As we heard in our last meetup, the priority for any online marketplace or community is protecting its users. Significant resources are spent on time, technology and policies to make sure that users are safe, happy and secure. Since users are also the baseline by which many of these marketplaces, games and communities are judged and valued, they will also spend millions of dollars each year to acquire them in the first place. UA fraud is an emerging threat. Our UA fraud panel

Another group who is well aware of how much marketers are willing to spend for downloads is fraudsters. As the mobile economy continues to grow, the risk of fraudulent user acquisition installs increases tremendously and leads to billions of dollars of losses for advertisers, marketers, and app developers. User acquisition fraud significantly impacts profitability and ROI of ad campaigns. (You know you’ve made it around here when you’re featured on “Silicon Valley.”)

We recently pulled together some top experts in user acquisition and UA fraud to discuss the challenges they are facing as they try to build their user count with downloads and conversions of real people, and not just boost their numbers with bots.

Our panel included:

  • Cyrus Lee, user acquisition manager, PlayStudios
  • Vinay Rao, head of trust and safety, Airbnb
  • Fabien-Pierre Nicolas, VP of marketing communications and community, App Annie
  • Fang Yu, cofounder and CTO, DataVisor

One thing was clear, and that is nothing is clear. Yet.

As this market continues to evolve, there are currently no standards or definitions to make sure you’re getting what you want, or getting what you’re paying for.

What is success? Is it a click? A download? A conversion? How do you define a conversion? Different companies, different networks, even different departments within the same company can all define it in various ways. Is that becoming a customer? Is that becoming a customer and opening the app more than once?

While you’re figuring all this out, we have fraudsters trying to decipher what you are measuring and making sure they meet those metrics. At DataVisor, we’ve seen user acquisition fraudsters go from simply downloading and opening an app once, to mimicking real user behavior by opening an app a few times in the following days, making it appear as though they are normal users. This would look like legitimate activity to anyone examining the log-in data, except all the users we looked at were from the same IP subnet located in Southeast Asia. That was a giveaway for us. 

In this case, it seems that having all the data makes it easy to decipher UA fraud, but data is also part of the problem.

The ecosystem of user acquisition is complicated. There are a lot of players involved in acquiring even one user. Speaking in pure generalities, you have an ad platform, an agency, the content platform, sub publishers, intermediaries and finally, users. It’s not always clear what was done, how a user was incentivized, or which conversion method was successful. Measurements are different, and some can be faked. 

What if the user is real, but you aren’t attributing it to the correct source? For example, an interesting fraud technique one panelist brought up was “cookie stuffing,” or when a publisher gets credit for a conversion that may have been organic, or the result of another publisher, simply by dropping multiple cookies after someone views a page. You’re paying out for a conversion, which is real, but it may not have been to the correct person. How do you measure against that, or fix it? Does it count? Does it matter?

While we certainly didn’t solve the UA fraud crisis during our meetup, a few promising points were made. First, the fact that we’re acknowledging this dilemma and trying to fight against fake, inflated numbers, is a good sign. Like I said, more is usually better when it comes to users but the folks we spoke with are seeking to build communities, not just big numbers. To have to deflate an excited room full of your peers as your teammates celebrate a boost in numbers is not something anyone looks forward to, but it’s important nonetheless. I also believe we are getting closer to defining those metrics and standards that will help all of us good guys not only be successful, but have the honest measurements to prove it. Lastly, technologies like DataVisor are detecting these changing attack patterns and identifying fake users companies have paid for and providing the proof get their money back. There is an accountability now that did not exist previously. 

Fraudsters are evolving fast and we need to be faster. It seems daunting, as do all security challenges, but when I look around the room full of Trust, Safety, and UA experts, I do feel hopeful that the fraudsters do not have an easy fight in front of them either.