Exclusive: Google’s Click Fraud Rate is Less than 2%

Andy,

Great story, but here’s a question.

In Q3 of 2006 Google AdWords brought in $2.69 Billion in revenue, does this mean that there was somewhere around $50,000,000 in click fraud committed in Q3 2006 alone?

If so, that’s a whole lotta click fraud.

Nice scoop Andy.

Great story. It was only a matter of time until the Google “thinktank” come up with something. I can see this being very beneficial to smaller ppc networks who have a robust click fraud prevention mehtods as well.

This is the case of “don’t ask, don’t tell” strategy. On one hand, search engines want to appear as “good guys” to the advertisers and keep this issue from hurting them on Wall Street, but at the same time they don’t want to shoot themselves in the foot with doing too much.

I had a nice chat about this issue with Tom Cuthbert from ClickForensics a few weeks ago and he seemed to be very enthusiastic about coming up with some industrywide click fraud standards that everyone can accept.

Until Google and others continue to encourage services like AdSense for Parked Domains, there is little sense in talking about serious effort to combat click fraud.

These statistics are a complete misrepresentation of reality. The point is that 2% is how many of the invalid clicks are accounted as click fraud after merchants “request investigation,” – NOT how many fraudulent clicks are missed by Google, which is the real number anyone cares about. In other words, out of all merchants, 2% are caught by merchants checking for fraud – and I think it’s obvious that most merchants don’t bother doing their own fraud detection.

The reality is, we don’t, and Google doesn’t, know how many clicks are fraud and REMAIN UNDETECTED as fraud. Only a very careful accounting of every single click for some slice of traffic could turn up something close to valid data for that question, but it certainly would vary wildly depending on circumstance. Until we see any actual proof of a valid study, this is all fudging around with numbers in a spreadsheet.

I thought so .

Andy – What Andrey Milyan (comment #13) said about AdSense for Parked Domains is crucial to understanding why these numbers reported by yourself and Google are meaningless. Read this Google help page:
http://adwords.google.com/support/bin/answer.py?answer=50002

The last paragraph is particularly relevant: “Depending on the design of the site, a parked domain site will be classified as either a search site or a content site. That means your ads may show on parked domain sites if your campaign is opted in to the search or content networks.”

WTF? Google will charge its customers (the advertisers) paid clicks on the search network that originate from parked domains. A company that engages in this sort of practice is not going to appease its advertisers regarding click fraud with a few pretty pictures.

For your next exclusive, can you find out what percentage of PPC traffic comes from parked domains? Of that, what’s the split between search and content network? Now, that’d be worth something.

its less than 2% because not only do they filter out fraudulent clicks, but valid ones as well. I was banned from adsense for supposedly clicking my own ads, but not one time did I click my own. I appealed the case and was denied.

Nice scoop, but I think the Google guys are trying to sell us the green coolaid again. I would bet that this info has been carefully “leaked” to cause just the right amount of distraction in time for a Click Fraud Christmas.

With all due respect, this does not constitute proof. And even if it is true, this does not mean individual accounts cannot experience substantial levels of click fraud. The Tuzhilin report backs this up.

I would also like to point out that there are ways to cleverly generate traffic that looks like any other traffic that arrives at a site. This can’t be reliably distinguished by algorithms, humans, or anything else. Such traffic is generated from botnets, viruses, and click rings.

I’m still unconvinced of these claims.

wow – i really hope it is 2 % and not more – Google should give automatic rebates of 5% of ad charge for invalid clicks to all its advertisers as a credit

The percentage Ghosemajumder shared is interesting, but insufficient. Metrics like this require additional numbers such as sensitivity, specificity, false positive rate and false negative rate. These additional numbers give us a better picture of the measurement system and whether or not it is reliable.

If you’re ruler is not to scale, your measurements will be off the mark.

That 2% is a blanket statement for a channel that is anything but uniform. 2% on low CPC? Sure, why not?

Now, look at the big boys. Mesothelioma. Structured settlements. $100/click. You think those are only 2%? There’s a LOT of money to be made off of those clicks.

If you believe that percentage is accurate for those terms, I’ve got a bridge to sell you.

I would like to believe that this was true but just feel the number has to be higher then 2%.

As noted previously, 2% of clicks, not $. If it is anywhere near 2% of clicks, the % of $ is likely well north of 10%, perhaps north of 20%.

I guess my biggest issue with a recent experience with Google on click fraud was that if their system reports to me that a % of my traffic has been flagged as invalid clicks, why not give me that data passed the campaign level only? It would be infinitely helpful to me to know what keywords or even just what ad groups had the invalid clicks so maybe I can implement some negative keywords or contain my bidding for those terms. When I asked for this level of info on my own account I got the “must protect our fraud filter methods” line. How would I reverse engineer anything from knowing what keywords you think are getting invalid clicks? That’s all I want to know, not how you obtained the data, but what the heck the data even is! So basically you’re told you got some crap traffic coming through but don’t you worry you’re pretty head we’ll credit it for you and the crap traffic continues every day from now on! Just give us the info on where the crap is coming from and I’ll do my job and flush the toilet. I really don’t see how allowing that simple info puts anything in jeopardy.

Great article Andy! This really helps to better understand how the fraud is classified and filtered. I am not surprised by the focus on clicks through Adsense but surprised that more layers are not in place for the search only campaigns as I still see some very questionable clicks coming that way.

Frauded,

If this is the worst example of “fraud” we can dredge up, then things must be pretty rosy indeed.

I’m not sure that this really provides much proof of actual fraud, and even if some is getting through, it wouldn’t be hard to combat by lowering bids a bit. Fraud on the search network would be more serious.

400 clicks on the content network should only be costing you around $160 or less if you’re bidding correctly. Just because the traffic isn’t converting on those 400 clicks doesn’t mean it’s fraudulent. It may mean your ad is showing up somewhere it shouldn’t be – somewhere that isn’t very targeted.

Increases in clicks aren’t surprising, either. New publishers are always being added onto the network, or your position may jump up so that you actually appear on pages that would have shown your competitors’ ads previously. This may be a sign that they have lowered bids, so you should, too.

You haven’t offered much evidence of anything untoward, as disappointing as it may be that $160 worth of clicks didn’t convert to anything.

My employer owns nearly thirty online businesses and uses Adwords, among others, to advertise. After receiving a frustratingly low reimbursement (less than 0.1%) from the Lane’s Gifts v. Google Class Action Suit, we are researching the details of the case. In hind sight of course we should have done this before deciding to admit ourselves into the suit, but there didn’t seem to be a compelling reason to opt out. That and the utter lack of information regarding the case were reasons enough to sign on as a class member.

Anyways, I had some questions about the conclusions drawn in article above. (1) Am I to suppose that the discovered levels of click fraud by advertisers are equivalent with the actual amount of click fraud that escapes the previous 3 tiers? That I may discover 2% of fraudulent clicks does not mean that I’ve discovered them all. (2) Does anyone have the ratio of allowable clicks to invalid/fraudulent clicks? For example, of 100 clicks on an advertisement how many are fraudulent (before any screening measures)? Google may in fact be rigorously trying to minimize fraudulent clicks, but my concern lies in terms of how many total clicks are fraudulent. Detecting 98% of fraud is a laudable achievement, but are they catching 98% of detected fraud, not total fraud?

I appreciate your comments to these questions. I would also ask that you point me in the direction of further resources to continue my research into the matter. Anyone else involved in the class action suit?

Take care and happy holidays.

bg,

Only the fraudsters know how much actual fraud there really is. The engines may be able to detect all the fraud, but may not, depending on how clever the fraudsters are in making it look like “legit” traffic. This isn’t that hard to do, when using botnets, spyware, or click farms.

As to the class action, I don’t know that there is much that can be done, since you didn’t opt out. There are some US Congressional inquiries into click fraud, but it’s not clear yet that anyone will see any money from them.

My advice to you is to reduce your ad spend in accordance with the fraud you suspect, and look into alternate, less fraud-prone options such as CPA or fixed fee advertising.

Does this 2% only include Adwords advertisers that noticed invalid clicks? Beal’s statement seems ambiguous, “The click fraud rate – as discovered by most AdWords advertisers – is on average, less than 2% of all clicks through Google’s system.” If that’s the case what about the other advertisers that didn’t notice these “invalid clicks”?

There ARE ways that aren’t exactly perfect, but can often be quite accurate. Google is silent about the method they use, for good reason. Imagine, for instance, that Google had an alarm system for their building. And those concerned about Google’s building being secure might ask “Is there a passcode for the alarm?”

Google’s response might be, “Yes.”

Then someone could ask, “Is the passcode at least 4 digits long?”

The answer, “yes.”

“Is it at least 6 digits long?”

“No.”

“So it’s just 4 digits? How secure is that?”

“No, it’s not 4 digits.”

“Aha, so it’s 5 digits!”

“Correct.”

“But, is it something easy? Like 12345? That would be terrible if it was!”

“No, it’s not easy.”

“Are there 5 unique digits in the number, or is there a repeated digit? I would imagine one is more secure than another, right?”

“There are 4 unique digits, with one repeated. There are only 30,240 possible combinations of 5 digits if all of them are unique. Many more number combinations are allowed if a digit can be repeated.”

“Ah, that’s good… that’s good. So, it’s pretty secure, right?”

“Very.”

“Can the control panel be seen through a window?”

“Yes. There is a south-facing window where the control panel can be seen.”

“Couldn’t someone point a camera into the window to see what code is being punched into it?”

“When the code is being entered, our staff is trained to block the view from the south-facing window.”

“Ah, good… good. Very secure.”

This hypothetical discussion of security, and making sure the building is secured well, only makes things less secure. With this information, someone is now armed with knowledge as to how to thwart the security. For instance, someone could look through the south-facing window to see which numbers on the keypad appear more worn or used than others, then knowing that one digit is repeated and that the remaining digits are unique, one could come up with a short list of possibilities rather than being faced with the much larger set of possibilities.

So, the more information Google reveals about HOW it DETECTS fraud, the more information they would give to would-be-fraudsters to circumvent their detection.

In any case, I would like to illustrate a method that Google COULD be using. By analyzing the user behavior on a controlled website, Google would be able to formulate statistics that represent normal non-fraudulent user behavior. For instance, they might see that a 90% of typical users spend about 19.3 seconds on a website before leaving the page, that 8% of typical users spend 11.2 seconds on a website before clicking an advertisement, and that 2% of typical users spend 3.9 seconds on a website before clicking on one of the ads. By analyzing this data using various barometers, Google could then detect anomalies in activity. Maybe there seems to be an unusually high number of users in a group that are only spending 1.2 seconds before clicking on one of the ads. These anomalies could be investigated further to determine if there are other patterns of behavior that would suggest fraud. By catching these, stopping the fraudsters, but not revealing their secret formulas, would-be-fraudsters would be stuck trying to GUESS (and mostly failing) what this formula is, or how to appear as a fully legitimate user and not a statistical anomaly.

http://www.stareclips.com/?click-fraud

This is a fact of life.
As your product becomes more valuable – theft whether it is shoplifting, counterfiting or click fraud becomes always more of an issue.
The classic neverending question is always ” Do I as an innovator , seller or manufacturer concern myself with this problem and focus on it or do I focus my efforts on more major areas as profitiability or product research ?”

That’s a lie, that’s a BIG LIE !!! Click fraud on Google is WAY higher than 2%

It is always amazing that even with modern technology it is a question of how you wish to portay the numbers or stats to your advantage or end conclusion.
Two slogans or historic sayings come to mind:
1) There are numbers and there are statistics
2)Figures don’t lie but liars figger.

Are you for REAL Andy- What a Load of BULL***T!!!

As if a representative of Google would be giving you the correct figure for which they have are stealing from their client’s worldwide.

If you are stupid enough to believe this story, then all I can say is you deserve to be RIPPED OFF !!

Next thing we will hear from Google is that they are going to give all the fraudulant money created by their own click fraud to charity – All FIVE HUNDERD MILLION DOLLARS FROM ONE QUARTER ALONE – What a joke,

Truthfully Andy – WAKE UP TO YOURSELF

Hi
The messages are very useful. Keep it up.
Googlers are watching our site using which technique.Ill show my google analytics a/c. Where my site is popular in world wide which has unique users of 50% and New also in 50%
http://arrif.blogspot.com

that’s good for advertiser, then ads publishers get benefit.

So there is no reason to fear CF? Kinda like Global Warming (wink, wink) huh?

Seriously, Google is doing a great job and people are still whining. I find that distasteful.

VCM,

I guess it depends on how much fraud is actually out there. Or how
much expenditure can’t simply be written off as the cost of doing
business.

Are Google, Yahoo and MSN robbing you?

Why PPC waste/fraud is still continuing and why Google, Yahoo and MSN won’t help you find it.

I have spent time looking at all the reports Google/Yahoo/MSN have been providing it’s customers for some time now.

The one report that none of them provide is “Length of Visit by Keyword”.

This is a report that would help anyone with managing PPC campaigns in a major way.

So, why is this report not supplied by any of the search engines out there?

It’s simple!

If you knew which keywords people were clicking on and then just jumping out you could adjust you spending on those keywords accordingly.

All the major search engines have the data and tools available to provide you with this report.

I also believe that with the data that most of the major search engines collect that they could even provide us with a much better report than the “Length of Visit by Keyword” report I’ve been talking about.

I would love to see the raw data that Google collects on the sponsored ad clicks.

I bet if any of us could analyze that data we would save tons of money on our campaigns.

As a side note…
Wouldn’t you love to know what products have the best conversion rates and lowest advertising costs? Google and the others have this information. What power these people have!

Another note…
Google and the others know what products don’t sell well over the internet. They could come up with a list of products that have never sold well over the internet and at least warn people before they waste your money. I think a large percentage of people who try to sell something over the internet are wasting their money and I’m including the people who really know what their doing.

They won’t help us with this critical data because they know once you see the waste you will adjust your advertising campaigns to reduce it. That would cost the major search engines billions of dollars once you do.

Google and the others are basically hoping people don’t figure this out. Their saying lets give the customers a bunch of reports and analytics and hope they never notice what we’re not giving them.

The report should at least contain:
IP Address, Date/Time, Search term, Campaign keyword(s), Length of Visit, Number Pages Viewed, Conversion.

All the major search engines are guilty of not providing its customers with this information.

I have been looking for a tracking site that provides this information but have not had much luck.

I’m sure I could find a service or piece of code out there that will provide the important data but why we are not getting these reports from the major search engines out there is a crime.

Harvey Lawton

My suggestion is simple:

Just make sure you never go for any other channels than the search results in google.xxx because the fraud is not from your colleges, its from hungry AdSense sites.

Actually we where closed out by our Google Adsense testing, because our colleges in our local network was clicking on adds, and at that time we didnt now that (our colleges) and we went from PR5 to PR4 some days later.

Thats why we decided AdSense didnt make sense for us. I Assume theres a army of AdSense sites who wants to earn money, and they are asumeably very creative in their ways to make webdesign and have people clicking. Random AdWords Roboting who dont target your own pool but only occasionaly i have been reading about. I Love Google, that why i love to critize also, likewise with my husband…

Here is a URL to an academic research article on this subject — http://ist.psu.edu/faculty_pages/jjansen/academic/jansen_click_fraud.p df

Reference: Jansen, B. J. (2007) Click fraud, IEEE Computer. 40(7), 85-86

I do not believe that the 2% applies to content ads.

You know, upon reflecting on this article, the only way to really know the click fraud rate is to run an experiment between a trusted third party and the search engine.

This the only way to get all three data points in the same place — the content provider, the search engine, and the attacker.

Basically, set-up fake online stores with sponsored search accounts. Then, attack these online stores with various click fraud techniques over a period of time.

Then compare logs from the Websites, the search engines, and the attacker logs.

Jim

Just got banned by AdSense for making too much money on Feb 19, 2008. All websites that we had were generic business websites and everything was legal. Google Adsense’s email indicated a ‘bad business model’. Our translation is ‘We are paying you too much money’. Go figure. We had been up and running for over a year until our websites were getting noticed by Alexa.com and Google AdSense’s mysterious partners.

As a business owner that is just getting started in online advertising…one thing is for sure. Google does not make small businesses feel comfortable with using there services. I would be willing to say the majority of advertisers are small businesses like mine with small advertising budgets. Google put the onerous on business to come to them with all the information. Their training talks about knowing all your competitors ip addresses. The click fraud “training,” if you can call it that, talks to you like your 10 years old and do not have the intelligence to understand what Google does to combat it. “Little Jimmy….little Jimmy are you listening. Don’t you know little Jimmy that not all clicks are fraudulent clicks.” The entire tutorial was them trying to convince me to not pursue because there is nothing to pursue. Give me a break!

The other thing that bugs me is how people let companies like Google and Apple off the hook. “You can’t talk that way about our precious Google and Apple! We believe everything they say is true…because they are not Microsoft.” Any publicly traded company is going to do WHATEVER is necessary to keep up the bottom line. Including showing us silly pictures like the one posted in the article with the three circles. Wake up! That’s insulting!

Even so, 2% is still too much.

Wow, that was scientific.

That’s only the invalid clicks they caught. From our experience, it’s much higher and Google’s customer service staff fight hard to deny any compensations or responsibilities.

i think there some element of click fraud on google we had given http://www.tendertiger.com add on google we do received some invalid and dummy click
regards
prasad

test

I have used google ads before and have often wondered how many of the click I paid for were in fact click fraud