From my Forbes.com blog The New Persuaders:
It’s a question that has haunted online advertisers since soon after Google perfected pay-per-click search ads a decade ago: Are those clicks from real potential customers, or are they from scammers draining my ad budget?
Now the issue of “click fraud” has hit Facebook full-force. On July 30, Limited Run, which provides software to enable bands and music labels sell physical products like records, said it was closing its Facebook account after finding that some 80% of the clicks it got during a recent ad campaign on Facebook were likely generated not by real people but by bots. Those are coordinated groups of computers hijacked by scammers or spammers, so any clicks they generate cost advertisers money for no benefit. (In a separate issue, in fact the main reason Limited Run said it’s leaving Facebook, the company also said Facebook asked it to spend $2,000 on ads in order to change its Facebook page name, something Facebook has said is not its policy.)
Limited Run said it came to the conclusion that the clicks were fraudulent after running its own analysis. It determined that most of the clicks for which Facebook was charging it came from computers that weren’t loading Javascript, a programming language that allows Web pages to be interactive. Almost all Web browsers load Javascript by default, so the assumption is that if a click comes from one that isn’t, it’s probably not a real person but a bot.
To be clear, Limited Run isn’t charging that Facebook itself is responsible for those apparently fraudulent clicks. Often the culprits in click fraud are small-time ad networks and other outfits that pay people to click on Google and other ads they run on their sites, though that’s unlikely to be an issue for Facebook, which does not yet run its ads outside its own site as Google and others do. Perhaps, Limited Run has suggested, rivals could be using the bots to cost the company money by forcing it to pay for useless clicks.
The click fraud issue has at times loomed large for Google and other companies because of the potential impact on advertiser trust, and Google continues to fight click fraud–as does Facebook. Indeed, the issue isn’t new for Facebook either, with complaints, including lawsuits, bubbling up since at least 2009.
But while click fraud doesn’t seem to have driven away a large number of Google advertisers, whether because the company has minimized it or because advertisers simply factor it in as a cost of doing business online, the issue is a particular concern for Facebook now. It’s trying to prove to skeptical advertisers and investors that its ads work, and claims that there’s rampant click fraud don’t help. At the same time, Facebook has said recently that some 1.5% of its nearly 1 billion accounts are “undesirable,” meaning “user profiles that we determine are intended to be used for purposes that violate our terms of service, such as spamming.
Facebook has declined to say much about the Limited Run situation, though the company says it believes it catches and filters out the vast majority of “invalid clicks” before they’re even charged to advertisers. Its own page on “click and impression quality” doesn’t reveal much detail about how it deals with click fraud, however, so I asked the company for more insight on what it’s doing about the problem.
Mark Rabkin, an engineering director on Facebook’s ads team, responded to questions by email. While at times he’s repeating what Facebook has said before, he also reveals that the company has a growing staff of 300 people working on security and safety and explains in more detail the various ways the company tries to catch bad clicks. Here are his answers. …
Robert Hof 