arrow left facebook twitter linkedin medium menu play circle

If You Pay For Users, You Should Pay Attention to UA Fraud

By Julian Wong July 26, 2016

Photo of Julian Wong

about Julian Wong
Julian is the VP of Customer Success at DataVisor. A proven leader in the realm of trust and safety, Julian developed scalable systems and teams for mitigating fraud and abuse at Indiegogo, Etsy and Upwork. Julian also led Google’s engineering team responsible for building algorithms to prevent fraud on its ad platform.

Our UA fraud panel

As we heard in our last meetup, the priority for any online marketplace or community is protecting its users. Significant resources are spent on time, technology and policies to make sure that users are safe, happy and secure. Since users are also the baseline by which many of these marketplaces, games and communities are judged and valued, they will also spend millions of dollars each year to acquire them in the first place. UA fraud is an emerging threat. 

Another group who is well aware of how much marketers are willing to spend for downloads is fraudsters. As the mobile economy continues to grow, the risk of fraudulent user acquisition installs increases tremendously and leads to billions of dollars of losses for advertisers, marketers, and app developers. User acquisition fraud significantly impacts profitability and ROI of ad campaigns. (You know you’ve made it around here when you’re featured on “Silicon Valley.”)

We recently pulled together some top experts in user acquisition and UA fraud to discuss the challenges they are facing as they try to build their user count with downloads and conversions of real people, and not just boost their numbers with bots.

Our panel included:

  • Cyrus Lee, user acquisition manager, PlayStudios
  • Vinay Rao, head of trust and safety, Airbnb
  • Fabien-Pierre Nicolas, VP of marketing communications and community, App Annie
  • Fang Yu, cofounder and CTO, DataVisor

One thing was clear, and that is nothing is clear. Yet.

As this market continues to evolve, there are currently no standards or definitions to make sure you’re getting what you want, or getting what you’re paying for.

What is success? Is it a click? A download? A conversion? How do you define a conversion? Different companies, different networks, even different departments within the same company can all define it in various ways. Is that becoming a customer? Is that becoming a customer and opening the app more than once?

While you’re figuring all this out, we have fraudsters trying to decipher what you are measuring and making sure they meet those metrics. At DataVisor, we’ve seen user acquisition fraudsters go from simply downloading and opening an app once, to mimicking real user behavior by opening an app a few times in the following days, making it appear as though they are normal users. This would look like legitimate activity to anyone examining the log-in data, except all the users we looked at were from the same IP subnet located in Southeast Asia. That was a giveaway for us. 

In this case, it seems that having all the data makes it easy to decipher UA fraud, but data is also part of the problem.

The ecosystem of user acquisition is complicated. There are a lot of players involved in acquiring even one user. Speaking in pure generalities, you have an ad platform, an agency, the content platform, sub publishers, intermediaries and finally, users. It’s not always clear what was done, how a user was incentivized, or which conversion method was successful. Measurements are different, and some can be faked. 

What if the user is real, but you aren’t attributing it to the correct source? For example, an interesting fraud technique one panelist brought up was “cookie stuffing,” or when a publisher gets credit for a conversion that may have been organic, or the result of another publisher, simply by dropping multiple cookies after someone views a page. You’re paying out for a conversion, which is real, but it may not have been to the correct person. How do you measure against that, or fix it? Does it count? Does it matter?

While we certainly didn’t solve the UA fraud crisis during our meetup, a few promising points were made. First, the fact that we’re acknowledging this dilemma and trying to fight against fake, inflated numbers, is a good sign. Like I said, more is usually better when it comes to users but the folks we spoke with are seeking to build communities, not just big numbers. To have to deflate an excited room full of your peers as your teammates celebrate a boost in numbers is not something anyone looks forward to, but it’s important nonetheless. I also believe we are getting closer to defining those metrics and standards that will help all of us good guys not only be successful, but have the honest measurements to prove it. Lastly, technologies like DataVisor are detecting these changing attack patterns and identifying fake users companies have paid for and providing the proof get their money back. There is an accountability now that did not exist previously. 

Fraudsters are evolving fast and we need to be faster. It seems daunting, as do all security challenges, but when I look around the room full of Trust, Safety, and UA experts, I do feel hopeful that the fraudsters do not have an easy fight in front of them either.

Popular Posts

Intelligent solutions. Informed decisions. Unrivaled results.

DataVisor Fraud Index Report: Q2 2019

Learn More

The DataVisor Q2 2019 Fraud Index Report is here.

Customers online want convenience, ease, and access. Fortunately, your business offers it all. Unfortunately, that’s what fraudsters want too. To a cyber criminal, those features means vulnerabilities. To bring you the very latest and most actionable insights about where the risks are and what you…

Dumb & Dumber vs Ocean’s 11

Learn More

Understand the range of modern fraud attacks to ensure complete coverage for your organization.

Complex and coordinated fraud attacks that are extensively planned, hard to detect, and highly scalable are the new normal for online platforms. Explore and understand the full spectrum of fraud attacks—from simple to sophisticated—and learn how you can defend against each type in this…

Diagnose and Defeat Application Fraud with the Latest AI-Powered Tools

Learn More

Learn how leading financial institutions are using ML to proactively detect card application fraud.

In this insightful webinar, you’ll explore how organizations are leveraging AI-powered fraud management solutions to get tangible, real-world benefits as they work to proactively detect and defeat sophisticated modern fraud attacks. Plus, you’ll discover strategies for empowering cross-team…

Protect your business, your customers, and your data.

Request Demo