Marketing fraud: Half of internet traffic is now non-human

The lost revenue opportunities is already a huge problem for brands… and it’s still growing.

It is no longer enough for organisations to think about cybersecurity. Marketers have to start looking at how their own campaigns are being compromised by inauthentic activity that is corrupting the entire customer journey.

According to customer acquisition security company Cheq, the direct costs associated with ad fraud will reach a massive $35billion in 2020. Indirect costs, such as wasted labour, eroding customer loyalty, and a decline in growth opportunities are even higher – three times as much.

The problem of marketing fraud is huge, with about 50% of internet traffic in some way non-human or not authentic, such as bots and click farms. Some of it is malicious, some benign; but it is outpacing human activity and causing online business to be less sustainable, says Daniel Avital, chief strategy officer at Cheq. 

“The value isn’t completely undone but to achieve full value from online customer acquisition or digital advertising the prerequisite is to focus resources on humans, not bots. It undermines data integrity and performance,” he says.

It goes beyond performance marketing

It is not just performance marketing that is affected as it has a larger effect on the entire customer acquisition, seeping into CRM, SEO, and analytics. 

If activity is getting skewed by 30-40% by bots then it is affecting the overall business performance and targets. It can have a corrupting influence on anything from handing out bonuses correctly to placing a value on the company.

Avital likens it to a department store where 50% of the customers are androids who will never buy anything but take up the time and resources of staff who could be dealing with real customers. It skews logistics planning, advertising and everything.

“If that much engagement online is inauthentic, it undermines everything and click fraud is part of it. You can’t afford to be wasting so much budget.”

Cheq pioneered an approach called customer acquisition security (CAS) to secure the entire customer acquisition, growth apparatus. Organisations have to bite the bullet and call in professionals, Avital says. 

“We built Cheq because we maintain that organisations can’t do this themselves. It’s a new emerging area and you need to hire a pro. There are rudimentary DIY steps that a company can take to mitigate some risk but ultimately a serious organisation spending millions on growth should hire a pro.” 

Look for anomalies

In the meantime, he advises that companies look at analysis of their existing data. They should be able to find anomalies such as spikes in traffic that don’t make sense. If there are 50,000 visitors when you expect 5,000 then it’s safe to assume invalid bot activity such as a DDOS attack. Abnormal click-through rates could be click farm or bot activity.

If activity is coming from a certain geography, then that can be shut down. Affiliate activity is another area to keep an eye on as it is responsible for a lot of fraud. 

There are also tools to block VPNs or other proxy users who mask their identity. IP blacklists of data centres that are driving fraudulent traffic can be purchased and you can block the offenders.

However, these rudimentary steps can also cause problems, he warns. For example, blacklists can overblock real customers as they don’t have accuracy.

As a problem, it is getting bigger

“It is trending upwards. If in 10 years it was three quarters of the internet, that wouldn’t surprise me. Bots can reproduce exponentially and there’s an interest to do so by certain parties,” he says. “The volume of inauthentic activity is detrimental to online activity. Inbound sales teams don’t know whether to trust leads.”

The same principles adopted by cybersecurity need to be applied to marketing, and marketers have to be aware it is their concern too and affects the integrity of their operation. A customer acquisition security is required to deal with a problem he describes as “mind boggling”.

“Sophisticated marketers can’t imagine it. Every big company has about 20 pieces of tech running in their tech stack. They can be paid by volume of monthly visitors or every time someone visits the website. If 50% of traffic is inauthentic, think how much money is being wasted, and that’s just widget abuse before we talk about CRM, advertising and retargeting, and personnel chasing bad leads.”