Google reports today that click fraud is less than .02% of all ad clicks. Danny Sullivan at SearchEngineLand has a detailed analysis of the Google claims. I have long suggested that click fraud is lower than most estimates, but these numbers from Google surprised me.
Click fraud involves people or bots clicking on ads to generate revenue for themselves or to hurt competitors by using up their ad budget. For example, lets say you own a web site about cars. You make a deal with Google to provide advertisements on your site. When a visitor clicks on an ad on your site, Google collects revenue from the advertiser, and pays you 40% to 60% of the revenue. What could be better? Well, some unscrupulous web site owners figured out that if they had their employees and friends click on the ads it was a revenue machine to them. Then they figured out they could write some software (bot) to automatically click on the ads at random times of the day. Ka-ching! More revenue.
Google, Yahoo, and Microsoft got wise to this problem very quickly. They put filters in place to catch invalid clicks. The click fraud filters have all sorts of rules built into the algorithms to define and detect invalid clicks. For example, if a user clicks on an ad twice in a second one of those clicks is likely invalid. Or, if the same IP address clicks on the same ad 10 times in an hour it is probably invalid.
The click fraudsters developed more clever methods. They knew that Google was watching so they started to randomize their bot clicks to less than 1 per second, made multiple clicks at random times of the day, used hundreds or thousands of different IP addresses, and all sorts of tricks to stay "under the radar" and avoid detection.
The search engines respond with even better detection filters. This is a cat and mouse game similar to email spam detection or encryption techniques. The search engines can't reveal their secrets because the fraudsters will adjust their click fraud attacks to avoid detection. Lets just say there are many ways to detect what machines and IP addresses are clicking on ads, and there are many models of normal click behavior that can detect unusual behavior.
Google says that less than 10% of all clicks are invalid. Of this 10%, Google says they detect and filter out 99% and the advertiser is never charged. What remains is .02% of all clicks that might be fraud. Google will provide refunds to advertisers who can reasonably prove fraud.
What about the advertising network sites? I believe the search engines can indeed detect click fraud for traffic on their own search sites. But, it gets much more difficult for clicks that originate on the millions of sites in the advertising network. It can be done, but it is difficult because each site has a different "normal behavior model" meaning, normal traffic and clicking patterns. But, like anything else, it is just a matter of scale. If the algorithm is right and self adjusting, it can be applied to any site and detect unusual behavior.
It is all about ROI on your advertising dollar. In the end, whatever the click fraud rate, it is all about the Return On Investment for each advertising dollar spent on search engines versus the ROI on TV, radio, newspaper, magazine, or other advertising methods. At least web advertising has real trackable numbers for response rates and some targeting on where the responses came from. Not so with TV, radio, and magazine ads.
Web advertising is still less than 10% of all advertising budgets. I think we will see more and more advertising budgets moving to web advertising. Now that the click fraud problem is "contained" to a reasonable level more advertisers will feel comfortable moving more budget to the web.