What you need to know:

• A recently uncovered fraud botnet targeting CTV, labelled “MultiTerra” has been identified by authentication business DoubleVerify.
• It was designed to create fraudulent inventory on mobile and CTV platforms, leading to advertisers bidding on non-existent impressions.
• “MultiTerra” generated more than 3m fake impressions a day at its peak in CTV and mobile environments.
• Australian industry execs says it's likely similar fraud is going on within the Australian marketplace.
• However, digital agency leaders say it is less likely to be at the same scale given the size of Australia’s CTV market.
• Switch Digital CEO Lee Stephens told Mi3 there is always going to be “an obvious” level of fraud with any new digital inventory that hits the market.
• He says Australian agencies need to avoid “open market transactions” in the hopes of cheaper rates, as this is likely one of the major drives behind CTV fraud.
• MiQ boss Jason Scott says Australia has  “greater collaboration” in its TV sector than other international markets, which will play a role in “stomping out” further fraud.
• Scott says it’s vital the local market learns from the US, as CTV is likely to remain an attractive avenue for fraud should it go unaddressed.
• CTV now accounts for 36% of the $1.6 billion online video market, according to IAB Australia.
• Over the past year the number of Australians viewing internet-delivered content on a TV each day has grown 22%.

Dealing with a “MultiTerra”

CTV now accounts for 36% of the $1.6bn generated from online video, according to the IAB.

In the US, a report from the Association of National Advertisers (ANA) found nearly 50% of advertisers plan to increase their spending on CTV going into 2020 and beyond. The ANA also found CTV adoption rates would increase by 82% by 2023, as consumers continue to embrace smart TV technology.

However, like many advances in digital ad inventory, CTV has not been without its issues.

Most recently, digital media authentication company DoubleVerify discovered an aggressive botnet  named “MultiTerra”, which was targeting CTV inventory.

It was designed to create fraudulent inventory on mobile and CTV platforms, leading to misplaced ad spend for advertisers bidding on non-existent impressions.

“MultiTerra” generated more than 3m fake impressions a day at its peak in CTV and mobile environments.

If left undetected, the inventory value of the impression requests generated by MultiTerra was on track for over a $1 million monthly run rate at its height.

In just 20 minutes, a single IP in the botnet impersonated 16 different iPhone and Android phones, requesting nearly 50 impressions to at least 9 different video apps.

DoubleVerify research shows there has been a 161% Increase in CTV fraud rates in the first quarter of 2020 over 2019 with 78% of fraud incidents in CTV driven through BOT fraud.

In a bid to shutdown the botnet, DoubleVerfity’s machine-learning algorithms began to identify its unusual pattern. Once the abnormal behaviour was confirmed as fraudulent, DoubleVerify  implemented protective measures and deployed them across advertiser campaigns.

In a joint effort by DoubleVerify’s research, analytics and development teams, the Fraud Lab team created an algorithm that detected and captured these IP addresses less than an hour after they had been taken over by fraudsters.

This pattern repeated itself three more times over several weeks. DoubleVerify blocked the traffic and MultiTerra morphed again. Fifty days after it was first detected, the botnet was no longer operating.

Speaking to Mi3, Imran Masood, DoubleVerify ANZ Country Manager says there are three key reasons for CTV ad fraud:

• Server Farms - where fraudsters fabricate impressions at scale.
• Fraudulent apps - where fraudsters have an app that fabricates fake traffic and impressions
• Spoofing - where fraudsters re-engineer an ad impression, buying a low-price display ad and reselling it as CTV video at a premium CPM. This is how they can prevent fraud on CTV. 

"[Even in direct campaigns] there is fraudulent and data center traffic everywhere. So long as something is hooked up to the internet, there will be traffic hitting it that isn’t real," Masood told Mi3.

"Fraudulent traffic will often scour top sites and apps to try to appear as a real human, when in fact there’s just an algorithm to visit top environments before hitting the real target."

CTV ad fraud in Australia 

While MultiTerra was not active in Australia, the spike in ad fraud throughout CTV has been registered locally.

Industry insiders say the issue has been top of mind recently, as the medium continues to rise in importance as part of a a total TV or screen buy.

CEO of Switch Digital, Lee Stephens told Mi3 it was unsurprising that there had been an increase in the amount of fraud within CTV.

He says fraud is “inevitable”, especially given the sudden spike in value CTV has seen in recent years.

“It’s like any new market that sees a serious uptick in interest, coupled with a rapid flow of cash coming into it and CTV is the latest to fit that category,” Stephens says.

“We’ve seen it in countless areas of the digital ecosystem and given its high value CPMs and limited supply, it should be no surprise that fraudsters are aggressively targeting it.”

Stephens says one of the most likely drivers behind the increase in CTV fraud is certain agencies shirking direct deals with premium publishers and looking to the open market for cheaper deals on inventory.

He says point-to-point agreements with publishers is the best overall solution for stemming the flow of fraud in the space.

“We all know what the pricing in market for that level of inventory is, so if you are looking at the open exchange and are getting three or four cents as a cost per completed view, you’re dealing with some questionable pricing or source,” Stephens says.

“This is going to be very much like programmatic at the start, people are aware of the issues and educate themselves quickly on the solutions – in this case there is no better way to minimise fraud than with point-to-point deals.”

MiQ ANZ boss Jason Scott agreed with Stephens, telling Mi3 that those agencies who “wade into the murky” open exchange, are creating a lot of risk for clients.

He says, locally, the industry is in a better position to learn from global mistakes such as the recent botnet attack, given the size of the market and level of collaboration between agencies and publishers.

“There’s obvious things that need to be done, namely continuing to rely on the key authentication companies such as DoubleVerify but also maintaining a healthy level of industry collaboration,” Scott says.

“We’re in a smaller market, with a lesser number of major publishers operating in this space, the onus needs to be on everyone to continue to follow best practice and take learnings from what goes on internationally.”

Masood says buyers should get close to the publishers whose inventory they believe they are buying. He also says they need to utilise verification more effectively to better understand what their dollar is buying and where their creative is landing.

He says sellers need to support third party open measurement so buyers have the opportunity to see exactly where their creative is landing down to the URL level, and identify "potential fraudsters trying to spoof the publisher".

"Independent transparent measurement is the only way to create a trusted marketplace. The industry is working towards this outcome in the CTV space," Masood says.

"It is however a shared responsibility of publishers to offer that exposure into their inventory and the advertisers buying teams to demand the third party measurement capabilities be deployed across all forms of CTV transactions."

Not the only issue

While fraud might be the latest hot topic to hit CTV, the channel has also been battling other critisms with agencies and consumers.

Ad duplication across the major broadcasters’ catch-up platforms remains a problem.

This is also known as “overexposure” and is when a brand’s ad is replayed on a loop throughout assigned CTV and broadcast video on demand (BVOD) ad breaks.

Most recently, GroupM’s specialist TV agency Finecast launched a universal ID it says will lead to less ad annoyance and better optimisation and measurement through a single buying platform for the first time in Australia.

Finecast Australia’s MD Brett Poole previously told Mi3, the aim is to provide brands with an accurate and measurable CTV reach and frequency builder.

It will also ensure that “overexposure” is capped by having a “stable identifier” on CTV throughout Australia.

The ID has been developed using encrypted data sets from each TV network and will not be combined with other third-party data sources.

Poole says one of the big challenges with connected TV is reach and frequency when measuring and optimising campaigns. He attributes this mainly to CTV lacking any real identifiers such as Apple’s Identifier for Advertisers (IDFA) or other device IDs.

“IDFAs and device IDs aren't stable at all on the big screen but remain pretty good when it comes to the small screens, because phone and laptop makers have digital in mind when they when they when they're building these devices,” Poole says.

“TV hasn't come from that background. In fact, it was our UK team that first saw this happening in its markets, where there was no way to simply ensure you were addressing the same person when they would return to view a program on their smart TV.”