Jun 12, 2019

Key Takeaways from the Taking Malvertising Fight Upstream Fireside Chat at AdMonsters' Programmania 2019

At AdMonsters’ 2019 Programmania conference our CRO Kate Reinmiller participated in a “fireside chat” with one of our clients and AdMonsters’ Editorial director. Take a look at Kate’s key takeaways from the panel.

By Kate Reinmiller

On Monday June 3rd, I had the privilege of participating in a “fireside chat” at AdMonsters' Ops 2019 conference with our client Connie Walsh, Senior Director of Advertising Operations at Legacy.com. The discussion was moderated by Gavin Dunaway, AdMonsters Editorial Director, and was titled “Taking the Malvertising Fight Upstream.”

It’s a given that as long as ads have been served, publishers have borne the brunt of malvertising and bad creative. But as real-time blocking and other ad quality technology evolves, it’s become clear that responsibility must be shared throughout the supply chain by publishers, SSPs and DSPs alike. Connie and I enthusiastically tackled this issue in our discussion before an audience of approximately 250 digital strategists and media leaders. 

Here are some highlights from our conversation:

The conventional wisdom is that redirect attacks come on weekends—is this the case for you? From your viewpoint, what have been the biggest changes in malvertising strategy over the last year?

From our perspective yes and no. Attacks happen around the clock, however, we do see significant spikes on weekends, especially holiday weekends.  Over Memorial Day Weekend for example we noticed a 175% increase in malicious ads. Fraudsters are aware of client side technologies and using tactics to cloak their code (adding iframes, delaying their scripts, dynamically hosting content).

Connie agreed that holidays, weekends, and Q4/Q1 tends to be the worst for Legacy.  She shared that the biggest shift has been moving toward the on-page blocking solutions instead of reactively responding to user and internal complaints.

How do you get your technology partners to take more responsibility in battling malvertising? 

Connie said that while turning off fringe or heavily reseller demand partners can be an effective tactic, pausing one partner just means it will creep in from somewhere else. She is also frustrated with the same canned responses from their partners, suggesting that the issue isn’t getting strategically addressed higher up the chain.

Happily, Connie called on-page blocking “very meaningful to us because it provides an added layer of protection that we should be getting from our demand partners, but are not.” 

But, now that she doesn’t need to constantly communicate problems back to the partners, it appears Legacy is going silent and everything is fine. That shifts the onus to the publisher to use on-page blocking tactics and takes the pressure off the partners.

In moving ad quality controls upstream, what are the biggest differences in strategies and tactics?

Historically SSPs have used a combination of in-house tools plus server side scanning to look for bad actors. What we've found though, is that those steps don’t provide enough insight into what's happening on the client side. Client side tech makes it much easier to identify the source of issues, and makes it easier for SSPs to take action. Adding real-time ad quality solutions at the SSP level allows for real-time insight into bad creatives, problematic DSPs and buyers so that SSPs can act quickly.  And yes, there are ways to do this that don't have negative revenue impacts on the SSP or the publisher!

Moving upstream allows publishers and demand partners to work together to combat this issue — and starts to put more pressure on the DSPs to take accountability for ads that are entering the ecosystem through self service tools.

How effectively can you trace the sources of malvertising campaigns? 

Connie revealed that “without vendor supported resources, not very well at all.” Legacy (and other publishers) simply don’t have the technical resources to be running Charles Sessions across mobile devices every time they hear a user complain about malicious ads.

One of Connie’s longstanding gripes is that there’s no standardization in the ad request’s call chains and “the handshakes from tech vendor to vendor are not clear, and very cluttered/muddled with other intermediary tech.”

Is all real-time creative-blocking technology created equal? How do you best evaluate what’s on the market?

We believe that the addition of new companies in the space validates how pressing the issue is. Ad quality continues to be a major problem and it's not just limited to malvertising —there are also compliance issues, data leakage and bad content.

Of course, each provider has different strengths. In terms of the actual technology, there are subtle differences that matter. For example, whether or not the provider uses a blacklist, caches scripts or can replace a lost impression are all important details to know.  

Some providers have point solutions while others take a more holistic approach. We're seeing our clients test multiple solutions, which is a good thing. We do believe, however, that after an initial investigation period, it makes sense to limit actual trials to your top two vendors.  Testing longer than a month or so introduces too many variables.  

We typically encourage clients to focus on three key things: seamless integration, solution effectiveness; and the overall experience with the interface and customer service.

Consolidation in the programmatic space is always looming.  What kind of effect will that have on malvetisers and ad quality efforts?

Both Kate and Connie agreed that consolidation is a positive trend as it limits the number of entry points for bad actors and eliminates unnecessary arbitrage. But as long as there are self-serve tools and so much money being transacted in real-time, there will be actors looking to take advantage of the system.

Overall, it was a thrill to participate in this important conversation!  Keep an eye out for a couple of more in-depth interviews with Ad Lightning on AdMonsters following this event.

`` `` ``