Risk Ad Tech
Digital media's revenue engine depends on digital ad tech -- basically the shared ecosystem of video and display ads that stream along with the content we provide. Unfortunately, ad tech is filthy with fraud and misrepresentation, which erodes trust in digital ad publishing, and erodes trust in the ad tech industry's ability to self-regulate. More unfortunate, the ad tech industry inertia is blocking the fundamental changes needed to provide transparency and accountability, which are the ultimate solutions to ad tech's intrinsic problems.
Digital ad tech going into 2017 has disturbing parallels to the subprime mortgage market going into 2007. If you've read Micheal Lewis' book, The Big Short, or Too Big To Fail, by Andrew Ross Sorkin, you know how the lending industry ignored rottenness within, pretending that problems were contained even as they grew worse.
The home mortgage industry looked the other way while investment banks re-packaged bad home loans into "good" debt, and sunk global economies in the process. Similarly, the ad tech industry is looking the other way as advertisers purchase video and display ads that end up being viewed mostly by bots, not people.
We know what could've been done to avoid the housing market collapse. Will ad tech also have to learn hard, avoidable lessons about the risk of fraud, non-transparency, inaccountability, industry-sanctioned obliviousness, skimming, bloat, corruption?
But wait. There are clear voices warning us of the precipice on which ad tech stands. One of them is Bob Hoffman, aka @AdContrarian. If you're in ad tech, please heed his concerns (http://adcontrarian.blogspot.com), and the concerns of many other wise ad tech observers, summarized below.
- The [Association of National Advertisers](http:// http://www.ana.net/content/show/id/botfraud-2016) says kickbacks and other corrupt activities among agencies is "pervasive".
- Humans aren't looking meaningfully at digital ads. "Only 9% of online ads are viewed for more than one second by consumers.... 91% of online ads were never seen at all or they were scanned in less than a second without any cognitive connection or engagement occurring"
- A host of adtech businesses operating within the supply chain are extracting up to 70% of advertisers' money without being able to quantify the value they provide to the brand.
- Consumer adoption of digital ad blockers is rising, especially on smartphones, significantly reducing page views and cutting into publishers' profits. Shaming users and "waiting out" the trend amounts to futile resistance.
- Programmatic ad buying comes with an exceptional risk of fraud... essentially, anyone can buy and anyone can sell, which opens the door to gamification by incresasingly sophisticated botnet operators
- The on-line ad fraud problem grew into a $7.2B problem in 2016, even while ad marketers shrugged and said that the lost revenue is just part of the game... easy to say when advertisers and publishers bear the cost.
- The on-line ad fraud problem is complex, manifold. At least nine types of digital ad fraud are conspiring to create a "crisis of confidence on the buy side".
- The World Federation of Advertisers says that within 8 years online ad fraud could be the second largest source of criminal revenue in the world, after drug trafficking.
- The threat of malvertising -- serving ransomware or other malware via infected ads displayed on reputable Internet properties -- is a game-changing new risk, and currently easy to ignore because it is served up on "trusted" sites (a list of high profile victims)
- Stop the pretense: ad fraud is not "part of the game." Ad fraud is what is gaming the game, and at scale:
Ad tech culture is like Internet culture before it's post-Millenium collapse, before we were required to provide an audit trail for scrutiny (e.g., SOX, PCI), before we realized we can Never Trust. An industry standard for ad inventory quality exists, and for certifying against ad fraud and ad-distriuted malware -- see the Trust and Accountability Group (TAG). Still the transactional activity that drives the ad tech machine can't be scrutinized easily, or at all. Preventive and detective controls aren't ad tech's strong suit.
There seems to be no financial or reputational penalty for non-adherence to ad tech industry standards for security and trust. Ad tech vendors are not publically evaluated by Cloud Access Security Brokers (CASBs), as are Saas vendors. Identity and access management (IAM) solutions and privileged access management (PAM) solutions are not natively adopt-able solutions in ad tech. So ad tech will continue to self-inflict, continue to spawn dramatically fraudulent activity at scale, a la Methbot (Krebs' analysis), for the foreseeable future.