Andreas Naumann
Director of Fraud Prevention
This Q&A was conducted when Andreas was a Director of Fraud Prevention at Adjust. Currently, Andreas is a Managing Director at CAAF.
Andreas is an industry veteran, having worked in digital advertising for well over a decade. He is also a well-known figure in the app industry — and one of the leading innovators in the fight against mobile ad fraud.
Andreas started his career on the supply-side. His fraud journey began when he uncovered a single publisher account with the largest-running ad fraud scheme his company had seen. In response, Andreas built an anti-fraud team to tackle the issue and in the process became an expert on fraud. In 2012, he moved into the mobile industry, working for a Berlin-based ad network.
In 2015, Andreas joined Adjust, an industry leader in mobile measurement and fraud prevention. In his role as Director of Fraud Prevention, Andreas spearheads fraud research, leads Adjust’s fraud team, and develops new methods for fighting fraud.
In your own words, tell us about your role?
In a sentence: I research fraud schemes and design countermeasures while also building and managing the anti-fraud team at Adjust.
However, in my day-to-day, I focus on education — primarily answering internal and external questions about our anti-fraud measures, or about fraud more broadly.
As for the team: when I started, it was only me. Now we have a dedicated fraud research team who have been instrumental in getting things done.
How did you get started working in mobile fraud?
In the first few months in the industry, I spent a lot of time researching publisher accounts to learn which methods and business models worked and which didn’t. It was then that I identified a publisher account with the biggest running fraud scheme on the platform at that time.
While trouble for the business I worked for then, it was also an opportunity for me to really dive into fraud for the first time. I built our anti-fraud team, invented new processes to help mitigate fraudulent exploits and created new methods to fight fraud. My job hasn’t seen a dull day since.
What do you like most about working in the anti-fraud space?
Fraud schemes are getting more and more sophisticated. So in the arms race against fraudsters, I find it very satisfying to finally figure out how “they did it,” and create working countermeasures based on our discoveries.
What strategies work best to combat mobile ad fraud?
In general, the answer depends on who you ask and where they sit in the value chain of digital advertising.
The way I think about it — which is also the way we implement our solution at Adjust — is that we need to cut the cash flow to the fraudulent players before attribution takes place. In other words, we need to detect fraudulent tactics before they lead to attribution, so charges are never deducted from an advertiser’s budget. This approach keeps advertiser’s budgets actionable and reduces overhead from chargebacks and negotiations. At the same time, fraudsters will suffer a big opportunity cost from running their schemes on protected campaigns. This approach ensures that all installs are attributed to legitimate sources — even if fraudsters try to manipulate attribution.
As a result, legitimate publishers won’t be affected by decreasing eCPMs due to the missing attribution — which is a huge risk with all approaches that use statistical analysis of fraud detection well after the attribution is finished.
What are some strategies you’ve seen that are not effective in fighting fraud?
Blacklisting is an especially situational strategy, and I see it misused the most. To the layman, blacklisting is very intuitive when it comes to identifying fraudulent traffic from a specific source, device, user or IP address. But if you consider all the moving parts, you will soon find that blacklisting is ineffective. Here is why, in a few examples:
- When a fraudster becomes aware of getting blacklisted with their affiliate ID or site ID, they will make sure to sidestep blacklisting by running with multiple disposable accounts and domains. A legitimate source that gets blacklisted mistakenly will not be able to sidestep blacklisting, as their business is real. If they don’t make an effort to get off the list, they are likely to churn from a good campaign.
- When a device becomes manipulated through e.g. Click Injection and gets blacklisted, the user with that device is a victim, not a perpetrator. This user may delete the app responsible for the injections, but they will remain blacklisted, creating false positives which hurt the advertiser.
- In many countries (and especially in metropolitan areas), carriers use what is called “carrier-grade NAT” to reduce the number of unique IP addresses they need to have available for their customers. An IP address that gets put on the list after being scored as fraudulent in several fraud schemes by a fraud detection service, again, can end up being a false-positive.
In short, blacklisting is a very dangerous tool unless it is used sparingly and in the correct situation.
How do you stay ahead of changes in mobile fraud tactics?
We react very quickly by developing prevention techniques that reach the root of the problem. Of course, research always requires time and resources, and staying ahead can only be achieved by changing the policies and underlying systems of our industry.
What do you see as the next big trend in mobile ad fraud, good or bad?
I won’t try and speculate about what fraudsters might come up with to improve their situation in 2019. However, here are the changes we at Adjust are trying to establish in the industry to help mitigate the fraud problem:
Click Validation Through Proof of Impression – It is just common sense: users can only click on ads that they see. Therefore, an impression must always precede any legitimate user interaction with a rendered ad (aka the click).
However, this fact has never been properly represented in tracking solutions in performance marketing, both on desktop and mobile. The story was always: “You only pay for the desired user action, so there’s no need to look at clicks and impressions.” In other words, “You pay a CPI or CPA and not CPM or CPC, so you should not waste time and effort by looking at clicks and impressions.” Brand marketers would naturally never accept that, since they need impression tracking to evaluate the reach of a campaign. In addition, click-through rates allow marketers to make conclusions about the effectiveness of specific creatives.
On the other hand, from a security standpoint, it also makes plenty of sense to track the full funnel, as it allows to tie logic checks to the relationship between impression and click.
TL;DR: Click Validation through Proof of Impression will make life a lot harder for fraudsters, as it will require them to try and fake impressions at the correct rate and timing to mimic genuine advertising, and that is not trivial at all to do.
Bot detection – Ad fraud is just the tip of the iceberg. If we go beyond the install, there’s also a significant amount of fake in-app behavior taking place in the form of bot attacks. Bots have a significant impact on affecting your user base, lowering lifetime value – among many other issues.
For instance, in mobile gaming, bot services can be employed to play the game for users to gain an advantage over the human competition, which is harmful to the user experience and the game economy. So, for the first time, we are branching out of the pure user acquisition fraud mitigation into a broader approach to fighting against malicious bot use.
With our acquisition of Unbotify, we are improving our bot detection capabilities and extending our detection to post-install engagements. This added layer of security will allow us to detect bots utilized to manipulate the interaction with an app.
Both Click Validation and Unbotify’s technology are completely new to the market. We are taking the fight against ad fraud to the next level by offering stronger protection to our clients while pushing the envelope of fraud protection in the ecosystem at the same time.
What advice can you offer to help marketers tackle mobile ad fraud?
As unpopular as this advice is going to be, I can only urge every marketer to learn how to check their campaigns and learn the very basics of fraud detection. With the knowledge of how to spot foul play and a goal to stay up-to-date on fraud news, a lot can be achieved.
Also, if you want to learn more, reach out and talk to anti-fraud experts who are active – many of them are approachable. To get a good idea of the situation, hear it from several different experts, as each has their own approach and specialization.