Advertisers, media owners, and technology providers alike recognize the need for industry-wide standards that prevent advertising fraud, piracy, and malware. Estimates of the cost of ad fraud range greatly: White Ops and the ANA estimate $5.8B globally, while Cheq predicts a much higher $23B. Regardless, digital advertisers are losing billions to ad fraud, and all can agree it will take a joint effort to help solve the industry-wide issue.
One of the organizations leading the way in this regard is the Trustworthy Accountability Group (TAG), which offers five certification seals in support of:
- TAG registration
- Eliminating fraudulent traffic
- Combating malware
- Fighting internet piracy
- Promoting transparency
Created in 2015 by the 4As, ANA, and IAB, TAG is an industry initiative to fight criminal activity throughout the digital advertising supply chain. It’s grown quickly and consists of 570 member companies globally as of December 2019 — with 145 of them joining that year.
SpotX was a founding member in 2011 and one of TAG’s first five Platinum members. We fully believe in TAG’s mission to promote transparency, eliminate fraud and piracy, and stop the distribution of malware, as it aligns directly with our own goals. Maintaining compliance with its programs is just one of the methods we employ to ensure buyers are accessing high-quality, brand-safe inventory and to ensure we’re doing everything we possibly can to protect media owners from bad actors. We are proud of the organization’s impact over the last several years.
According to the 2019 TAG Fraud Benchmark Study, invalid traffic rates in TAG Certified distribution channels fell to 1.41% from 1.68% in the same prior year period. TAG also found fraud was reduced by 88% when companies used TAG Certified distribution channels compared to industry averages. Through a joint effort with Creative Future, TAG reports the number of ad impressions served on US pirate sites was reduced by 90% between 2016 and 2018.
On top of that, the number of certifications has grown overall, increasing by more than 30% in 2019. The initiative is gaining ground globally. More than half of TAG certifications cover global operations and more than 25% of member companies are based outside of the US.
Mike Zaneis, CEO of TAG, celebrates the success in 2019 and points to the future, saying, “We will never reduce fraud or piracy or malware to zero, because there will always be criminals who try to profit by exploiting the weaknesses of any system. If we continue to work together as an industry, however, we can build a set of unified and integrated defenses to make such criminal activity rare, unprofitable, and inconsequential across the supply chain.”
What TAG certification entails — and what it doesn’t address
TAG offers five different certification seals. Companies can register with TAG and join its mission, and also demonstrate they abide by a set of guidelines developed for TAG’s piracy, malware, transparency, and fraud programs.
The actual guidelines vary depending on a company’s role in the advertising supply chain. In general terms, each certification comes with an individual list of tasks, requirements, and thresholds. TAG mandates a dedicated compliance officer and requires annual training sessions as well as quarterly audits and reviews. Many guidelines also include existing standards, such as ads.txt and Media Rating Council guidelines, reinforcing the value and extending the reach of these industry-wide initiatives.
There are a few schools of thought regarding TAG and its initiatives. Many buyers wholeheartedly support the programs and are pushing for industry adoption. Some — like Procter & Gamble — require all of their ad vendors to be certified with TAG. On the other end of the spectrum, some across the ecosystem agree with the sentiment that these are pay-for-play programs and certification doesn’t ensure a brand-safe approach. Looking at other players in the industry, media owners tend not to invest in pursuing certification. Most verification companies do participate with TAG and are compliant within the programs.
Overall, there’s a need for education across the industry to better define all the types of ad fraud and piracy. Many of the buyers pushing for TAG certification don’t truly understand what certification entails and how working with certified partners would protect their brand.
In the following section, we break down a summary of the requirements of each TAG program, as well as SpotX’s opinion on an ideal approach. (Note these are key highlights of TAG’s requirements and the full guidelines for each program can be viewed on the TAG website.)
1. TAG membership
The TAG Registry helps companies identify responsible, trusted players across the entire digital advertising ecosystem. TAG validates each applicant company’s identity and legitimacy through a proprietary background check and review process. Once a fee is paid, approved companies will receive a “TAG Registered” seal and a unique identifier, a TAG-ID, enabling them to identify their ads to partners across the digital supply chain. A handy link to validate TAG IDs and understand levels of compliance is found here.
The SpotX opinion
SpotX strongly supports the group’s mission and was one of the first five companies to achieve Platinum Status, TAG’s highest accomplishment, after becoming certified in all of TAG’s programs.
2. Promote transparency
To achieve the IQG Certified Seal, a company must structure and label all inventory so that each source level of transparency is represented by a different line item or bid request. Participating companies must:
- Develop a contextual taxonomy
- Classify content by audience and brand safety ratings
- Refrain from selling inventory from prohibited categories
- Conduct inventory partner vetting and re-vetting
- Disclose targeting depth levels
- Implement and honor Ads.txt files
- Disclose publisher and data partners
- Ensure compliance with OpenRTB specifications
- Implement audience targeting controls
The SpotX opinion
This set of nomenclature is straight-forward. SpotX follows the structure accordingly, as do many players in the industry.
3. Fight internet piracy
Companies committed to combating ad-supported piracy can achieve the Certified Against Piracy Seal by:
- Complying with at least one of the Core Criteria for Effective Digital Advertising Assurance
- Identify at-risk entities (AREs), or properties guilty of copyright infringement
- Prevent advertisements on undesired AREs
- Detect, prevent, or disrupt fraudulent or deceptive transactions
- Monitor and assess for advertisement placement compliance
- Eliminate payments to undesired AREs
- Employing pirate mobile app filtering
- Attesting to owning or licensing the rights to all content on owned and/or operated (O&O) media properties
- Employing commercially available means to ensure that O&O media properties do not host nor stream infringing content
- Ensuring that O&O media properties do not block or unduly restrict or disrupt the use of anti-piracy software
The SpotX opinion
Preventing ad piracy generally falls into three buckets. Companies can:
- Identify sites committing piracy
- Block sites committing piracy
- Block payment for ad impressions on fraudulent content
As of now, TAG requires Digital Advertising Assurance Provider (DAAP) certified companies to comply with only one of these efforts (as detailed in the Core Criteria for Effective Digital Advertising Assurance). We strongly believe that unless all three are addressed, we will not make the progress that is needed in combating ad-supported piracy. SpotX takes initiative in all three buckets, and other companies should as well to make a meaningful effort.
4. Combat malware
The TAG Certified Against Malware Guidelines help companies fight malware using the digital advertising supply chain as an attack vector. Compliant companies adhere to the following:
- Designate a primary anti-malware contact and document appropriate contacts at partner companies
- Document malware scanning responsibilities in new or updated legal agreements
- Scan a reasonable percentage of — and rescan at a reasonable frequency — assets and landing page URLs preceding initial delivery and disclose methodologies to TAG
- Employ internal procedures for Defining red flag events and handling of standard malware incidents
- Employ Seat ID attributes to troubleshoot and handle malware incidents
- Establish formal post mortem process for red flag events
- Conduct semi-annual reviews of post mortems
The SpotX opinion
While these guidelines address a comprehensive approach to preventing malware distribution, requiring companies to only scan “a reasonable percentage” of assets and landing pages will not catch or stop all malware. It’s for this reason that SpotX invests in scanning 100% of our inventory.
5. Eliminate ad fraud
TAG’s Certified Against Fraud Program aims to combat fraudulent, invalid traffic based on the following guidelines. In 2019, TAG also began requiring validation through an independent auditor to certify European or global operations.
- Comply with GIVT detection and filtration requirements of MRC IVT guidelines
- Employ domain, data center IP, and app threat filtering
- Implement publisher sourcing disclosures
- Implement payment ID System
- Implement and honor Ads.txt fIles
The SpotX opinion
Ad fraud is undoubtedly one of the largest challenges in the industry today with numerous bad actors entering the ecosystem, and TAG’s efforts are a positive step forward in eliminating it. However, we believe there are some limitations to them. We need more education in the industry about how extensive ad fraud really is, and then reworked guidelines that fully encompass all types of fraud.
There is general invalid traffic, which is typically bot traffic rather than true human impressions. Much of this is “good” invalid traffic — think Google search bots — and is self-identified as a bot (meaning it’s not trying to garner ad impressions).
TAG only requires companies to filter general forms of invalid traffic. The issue is that the bad actors become increasingly sophisticated in how they garner additional ad revenue. As they exist now, the TAG guidelines are not requiring companies to identify, report, and block this sophisticated invalid traffic. It’s a major — and growing — issue that the industry needs to combat. We’re confident that the billions of dollars being siphoned from marketers are mostly due to sophisticated invalid traffic. If this isn’t a focus, we’re not making any progress in eliminating the bad actors.
Furthermore, the payment ID system is not adopted within the industry and should be replaced with more widely adopted programs that address the same problem and others, such as the OpenRTB Supply Chain Object and Sellers.json.
What the future of ad fraud guidelines should look like
While the intent of the certifications is positive, TAG has received criticism from some in the industry because companies can self-attest that they comply with the guidelines. This is a major distinction that we believe should be changed.
Companies can choose to receive independent certification — as SpotX does — but it’s not a requirement. Full compliance should require an outside auditor to review that a company meets all requirements before they receive any certification.
Second, the Certified Against Ad Fraud program needs to evolve to identify all types of fraud and specific defenses against each. TAG has a complaints program where companies suspected of fraud can be submitted for review. However, not many companies are submitted because the guidelines are vague and it’s hard to discern infractions. Even certified companies following the guidelines may, in fact, be committing fraud as the guidelines do not cover all types of ad fraud.
Finally, TAG is just one program supporting stronger brand safety: The Digital Trading Standards Group (DTSG), the Coalition for Better Ads, the IAB Gold Standard, the Brand Safety Institute (another TAG-backed program), and others support the same end goal. This in itself is an issue. Each organization is relatively similar, and aims to accomplish a similar outcome, yet each has its own program and its own set of fees.
Companies should not have to pay multiple fees and obtain certifications in multiple programs to prove the same outcome. We need the industry to come together, make a joint effort, and define one strong industry standard.
TAG is doing a commendable job in uniting the industry to fight criminal activity in the digital advertising supply chain. Bad actors continue to enter the supply chain and evolve their tactics, so it’s important that we stand together as an industry and take the toughest stance possible against criminal activity. We must move faster and have stricter guidelines if we want to stay ahead of them.
— — —
About the author
Nick Frizzell is the Vice President of Inventory Quality & Planning at SpotX. During his nearly decade-long tenure at SpotX, Nick has focused on ensuring marketers have full transparency into the supply chain and can only access high quality, fraud-free, and brand-safe inventory, while protecting media owners from becoming victims of bad actors. He and his team are also responsible for ensuring compliance with industry standards such as the IAB Tech Lab, TAG, and others. Nick is a recognized leader in the industry and provides education, tools, and resources to ensure bad actors are not only banned from SpotX, but removed across the industry. Nick is a native of Colorado and graduated from Fort Lewis College. Outside of the office, Nick spends most of his time with his wife, daughters, and two dogs enjoying all that Colorado has to offer.