PPC fraud is a serious problem in Internet advertising. It happens when ad links at search providers like Google Inc. and Yahoo Inc. (which owns Overture) are clicked for the wrong reason. Someone (or something) repeatedly clicks on the link without any real interest in purchasing the products or services on the advertiser’s Website. The resulting clicks are considered to be malicious, artificial or not conducted in good faith, as Yahoo puts it.

Google refers to fraudulent clicks as "invalid” clicks, which it defines as "clicks generated by prohibited methods. Examples of invalid clicks may include repeated manual clicking or the use of robots, automated clicking tools, or other deceptive software.

No matter how click fraud is defined, the issue is becoming critical worldwide. All throughout 2006, the subject of PPC fraud has captured ongoing coverage in major media such as CNBC, the Wall St. Journal, Inc., BusinessWeek and Barron’s. And no wonder. The statistics surrounding click fraud—which vary widely—are astounding:

• Click auditing firm Click Forensics puts click fraud at just under 14 percent for the major search engines. Nearly 90 percent of those unwanted clicks come from the United States and Canada, according to the company.
• A recent report by the Search Engine Marketing Professional Organization found that 40 percent of online advertisers say they've discovered fraud among their clicks, 16 percent more than the previous year. Some monitoring firms have estimated the fraud rate as high as 30 to 35 percent of all pay-per-click ad clicks.
• As much as 70 per cent of annual online advertising spending is wasted because of click fraud, according to Clickhaus, a not-for-profit project that aims to help combat the loss of revenue caused by click fraud. Online advertisers stand to lose $1.6 billion in wasted ad expenditure by 2008 because of the problem.

Putting the Problem into Perspective

With PPC, advertisers pay a certain price per click to be listed near the top of the first page of the search engines for their select keywords or phrase. The listing appears as a “sponsored link” on top of the regular search results. Every time someone clicks on the PPC ad, the advertiser pays for that click.

PPC is an important advertising tool because it does something that Internet marketing can’t deliver. It allows advertising companies to climb to the top of search engines instantly, rather than spend months or even years optimizing their site to perform well with search engines. Althought PPC can get expensive with certain keywords, it’s one of the most effective advertising vehicles on the Internet. Click fraud diminishes the quality, value and integrity of PPC advertising. And this damages the online advertising market in a way that goes much deeper than finances.

No one knows for certain just how widespread click fraud is. Quantifying the problem has been difficult partly because of the lack of trust and information sharing among the parties involved. Search engines can only see who's visiting a site; they have no way of knowing whether those visitors convert. Therefore, they use special formulas to look for other telltale signs that clicks are not coming from ordinary random visitors. But they're hesitant to reveal too much about those processes because they’re afraid of teaching would-be scam artist how to defeat them.

PPC advertisers, on the other hand have ample data about how visitors behave after they arrive at their sites. But they don't want to let the search engines know too much about the success of their campaign performance. They fear that increased bid prices will result.

Within the last year, a number of interested parties have initiated efforts to determine the size of the click-fraud problem. In January, SEM consultant Greg Boser launched an internal project to test the reliability of search engine fraud detection systems using automated software. Boser employs “click bots” to click on PPC ads he's taken out for some of his clients. Then he watches to see how well the engines are able to pick out the fake clicks. Bogus plans to publish his findings—good or bad.

Fair Isaac, the credit-fraud detection company, has also become involved. Fair Isaac intends to investigate what click data is needed from both advertisers and search engines to determine if marketers are getting a fair return on their PPC spending. The research will specifically study how much is being wasted on bogus clicks.

Types and Signs of PPC Fraud

The main types of PPC fraud are competitor, affiliate and automated. Competitor fraud happens when a rival business, disgruntled employee, someone paid to click, or an average user clicks on the PPC ads without genuine interest in visiting the Website. For competitors, the intent is often to purposely drain the advertiser’s budget. The basic idea is to repeatedly click on the ad to make it go offline, so the competitor’s ad will receive greater exposure.

Affiliate fraud involves Websites that are hosting paid advertising. The ads usually relate to the topic of the page and are delivered by the PPC marketing network based on keywords found on the page. Each time one of the ads is clicked, the network bills the advertiser and gives a percentage to the owner of the site orginating the click. The click fraudster gets to walk away with the illegal payments. The scammers are able to get away with affiliate fraud by exploiting fake IP addresses, using algorithms to determine click behaviors and finding ways to destroy identifying references. That’s what makes this type of fraud so difficult for PPC marketing networks to detect.

With automated click fraud software, a web server script, or other mechanism is designed to artificially click on PPC ads. This type of fraud is generally suspected of being competitor-based. It can also be difficult to catch and shut down.

It’s relatively simple for an advertiser to detect click fraud. Common signs include:

• PPC campaign costs are continuing to increase while Website sales continue to lag.
• The Advertiser’s conversion rate for paid pay-per-click advertising is lower than the conversion rate for non-paid listings.
• The cost per click for each of the advertiser’s best performing keywords has been continuously rising.

Who Gets Hurt by PPC Fraud

PPC fraud delivers a painful blow to both advertisers and search providers. Legitimate clicks can quickly exhaust a PPC account, leaving advertisers with very little to show for it. A prime example is China’s Analysys International, an info tech researcher in Beijing. Earlier this year, the company noticed that clicks on its ads on Baidu—China’s top search engine—soared without any increase in business. In April alone, Analysys burned through one-third of its modest yearly online marketing budget of $3,800.

Click fraud also leads to higher online advertising fees for advertisers. PPC fraud drives up the cost of clicks because many online advertising programs adjust the price of each click based on the popularity of the keyword and number or competing advertisers.

Search providers are also getting stung financially because of the mounting problem with PPC fraud. Increasingly, advertisers are demanding refunds directly from search engines for what they feel are unscrupulous clicks. Others are filing lawsuits, making search providers shell out millions of dollars to compensate advertising customers for click fraud.

For example, Google reached a settlement with unhappy advertisers in 2006. In July, in state court in Texarkana, Ark., a judge approved a deal valued at $90 million. The agreement, which provides $30 million in cash for lawyers, approved only advertising credits for class members. Disappointed advertisers are seeking to challenge the settlement in appellate court. Google has denied any liability.

In June 2006, Yahoo settled a class action filed in federal court in Los Angeles on behalf of advertisers alleging they had been billed for fake clicks. Although it admitted no wrongdoing, Yahoo said it would grant refunds for bad clicks since January 2004 that advertisers bring to its attention. The potential cost to Yahoo isn't clear. Yahoo also agreed to appoint an in-house advocate to represent advertisers. It also said it would periodically invite marketers to inspect its now-secret fraud-detection systems.

Lawsuits related to click fraud are also taking place in other countries. In China, for instance, Dr. Liu Wenhua, director of the Beijing Zhongbei Cancer Medical Research Center. Liu is suing Baidu.com. He claims that his center has suffered from fraudulent clicks on ads that it placed on a Baidu-affiliated music and entertainment site. Regarding the case, which is in a preliminary stage, Baidu maintains that it places the highest priority on preventing fraudulent clicks. The search engine added: "We have set up numerous measures both through automated technology and manual efforts to prevent fraudulent clicks and the effectiveness of which [has] been verified by [an] independent third party.... We are, however, continuing to invest aggressively in safeguarding measures which will help ensure that our customers and users continue to have the best possible experience."

How to Fight PPC Fraud

The online community is fighting back against PPC fraud. Google, for example, recently launched an initiative to make it easier for AdWords advertisers to detect the problem. Google has agreed to show individual advertisers the proportion of their clicks it has deemed invalid and for which they weren't billed. Now advertisers will be able to see the number of invalid clicks Google found, as well as what percentage that represents of total clicks registered, according to Shuman Ghosemajumder, business product manager for trust and safety at Google. Under the new system, AdWords customers will be able to see data on invalid clicks on a daily basis or beyond, going back to the beginning of the year, he said, in a press announcement.

However, such efforts by Google aren’t enough to solve the problem, according to Tom Cuthbert, president of Click Forensics. Search providers like Google may be working to protect the investments of their clients (advertisers), but the problem is that the search providers lack the position and the data to conduct an accurate audit of paid clicks, he said on the Click Forensics Website.

“The position should be one of an outside, independent, third party,” he added. “This is the approach taken with other media such as television (Nielsen) and radio (Arbitron). The data is lacking because in order to accurately determine the intent of a click, you need to have behavioral data, not just the technical data. Meaning that what a ‘clicker’ does on the site is just as important as the technical aspects of that click.”

Cuthbert pointed out that advertisers who run TV or radio ads receive a notarized affidavit at the end of each month. But in the online space there is no such process in place because the bidding system is tied to a “closed system” tied to a guarded algorithm. His company advocates that advertisers and publishers have open dialogue and find common ground.

The solution proposed by Click Forensics for PPC fraud includes three major initiatives:

• Create a community of advertisers to pool information, resources and ideas. Click Forensics has launched the Click Fraud Network. Members can discuss solutions, take advantage of free reports using the company’s patent pending algorithm to track click fraud threat levels. The network will publish the Click Fraud Index, a site dedicated to educating advertisers on industry trends and information.
• Define the industry standards for what an unwanted click looks like. Once these principles are developed, they should be published so that the entire community can benefit from it.
• Agree on a format to submit reports to search providers. This process would allow for improved identification of those trying to beat the system as well as a fair forum to be sure advertisers are getting what they pay for.
  

What Advertisers Can Do to Combat the Problem

Until a formal process is in place to minimize and prevent click fraud, advertisers can arm themselves with fraud-detecting software. Click Forensics offers free fraud-detecting software that uses innovative behavioral data to detect click fraud. The company aggregates data from PPC ads of the more than 1,300 advertisers and ad agencies in its network to see patterns that even giant search engines can't detect for themselves. Advertisers who use Click Forensics' software are able to measure the behavior of any visitors who originate from a paid click. Visitors who leave a site within a split-second or wander aimlessly without taking any meaningful action are likely to be software bots controlled by fraudsters, according Forensics.

Similarly, a UK-based service is working to fight online advertising by compiling a database of IP addresses associated with click fraud. Its approach works much the same way Spamhaus compiles a list of addresses associated with spam and spam-related botnet activity. Clickhaus will provide a service that enables IT pros, advertisers, and search engines the ability to report cases of click fraud. This data will then be published in a database, currently in beta.

"We got the idea of Clickhaus from Spamhaus because we were impressed with the way that they have helped reduce spam by sharing the IP addresses of known spammers," explained Robert Snell, director of search engine marketing firm Brain Talent, the founding sponsor of Clickhaus.

A growing number of organizations like Click Forensics and Clickhaus maintain private databases of IP addresses associated with click fraud. A major goal of the Clickhaus project is to encourage partners in the online community to share their data in order to reduce losses.

PPC advertisers can also combat click fraud by following basic strategies to protect themselves. For one, advertisers should limit their monthly budget. Also, they should also set realistic daily budgets to spread out ad spending over the entire month. This way, they can avoid having their budget being consumed in one click fraud session.

Online advertisers should also review their control panel and site log files regularly. If they notice a high number of visits over the course of many hours and days from the same IP address, they’re probably a victim of click fraud. The origin of the IP address can be traced by visiting the American Registry of Internet Numbers and plugging it into their "WHOis" search. The database will tell who was assigned that IP address, and whether it's an actual IP or another business entity. This information can be used to provide details about the IP to the advertiser’s PPC network.

PPC advertisers should also be careful when using affiliate sites, and examine the traffic received from such sites. Visits from an affiliate partner site generate a unique reference number. They should record those numbers whenever possible and compare with your logs. They should also check to see if competitors’ IP addresses show up in the Web logs.

In addition, it’s important to check the origin of all Website visits to see if there are any unusual patterns involving counties known for a high level of click-fraud activity. China and India, for example, are two countries with a reputation for being havens for click-fraud scammers.