The Interactive Advertiser Bureau (IAB) Tech Lab introduced the ads.txt standard with the intent to add further transparency for programmatic buyers, making it easier to identify “Authorized Digital Sellers,” as publishers on the supply side adopt this method. Transparency is the currency that allows buyers and sellers to trust one another, and as technology advances to scale up these exchanges, making the process faster but also, hopefully, more secure, fraudsters also refine their methods to game the system. This fraudulent hydra’s head leaves plenty of work still to do for measurement providers like DoubleVerify, a global company with a platform that authenticates the effectiveness of digital media for brands and media platforms.
Publishers who adopt the ads.txt standard benefit from buyers’ confidence that the digital inventory they purchase through an exchange is authentic, because ads.txt acts as a registry or code-based watermark certifying the publisher’s domain. The advertiser’s ads, when the inventory is bought, will appear where the publisher says it will appear, and not go up on some other phony site that weaseled its way into the exchange.
Last week, DoubleVerify announced that it had detected a fraud case within the ads.txt ecosphere. Because ads.txt is a well-considered industry-wide solution, the scheme to get around it is similarly impressive, according to what DoubleVerify discovered. The fraud scheme involved a network of bots that visit publishers’ sites and scrape the sites’ content. Then the bots recreate a phony version of the publishers’ pages, adding new ad slots around the counterfeit content. Such a fake website wouldn’t stand a chance in an “Authorized Digital Sellers” exchange, because it wouldn’t be ads.txt certified. However, the schemers attacked by sneaking their falsified URLs into a publisher’s list of ads.txt authorized resellers, making the content and the ad inventory appear authentic.
DoubleVerify CMO Dan Slivjanovski points out that programmatic digital exchanges involve many intermediaries in the buying and selling process. This makes the process complicated and very fast. Using a digital registry method like blockchain to automatically authenticate exchanges might be a possible solution in the future, but in Slivjanovski’s assessment, such a method today would be “aspirational” at best. The problem is that blockchain technology can’t keep up with the computational speed of the exchanges, with trades happening in milliseconds. Slivjanovski suggests that blockchain could find a role today in looking back over digital ad executions after the fact, to see where the ads landed, and if purchases prices during the exchange were fair or inflated by “tech taxes” because of the number of intermediaries in the programmatic buying exchange chain.
For Roy Rosenfeld, VP Product Management at DoubleVerify, ads.txt is “a great tool to better identify shady things going on” in programmatic exchanges and “a great data point” to add to DoubleVerify’s fraud detection.
“We help our clients identify and measure the authenticity of impressions against the ads.txt status,” Rosenfeld explained. “Just as you can segment the ad inventory by various metrics, by geolocation or devices, mobile versus desktop, ads.txt adds an additional layer for our platform to measure.” In this model, ads.txt provides a baseline from which a company like DoubleVerify can measure other indications of fraud.
Rosenfeld adds, “From our perspective in talking to our clients, everyone is very aware that ads.txt is a great tool, but not the end all be all. The standard reinforces the need to use ads.txt, but because of how it’s implement you have to stay vigilant and measure more than just the ads.txt [data layer].”
Once DoubleVerify uncovered the ads.txt fraud, they doubled back to make sure their clients and partners weren’t schemed, while also sending out word to the larger adtech community.
The company has also recently identified botnet fraud affecting the rapidly evolving Connected TV arena.