Just when we thought, we had heard it all about “fraud on the internet”. There are the “fishing” emails, enticing (or more likely scaring) users into giving up their bank account (or paypal) information. There is the “multi level marketing” schemes, the ID thefts, the spyware. The SCAM-THRU-SPAM market is just huge…and not necessarily limited to financial losses. Think of those “15 million dollar waiting to be picked up from that Nigerian bank account” scam. When the gullible follow up and actually fly to Nigeria , they get kidnapped and ransomed. Occasionally murdered. Makes the “cheap Viagra” brokers look like good Samaritans!

All these abuses are reducing our trust in the internet and e-commerce. Which is a shame, given the efficiency and cost savings that this medium allows, especially in terms of targeted advertisement. One example of such advertisement is PPC, or Pay Per Click. This is a great improvement over the good old flashing banner ad's that we all know(and have grown to hate). The Pay Per Click ad's are text base, with no slow loading flashy graphics detracting from the site. Best of all, they are context dependent. They get displayed only when a person searches for a certain “matching keyword”. PPC is extremely popular for one reason with advertisers. It's simple to demonstrate that it brings traffic to their site. For the people searching for something it's sometimes a shortcut to click on PPC ads rather than sift through the clutter that search engines often display organically. This Pay Per Click (PPC)advertising market size exceeds $5 Billion/year and keeps growing. Often at the expense of radio, TV and magazine advertising. Whether it's cost effective to use such a program or it gives you the requisite ROI is topic for another web analytics discussion.

Unfortunately, if you advertise your site via Pay per Click Programs like Google Adwords & Overture, then it's exceedingly likely that you are a Click Fraud Victim. Click fraud, takes place when a person or program visits a website with no intention of browsing the site, purchasing a product or performing any other type of conversion action. The intent is to make the advertiser suffer losses (or make extra income). This new type of cyber fraud is on the rise, and estimates on the loss to the advertiser through click fraud vary between 10-40% depending on the keyword and the industry. A simple calculation shows us that the advertisers are shelling out $ 500 Million to 2 Billion per year to click fraudsters. Google and Yahoo are among the leading providers of advertising links, usually targeted to the audience based on the contents of a page. The issue, to some extent boils down to the difference between a genuine user(sometimes referred to as a “good faith” visitor) and a click fraud artist. According to a Newsweek article, Google and Yahoo are struggling to adjust the definition of “good-faith click” and their policies, and methods of preventing this new type of click fraud. Given the rampant rise, it's a work in progress.

Who perpetrates the click fraud? A significant portion is performed by the competitors who aim to drive up the advertisement cost of their rivals, and hence drain their rivals' marketing budget. This is a form of digital industrial sabotage. There are the profiteers using ad-sense fraud (see Google AdSense Fraud Article about these shoplifters ) then there's the impression fraud guys ( Article on Impression Fraud) who are the sneakiest. There's always the existence of the terminated employee getting his revenge by clicking on the Pay Per Click ( PPC ) advertisement. The one that's probably the hardest to nail down is the equivalent of a drive by clicker. Someone who enjoys random acts of click violence and other such mayhem. Anecdotally, a person who wanted to click on PPC ads of all the lawyers, just because he “hates” lawyers. There was a method to his madness, since the PPC keywords that lawyers bid for, go for as much as $50!

To gauge the seriousness of the problem, who better to listen to than Google's chief financial officer, George Reyes. Click fraud is "the biggest threat to the Internet economy,” Reyes said during a December investors conference. "Something has to be done about this really, really quickly, because potentially it threatens our business model." Ask Jeeves, similarly thinks of it as a serious enough risk to list it in it's regulatory filings. They feel that their revenue might decline "if advertisers come to perceive click-fraud as a widespread and pervasive problem."

We have to agree with them. The advertiser pays a large premium for having focused, directed traffic to his website through the paid listing. If banks lose their credibility, then people will stop using them and hide their dollars in their mattresses. If the search engines lose their credibility due to click fraud, their customers will vote with their dollars and move back to more traditional forms of advertisement. Similarly, as the PPC customers see their advertising ROI drop, often due to such fraudulent activities they may start walking towards the exits.

One would have thought that given such a threat to their business model, the big search engines would have been more forthcoming with information pertaining to data regarding the visitor to a site through PPC and incidence of click fraud. Such is not the case. The big two, Google and Overture are extremely secretive, and seldom give out any traffic information, or details about how they track click fraud. Their approach is not without justification, given the possibility of people reverse engineering their tracking mechanisms and allowing the fraudsters to tweak their tactics.

The search engines are also accused of turning a blind eye to click fraud. The reasoning goes that they are likely to take a severe hit to their earnings if all the click fraud cases are detected. They have not been following up on anything but the most egregious instances of click fraud. We are inclined to believe that the search engines make some effort to play fair, but they are hobbled by some technological limitations to their ability to track click fraud.

The biggest one is that the search engines can not possibly know the overall trends and analytics of the advertiser's site. A good analytics package would be able to provide the statistics which show the optimal path to conversion, places where abandonment may happen, the average time taken reading the “top” pages etc. This is the “signature” may very well include time spent on the path, conversion, on site search etc. of a genuine client. Basically, the serious visitor has a certain pattern which a malicious user or a bot would not be able to simulate. Similarly, for a certain site, the fraudsters too have their own “signature”(i.e. a statistical pattern). When making a decision whether a certain visitor is a likely fraudster, one of the techniques used is to match against the “genuine” signature and then against that of “fraudster”. The search engines don't have access to this data(since they are unable to track visitors once the visitor click), while a good click fraud detection software or service has access and is able to do such detection.

Furthermore, the search engines can't track traffic from multiple search engines belonging to same network(a favorite of the “classic” competitor click fraud). For instance, Overture network is composed of Lycos, MSN and Alta Vista. The click fraud artist could potentially click on an ad using Lycos, move to MSN and then Alta Vista clicking on the same ad. Overture/Yahoo will not mark/catch the perpetrator. It's even worse when the ad is displayed across Google and Overture! It is possible that the situation will be exacerbated when the upcoming Yahoo “Publisher” program(the equivalent of Google Adsense) goes mainstream. However, a dedicated click fraud detection effort, if based on rigorous analytics, website statistics and software pattern matching should have no problem nailing these guys.

Lastly, some efforts need to be done with customized reporting, when the pattern of abuse is more complicated. The search engines don't have the resources(or interest) to drill deep into the analytics data and audit individual advertisers website stats. However, they will consider refunds if presented with detailed and convincing data. Anecdotal evidence suggests that Google is the tightest with AdWords fraud refunds, while Overture(Yahoo) is somewhat more liberal. Naturally, you would want to present yourself as a competent, organized person or organization when applying for refund. The arguments need to be backed up with statistics and actual events to be credible. If you are a regular PPC customer, you have the unfortunate task of defending what's rightfully yours from the click fraud artists. This can be done with the help of expertise for auditing and reporting click-fraud developed in-house or by outsourcing to an analytics based click fraud detection company.

The FTC has been cracking down on the consumer fraud and the fraudsters, by increasing resources to track down and prosecute the “fishers”, the “investment schemes” and the “real estate opportunity” guys. However, Eileen Harrington, director of marketing opportunities has declined to deem “click fraud” as something that directly affects the consumer. Therefore, the FTC does not want to tackle the click fraud. The search engines too are unable to fully detect fraud, due to the reasons described above. One wonders who is there to look after the best interests of an advertiser trying to make it on the web and getting cheated by fraudsters. Given the PPC fraud rate, the advertiser has to really question her conversion numbers. Is that conversion ratio of 1% really natural, or could it be higher if the fraudsters are excluded from the traffic, and the money wasted on them refunded.