Fraud Detective: An Anti-fraud Investigation Series

Think of Kaden as your personal “Fraud Detective” for mobile programmatic, investigating every part of the user acquisition journey for indicators that reveal fraudulent activity. From impression, to click, to install, we hunt for fluctuations and discrepancies in the numbers. Our analysis is thorough and site-agnostic, which means that we rigorously review each exchange and site we buy from proactively and apply macro rules at a both site and device levels. 

We rigorously review the data to spot fraud.

Our internal fraud rules are highly sophisticated. Some lead to an immediate device ID blacklist. Some work on a strike system so that if a particular activity happens more than once, we keep track and avoid false positives. We are additionally proud and vocal of our choice to coordinate with third-parties, including anti-fraud specific services and MMPs, to ensure that our methodologies are accurate and verifiable. 

We have internal fraud prevention rules, we work with third-party anti-fraud, and we want your guidelines as well!

Of course, advertisers should always share their guidelines with us, because it may be that you wish to block specific types of apps or specific publishers at a site level based on your own data and experiences, but after applying your guidelines we do our best to avoid exchange or site bias. Where appropriate, we want to challenge household names while also treating each smaller exchange or site fairly. 

We want to encourage our customers to focus on the data points – clicks, impressions, installs – not the app category or developer location. For this reason, we’re creating a series of shorter posts that explain some of the types of fraud we’re working to eliminate from our ecosystem, and what you can do to spot them. It’s an advertiser’s right to be informed so you can work alongside us to stop fraudsters in their hacks! 

Focus on your dashboard – does the data make sense?

Below are some of the key terms you’ll want to know when investigating for fraud. As this series develops, the terms will be linked to more detailed articles. 

Impression-level Fraud 

Ad Stacking: When a publisher serves two or more ads in the same placement, so an impression is requested for both, but only one ad is seen by the user. If the ad on top is a display ad such as a banner or interstitial, but an impression request is also sent for video or interactive formats, the fraud may also be referred to as “Background Ad Activity.” 

Click-level Fraud 

Click Spamming: When clicks are executed for a user who is not active. This can take many forms, for example, a malicious app could run in the background on a real user’s device, sending clicks 24 hours a day even when the user is not taking action in the app.  

Click Injection: When fraudsters monitor the activity on a device and “inject” a click right before an install takes place, so they can claim credit for that install. 

Install-level Fraud 

Fake Installs: When an attribution partner is tricked into attributing to a paid source an install that did not actually happen. This is most often done through device emulation. 

Site-level Fraud 

App Spoofing: When a fraudulent app signals that it is a legitimate one by modifying ad tags or utilizing malware. Known as Domain Spoofing when done in a web browser. 

SDK Spoofing: When fraudsters replicate the communication signals between app stores, ad networks, and MMPs, thereby simulating real user behaviour, even down to post-install actions. 

Additional Key Terms 

Device Farms: These can consist of a bulk of real devices in a single location, where a person is paid to activate specific attributable actions, or they can be purely digital, set up through an emulator as a cloud full of faked devices. Either way, device farms are used by fraudsters to complete many paid actions all at once. 

Organic Theft: This term is used to describe any fraudulent activity that steals attribution from an organic source. If a user intended to install an app without viewing an ad, yet the install is counted as a paid one, that is organic theft. 

Invalid Traffic (IVT): IVT is any traffic that is not human. There is General Invalid Traffic (GIVT) which consists of web crawlers and non-malicious bots, and Sophisticated Invalid Traffic (SIVT) which is intentionally crafted to resemble a real user. We want to avoid IVT as much as possible – fraudsters can take advantage of both kinds. 

Share This Post
Share on facebook
Share on linkedin
Share on twitter
Share on email

Subscribe to Kaden Updates

More To Explore

Contact Us

Ask how we can help