Prevention methods for click fraud on advertisements and their implementation

Question

How can I prevent from abusing by over clicking my ads...or using an automated system, or an iframe with the ad url to inflate the clicks.

I was wondering having the

Answer 1

You have the following choices that you can follow:

For each ad id you can generate a time based encryption. So for example encrypt time with a secret passphrase and then decrypt it with that secret passphrase later.

You can use a public key and private key approach.

You can have a two tier system where an ad is clicked the click is validate to see if it is being loaded in an iframe or if that window is active.

Another method is to look at the transactions that take place. if the visitor has clicked the ad and then look at how many actually reach the destination and for how long.

Answer 2

Protection has to be mainly on the server; anything on the client (browser) is too easily compromised.

Start by do something slightly differently from everyone else. If I were doing this I'd use an image map to partition the image up into 10 (or more) sections and measure the average click frequency of each section. You can use this data to statistically weight the probability that this is a real click based on other clicks. Possibly partition off 0,0 and the extremities.

Also I'd protect this largely on the server by serving up each ad with a unique tracking id and correlating this (on the server) to allow the following to be monitored:

1. IP Address - obviously if ads come from the same IP or a lot come from a similar GeoIP (use the GeoLite City.
2. Measure the Click Through Rate (CTR). Usual CTR should not exceed 10%. Usual CTR should ranges from 0.5% to 10%.
3. Set cookies to track the browser.
4. Monitor click patterns, suspicious when a click results too soon after page load - so track the time of ad serving and if a click is too soon flag this. Usually genuine clicks will happen after a person has had time to digest the content.
5. Check referrers - very few sites will come from a direct type in with no referrer.

I'd resist the temptation to do too much on the client side as it's far to visible and easier to compromise.

Once you've implemented the above it should be used to produce reports that allow a person to asses the possibility of click fraud, any automated system will never be as good at spotting patterns.

Also worth reading White Paper: ClickTracks Analytics Inc. ClickTracks Approach to Click Fraud Analysis