchiola, president of Alchemist Media, the Internet marketing firm that was handling the account.
As Stricchiola supervised the account, she noticed odd traffic patterns. "When we started identifying some anomalies, we had the data to look at to get really granular and say, 'Gosh, what's this traffic about? Why are we seeing these spikes and repeated clicks on these really high priced words, with no conversions?'"
As she dug deeper, her suspicions were confirmed. "We had the data to identify that it was actually a competitor clicking on the ads from multiple locations, as well as some of their colleagues." After presenting Chase's log files to search engines, "We got a significant refund from both Goto and Findwhat," Stricchiola says.
It was one of the first documented cases of click fraud, which is the act of clicking on an ad just to run up the advertiser's bill. But it would certainly not be the last.
The newly born PPC industry has grown into an oversize hulk overnight. It's unknown how much of Yahoo's $5.3 billion 2005 revenues come from PPC, but some estimates peg it at about half. Virtually all of Google's $6.1 billion 2005 revenue came from PPC, which means — gasp — that the search engine raked in more advertising income than the top-ranked television network. Clearly, the ad world is changing.
As the industry has grown, click fraud has grown with it. Exactly how much click fraud goes on is impossible to know: No systematic study has yet been conducted.
"It's definitely something to be concerned about," says Jamie Low, president of Search Engine Marketing. But due to the lack of information about the problem, it's hard to combat. "Right now it's kind of the cost of doing business with paid search."
Jessie Stricchiola, who has become a leading expert on click fraud, explains that click fraud doesn't affect every advertiser equally. "Google might have 1,000 AdSense partners for one set of keywords, and only 500 AdSense partners for another set of keywords," she says. "But within that thousand, perhaps 99 percent are legitimate and sending good clicks, whereas in the 500, possibly 75 percent are sending bad clicks."
"You can't always compare niches and say this niche has more fraud than the other, because it's a volume vs. validity issue — it's difficult to quantify in that way."
Adding confusion to the issue, scammers now use advanced software to create fake clicks. This so-called clickbot software is getting ever more advanced. Clickbot software "presents one of the most difficult threats, because it's constantly adapting and trying to outsmart the filters," Stricchiola says.
An e-tailer who competes in a competitive market might be victimized by a competitor who's "developing some pretty high-end click software to generate clicks from all over the world that can't always be identified as 'invalid' or 'fraudulent,'" she says.
In some instances, click fraud is perpetrated by Web site owners who host PPC ads. Stricchiola points to the example of a small site owner who hosts PPC ads and wants to boost the commission on those ads. "He happens to be a hacker and an engineer, and he either buys or develops an application that, just under the radar, generates a good $1,000 of commission a day - which is nothing in the scope of overall traffic volume," she says.
"We have this nagging problem that's going to stay consistent as long as the industry's around," she says. "And as the industry grows, the problem will grow in rough proportion."
"It just so happens that the PPC advertising model is the biggest money generator on both sides, so it's most prone to this kind of thing. And we're at the stage where we get to figure out how the industry's going to deal with it."
What Can Merchants Do?
Online merchant who have been victimized by click fraud should definitely take action, experts say.
"A number of times we've found erroneous clicks or patterns that were kind of suspicious," Low says. "And we've reported it to Google, and they're usually pretty good about negotiating a portion of the clicks. So you can negotiate with them directly."
Providing proof is key, he notes. "Typically what they'll do is they'll ask you to send them a copy of reports from your log files so they can take a look at it and verify."
Indeed, watching your traffic data like a hawk is essential in combating click fraud, Stricchiola says. Sites need to create benchmarks that describe routine site activity. "Get familiar with what your conversion rates are from search traffic. Get an idea down to the keyword level how your traffic is behaving and performing," she says. "And keep benchmarking."
She points to some helpful technology. Keyword Max Direct is "a bid management platform and they also offer the click monitoring tool." Also, "Optimal IQ is a Web analytics platform but they also offer click fraud monitoring support."
Yet in many cases the best software is the Web analytics tool that a merchant already uses, she says. "So merchants who use software like Omniture, Urchin, or WebTrends — the first thing they should do is look at those applications and find out if they offer some kind of click fraud auditing technology, instead of moving entirely to another application."
Contacting Yahoo and Google
If a merchant feels they've been victimized by click fraud, "We would absolutely encourage them to contact us," says Yahoo spokeswoman Gaude Paez. Not only is Yahoo interested in investigating any such claims, but advertisers play a key role in helping the engine guard against click fraud, she says.
Yahoo has three layers of defense against click fraud, she explains. The first is a series of thousands of software filters that have been written to filter out any suspicious activity, for example, "clicks that are repetitive within a certain time frame." Its second line of defense is a team of data analysts working in combination with pattern recognition technology.
"The third layer of defense really comes from the ongoing dialogue with advertisers," Paez says. "Advertiser input helps us build additional filters for our system to protect advertisers from whatever type of click fraud they may have encountered."
Merchants can contact their account rep or use the Yahoo customer service page. Yahoo will ask the merchant for their Web log files, Paez says. "We'll take a look at it, and if we determine that there is click fraud, or activity that's suspicious that we shouldn't be charging, we will refund the advertiser."
It's not just the big accounts that get service, she says. "We have often spent our time looking into the Web logs of small advertisers. Even something like a $20 in a month is actually a significant spend for some advertisers, so we are completely agnostic about the size of advertisers. Because if we can find a pattern, we want to filter against it."
Merchants buying PPC advertising from Google also have recourse. "If an advertiser feels that there may be some invalid click activity in their account, we encourage them to contact us," says Google spokesperson Barry Schnitt. He refers merchants to a help page to begin the reporting process. He notes that additional information about Google's response to invalid clicks can be found here and here.
Furthermore, Schnitt notes, it's important that merchants know "we take this seriously and have teams and technology working proactively to prevent invalid clicks from impacting advertiser accounts."
Stricchiola has gotten out of the business of advocating for clients as they negotiate click fraud claims with search engines. Her goal now is to effect change at an industry-wide level.
To do so, she's involved in a multi-pronged approach that includes a pending lawsuit and an effort to research the extent of click fraud.
In the lawsuit, a gift shop in Arkansas, Lane's Gifts and Collectibles, is suing a group of search engines, including Yahoo, Google, Looksmart, Findwhat, and others, alleging that the Internet firms knowingly overcharged Lane's other companies for PPC advertising. Stricchiola has been hired as an expert consultant for the plaintiff.
The Arkansas case "is going to have a significant impact on the industry when we see the shake out of it," she says, though it's unclear what that impact will be. Stricchiola forecasts that the case may be resolved by the end of this year.
Stricchiola says that the Internet advertising industry would be well served by a third party intermediary to resolve PPC disputes. A neutral, third party is needed because both sides of the PPC divide — search engines and advertisers — are reluctant to release their data to each other (or to anyone, for that matter). So both sides are in the dark.
The engines don't know what happens to a click after it goes through to a site; does it immediately leave (meaning it might be fraudulent), or does it browse around? (which suggests it's valid). Advertisers, unfortunately, don't have access to the search engines' log files; this is well-guarded proprietary data.
Solve this impasse, and click fraud should be less of a problem, Stricchiola says. Using a third party intermediary will allow both sides "to get the necessary data to really combat fraud and invalid click activity to the best extent our current technology will allow."
But first, "we need to measure the extent of the problem." Stricchiola has been hired as a consultant for the Fair Isaac Corporation, a large fraud auditing firm, to begin aggressively researching the issue.
In the mean time, disputes about the extent and importance of click fraud continue. Some industry forces argue that click fraud isn't a significant problem, claiming that if advertisers didn't get a positive return, they wouldn't invest in PPC. Yet PPC continues to grow, so click fraud must not be a significant problem.
But Stricchiola disagrees with this argument. "The truth of the matter is, there's not a single CEO out there, who if presented with the prospect of saving even two percent on his spend, wouldn't want the protection to know that he's not spending that money unnecessarily."
James Maguire is a contributor to ECommerce-Guide.com. His column appears every Monday.
|Do you have a comment or question about this article or other e-commerce topics in general? Speak out in the SmallBusinessComputing.com E-Commerce Forum. Join the discussion today!|
2014 Neustar Annual DDoS Attacks and Impact Report: A Neustar High-Tech Brief DDoS attacks against high-tech firms have started to take a dangerous turn. It's called DDoS smokescreening — attackers using DDoS as a...
Avoid the Sales/IT Collision Scenario: Using Apps for Better Collaboration What's great for sales productivity isn't always good for IT. Nearly 56% of sales teams agree that slow connections are one of the biggest issues...
App Security and Malware Propagation Cybercrime is getting big and bigger. 2013 was the year of the Mega Breach with eight top data breaches resulting in the loss of tens of millions...
SANS – Securing Web Applications Made Simple and Scalable The weakest point in modern networking infrastructures is often not the low-level hardware and software running on the servers, but the web...