As an ad network the goal of Compliance is to ensure that your Publisher network is of high quality so that your Advertiser network can get a good ROI for their offers. You also need to protect your valuable Publisher network from non compliant ads and malvertising. Without this protection it creates a bad ad experience for Publisher site visitors and possible exposure to exploitation from cyber criminals for end users. So the role of Compliance is to police your ad network, now let’s look at this in more detail.
Setting your network Guidelines
As an ad network you should set your Publisher and Advertiser Guidelines. These are the rules that all your clients should abide by in order to be able to be given access to your platform. The Guidelines are a list items that are not permitted. These Guidelines should be displayed prominently on your website so that Advertisers and Publishers are aware of them before and after they have signed up to your network. Your Guidelines should be aligned with IAB industry standards and Google and the Coalition for Better Ads. These industry bodies set the global standards for all online advertising to ensure that advertisers get the best ROI, that browsers, such as Chrome do not block ads that are served and also ensure your Publishers have a good ad related user experience.
Approving Publisher websites
For Publisher Compliance, websites should be evaluated. Does the content fit with the offers your Advertisers are looking for contextually? Is the website's content of high quality? Does the website have copyright to show content images that are displayed? What is the quality of the website's traffic? Poor quality will mean poor conversions for Advertisers. Does the website contain too many ad zones? If there are too many it will be bad for end user experience therefore it will have low quality traffic and there will be too much competition for end user attention for your Advertisers’ offers.
Approving Advertiser campaigns
For Advertiser compliance, ad creatives should be checked for quality, weight and visual content. Are the images of poor quality? Do they infringe any copyright? Do they look squashed because the dimensions are wrong? Are the creatives too heavy, meaning a Publisher’s site will be slow to load, which could lead to penalization from Google. Do they meet Google’s and the Coalition for Better Ads regulations? For example flashing images, fake video play buttons, fake close buttons are not acceptable. Ad campaign texts should be checked to ensure that the offer can be promoted on your network and that the way the texts are phrased fit in with your Guidelines. Each campaign's landing pages should be checked to see if the urls work, that the offer is the same one as stated in the ad creative, and landing page images and texts should also be evaluated.
But there is more…
Unfortunately, there are many cybercriminals using online ads for Malvertising campaigns, which is our next subject.
Cybercriminals use the same advertising strategies as legitimate ad companies, except that malvertisements will either try to download malware directly to website visitors' devices upon clicking on the bad ad, or send visitors to websites that distribute viruses, ransomware or other unwanted and malicious programs. Sometimes malvertising uses potentially fraudulent activities to try to exploit end users for financial gain and/or steal their personal data. Bad actors will provide ad campaigns that may seem totally compliant, but obfuscated code may be hidden inside the ad creatives and landing pages. Or once the legitimate campaign is approved by Compliance, the cybercriminals will change various stages of the ad campaigns flow to to inject malvertising.
Some forms of Malvertising
Malware can be disguised in ads offering free antivirus or even security utilities, stating that the end user's device is infected with Trojans or Viruses, when in reality these are malicious related products. Called Scareware, these kinds of ads are often designed to cause shock or anxiety and entice visitors to click on them.
Ransomware is a form of malware that essentially holds an end user’s device’s system captive while demanding a ransom. The malware restricts user access to their device either by encrypting files on the hard drive or locking down the system and displaying messages. The end user then has to make a payment to the cybercriminal to unlock their device, either by credit card, leading the end user to possible further financial exploitation or in cryptocurrency.
Malicious URLs host unsolicited content: spam, phishing, drive-by exploits, etc. and lure unsuspecting users to become victims of scams: monetary loss, theft of private information, and malware installation
Phishing URL takes the end user to a phishing site which might trick users into revealing their personal information such as passwords, phone numbers, or credit card details. The content pretends to act, or looks and feels, like a trusted entity, for example, a browser, operating system, bank, PayPal or government.
Auto-downloads automatically download a file/executable/application without user interaction.
Auto-redirects contain a script causing a web page to break out of any frames "framing" it, resulting in automatically redirecting the visitor to another website/page.
Back Button Hijack are ads that contain a script that allows an advertiser to manipulate the end user’s browser history. Usually it consists of inserting one or several pages in the browser history, which would prevent the user from going back to the previous page he was coming from.
There are many more forms of malvertising and cybercriminals are extremely tech savvy and try many different ways to exploit an ad network. Malvertising distribution via digital advertising is a continual battle for ad networks. It is important to protect Publishers and end users from being exposed to malicious ads. Malvertising can happen on any ad network at any time, including giant ones like Google.
A Compliance team should have a solution that checks ad campaigns before launch and also after they have launched on your network. This can be done manually with a team of Compliance Officers, manually together with an automated solution, or with a dedicated automated solution.
There are several companies that offer an automated solution to check campaigns for malvertising both before and after launch. One company is AdSecure which uses crawler technology to scan the full chain of an ad campaign: the creative, the landing page, the urls, redirections chains, etc. It interacts with the campaign, just as an end user would do. These scans can be activated before the campaign launches and while it is running and if anything is discovered it immediately alerts the Compliance team, so that the campaign can be stopped and any appropriate action can then be taken for example, blocking the advertiser account, reporting to the police, etc.
AdSecure is a very effective solution, each year the company releases a Violations Report. These findings provide insights into cybercriminal malvertising behavior during each year taken from data from the large ad network client base AdSecure protects. Here are some highlights from their 2021 report which you can read in detail here:
There are several benefits from ensuring that you have a full Compliance solution to monitor your ads:
All in all, Compliance gives your ad network a strong business reputation. Brand safety, a great user ad experience and quality traffic will enhance your reputation as one of the best in the industry, by proving you are addressing the malvertising issue by policing your network. As an ad network this builds brand loyalty from your Publisher clients, in fact Publishers expect their partners to eliminate bad ads. The time has passed where Publishers were willing to tackle this issue on their own. While many have strong processes in place, they now expect their ad platform partners to do likewise, and will consider who they partner with on that basis. This is why having Compliance for your ad network can be considered one of your most important assets.
EXADS Product Manager
Subscribe to receive via email more information about EXADS and the ad serving market.
In this article we will cover everything you need to know about self-service advertising, the benefits this brings to all stakeholders and what to look for when deciding on using a self-service ad server to start a business.
As part of an ongoing series, we compare EXADS with other ad serving platform solutions. In this article we compare EXADS with Epom and evaluate 20 key platform features.
Q2 promises updates to financial administration including Paxum mass payout automation and automatic rebilling with SafeCharge, CTAs for video campaigns, 2FA account security, smart bidding for advertisers, anonymous user profiling and more!