Click Fraud - Bane of Paid Search
By: Susan Esparza, Bruce Clay, Inc., May 2006
The CNET headline read, "Click Fraud Rate Lower Than Expected..." and the numbers it reported stunned an entire industry. The Click Fraud Index reported that the average click fraud rate is measured at 13.7 percent industry-wide. According to the Index, click fraud rates for Tier 1 search engines like Google, Yahoo! and MSN were found to be 12.1 percent; Tier 2 search engines were reported at 21.3 percent and Tier 3 search engines at 29.8 percent.
Before this announcement, estimates by SEM vendors ran anywhere from 20 to 50 percent. The revised figures caused everyone in the industry to collectively scratch their heads. However, this Index does not represent data from the entire industry.
The Click Fraud Index is published by a group of advertisers, agencies and search vendors comprising The Click Fraud Network. Members have access to CF Analytics, a click fraud reporting system based on page tagging. CF Analytics provides PPC campaign reports yielding threat levels by date, search term, search engine, and other variables. Therefore, the Click Fraud Index data comes from a network that monitors click fraud for members that suspect fraud, resulting in a selective sample. What is surprising is that the fraud rate for this group is so low.
Search Engines Vs. Search Vendors
Search engines have historically minimized the incidence of click fraud, stating they have vigorous filtering systems and make prompt reimbursement to victims. All search engines maintain that fighting click fraud is a top priority.
Vendors, on the other hand, cite higher click fraud rates and often find it difficult to document and prove click fraud for reimbursement. Vendors believe the search engines are jawboning and not doing enough to prevent click fraud. It is reasoned that paid search is extremely popular and brings in huge revenues. Even if a few disgruntled advertisers stop using paid search services, there are others waiting to replace them in the top listings, and the cash never stops flowing.
Vulnerability of Paid Search
Some analysts have remarked that if click fraud gets out of hand it could potentially bring down the entire paid search industry. Click fraud has been called a "Google killer," yet advertisers are willing to pay the added cost of click fraud as long as paid search delivers value.
So far, the value is there, with paid search getting the lion's share of search marketing dollars in 2005 (83 percent). This amounted to $9.5 million in 2005 and is estimated at $14.5 million in 2006 (SG Cowen & Co.).
Proliferation of click fraud has accelerated over the last few years, with hackers and hucksters initiating new fraudulent schemes faster than technology can detect and prevent them.
It is naïve to think most fraudulent clicks come from competitors. Newer types of click fraud are more pernicious and harder to detect. For instance, spam blogs (splogs) are created to manipulate affiliate networks. These phony blogs generate content automatically by copying small parts of other sites, throwing in popular keywords and then joining Google or Yahoo!'s affiliate network.
Software links the splogs to legitimate blogs so they subsequently get high rankings, generating traffic and clicks. Unsuspecting visitors inadvertently click ad links when looking for non-existent info. There are thousands of splogs because they earn paid search income in the tens of thousands per month!
The Spyware Connection
In April, anti-spyware activist Ben Edelman provided detailed documentation showing that Yahoo!, through its relationship with Claria and other spyware vendors, is defrauding its PPC advertisers. Edelman alleged that fraud occurs as the spyware firms redirect user searches through their servers, inserting the Yahoo! ad links on unrelated websites or with pop-ups triggered by these sites. The spyware fakes a click, which in turn charges the advertiser when in fact no user ever clicked on a PPC link. Edelman also alleged that Yahoo! was taking advantage of advertisers by placing ads on sites created for the sole purpose of catching click-throughs from queries with misspellings of well-known trademarks and company names, known as "typo-squatting."
While Yahoo! moved quickly to terminate the relationships where click fraud via spyware was suspected, this was not enough for Edelman, who filed a class-action suit. The lawsuit accuses Yahoo! of consorting with spyware vendors to systematically defraud advertisers, calling this "syndication fraud."
Right now, all the attention is on Yahoo! but Edelman has promised to investigate Google as well.
Google AdSense for Domains is used by domain parking services that create Web pages full of PPC ads, served to users landing on the parked domain due to typos. Because these pages only contain links, it is likely that users will click on at least one to navigate away from the page, unknowingly creating revenue because the links are all PPC ads. To this end, Microsoft just released its Strider URL Tracer tool to help identify typo-squatter schemes that use PPC parking domain services.
The click fraud legal climate has been active this year. Besides the aforementioned Yahoo! suit, Google settled a $90 million click fraud suit in March, and New York Attorney General Eliot Spitzer filed a click fraud suit against Direct Revenue in April.
PPC search engines need to do more than pay lip service to preventing click fraud. It is easy to say click fraud is a big problem, we take it seriously, we have systems in place to detect it and we promptly reimburse victims. They have been saying trust us, we'll take care of you. However, with the proliferation of fraud, numerous new fraudulent schemes, the spyware connection and current legal climate, that doesn't work any more.
After the Google settlement, the situation reached a point where both Google and Yahoo! were considering whether or not to release more information about how they detect click fraud, indicating they might consider independent third-party audits of click fraud. Historically, search engines have avoided transparency and third-party audits because of the need to protect proprietary systems and data. However, with the volatile nature of the click fraud legal environment, search engines must move quickly to take necessary steps toward retaining customer confidence lest they jeopardize this lucrative marketing channel.