arrow left facebook twitter linkedin medium menu play circle

If You Pay For Users, You Should Pay Attention to UA Fraud

By Julian Wong July 26, 2016

Photo of Julian Wong

about Julian Wong
Julian is the VP of Customer Success at DataVisor. A proven leader in the realm of trust and safety, Julian developed scalable systems and teams for mitigating fraud and abuse at Indiegogo, Etsy and Upwork. Julian also led Google’s engineering team responsible for building algorithms to prevent fraud on its ad platform.

Our UA fraud panel

As we heard in our last meetup, the priority for any online marketplace or community is protecting its users. Significant resources are spent on time, technology and policies to make sure that users are safe, happy and secure. Since users are also the baseline by which many of these marketplaces, games and communities are judged and valued, they will also spend millions of dollars each year to acquire them in the first place. UA fraud is an emerging threat. 

Another group who is well aware of how much marketers are willing to spend for downloads is fraudsters. As the mobile economy continues to grow, the risk of fraudulent user acquisition installs increases tremendously and leads to billions of dollars of losses for advertisers, marketers, and app developers. User acquisition fraud significantly impacts profitability and ROI of ad campaigns. (You know you’ve made it around here when you’re featured on “Silicon Valley.”)

We recently pulled together some top experts in user acquisition and UA fraud to discuss the challenges they are facing as they try to build their user count with downloads and conversions of real people, and not just boost their numbers with bots.

Our panel included:

  • Cyrus Lee, user acquisition manager, PlayStudios
  • Vinay Rao, head of trust and safety, Airbnb
  • Fabien-Pierre Nicolas, VP of marketing communications and community, App Annie
  • Fang Yu, cofounder and CTO, DataVisor

One thing was clear, and that is nothing is clear. Yet.

As this market continues to evolve, there are currently no standards or definitions to make sure you’re getting what you want, or getting what you’re paying for.

What is success? Is it a click? A download? A conversion? How do you define a conversion? Different companies, different networks, even different departments within the same company can all define it in various ways. Is that becoming a customer? Is that becoming a customer and opening the app more than once?

While you’re figuring all this out, we have fraudsters trying to decipher what you are measuring and making sure they meet those metrics. At DataVisor, we’ve seen user acquisition fraudsters go from simply downloading and opening an app once, to mimicking real user behavior by opening an app a few times in the following days, making it appear as though they are normal users. This would look like legitimate activity to anyone examining the log-in data, except all the users we looked at were from the same IP subnet located in Southeast Asia. That was a giveaway for us. 

In this case, it seems that having all the data makes it easy to decipher UA fraud, but data is also part of the problem.

The ecosystem of user acquisition is complicated. There are a lot of players involved in acquiring even one user. Speaking in pure generalities, you have an ad platform, an agency, the content platform, sub publishers, intermediaries and finally, users. It’s not always clear what was done, how a user was incentivized, or which conversion method was successful. Measurements are different, and some can be faked. 

What if the user is real, but you aren’t attributing it to the correct source? For example, an interesting fraud technique one panelist brought up was “cookie stuffing,” or when a publisher gets credit for a conversion that may have been organic, or the result of another publisher, simply by dropping multiple cookies after someone views a page. You’re paying out for a conversion, which is real, but it may not have been to the correct person. How do you measure against that, or fix it? Does it count? Does it matter?

While we certainly didn’t solve the UA fraud crisis during our meetup, a few promising points were made. First, the fact that we’re acknowledging this dilemma and trying to fight against fake, inflated numbers, is a good sign. Like I said, more is usually better when it comes to users but the folks we spoke with are seeking to build communities, not just big numbers. To have to deflate an excited room full of your peers as your teammates celebrate a boost in numbers is not something anyone looks forward to, but it’s important nonetheless. I also believe we are getting closer to defining those metrics and standards that will help all of us good guys not only be successful, but have the honest measurements to prove it. Lastly, technologies like DataVisor are detecting these changing attack patterns and identifying fake users companies have paid for and providing the proof get their money back. There is an accountability now that did not exist previously. 

Fraudsters are evolving fast and we need to be faster. It seems daunting, as do all security challenges, but when I look around the room full of Trust, Safety, and UA experts, I do feel hopeful that the fraudsters do not have an easy fight in front of them either.

Popular Posts

Intelligent solutions. Informed decisions. Unrivaled results.

DataVisor Digital Fraud Trends Report: Q1 2020

Learn More

Download the new “State of Sophistication in Fraud” report from DataVisor to ensure your business is equipped to…

Download the new “State of Sophistication in Fraud” report from DataVisor to ensure your business is equipped to prevent high sophistication threat attacks.

A Guide to Centralizing Data Intelligence

Learn More

Discover AI-powered fraud strategies for preventing financial and reputational damage in this powerful e-book.

Online marketplaces withstand a complicated array of fraud attacks—spam, scam, and all points in between. Only the most comprehensive, proactive AI-powered solutions can fully protect against reputational and financial damage. This e-book details the entire lifecycle of a fraud attack, and lays out…

A Practical Guide to Eliminating False Positives in Fraud Management

Learn More

This e-book explores the next generation of fraud prevention technology, which applies unsupervised machine learning to reduce false positives and risk.

This e-book explores the next generation of fraud prevention technology, which applies unsupervised machine learning to reduce false positives and risk.

Protect your business, your customers, and your data.

Request Demo