Digital changes everything: The new reality of fraud mitigation

Fraud has been a persistent problem in our industry for years. And it’s on the rise. In fact, a recent study by Juniper Research showed that advertising spend lost to fraud will increase in 2019 by a whopping 21 percent over 2018. And that’s just in the advertising space. There’s no doubt that the billions of dollars gushing through the market research industry every year provide more than ample motive for fraud. Combating the dynamics of this ecosystem is now within our reach due to advances in automation, AI and other technology. But first we need to understand just exactly what – and whom – we are dealing with in this new reality.

Online research, due to its relatively high payout, has attracted its share of malevolent actors. Estimates of fraud in surveys range from 5-20 percent of completes, sometimes higher. In the early days of the Internet and online research, fraud was confined to a small group of people who, without the benefit of automation, needed perseverance to achieve multiple registrations, complete multiple profiling studies, and then actually get invited to take surveys for money. As such, the barriers we put in place, like email and address validation, could be fairly effective. In the age of automated digital recruitment however, speed, scale, and sophistication benefit both good actors and bad actors.

The Juniper study referenced above attributes the rise of fraud to “online scammers using more sophisticated techniques and to smaller advertisers not adopting anti-fraud solutions.” We agree. Fraud has become a massive, high-tech business in market research as well as the broader marketing industry. Attacks are sophisticated in nature, automated to an extent that a single person can launch thousands upon thousands of attacks on panel company servers, and even include the trading of stolen credentials in the Dark Web. These are not “bots” as so many in the industry call them, as if they were amateurishly written programs. These are humans working with machines and they are easily defeating the industry’s “best” tools.

Many of you will recognize the conventional detection measures used in online research today, such as:

• Email validation
• Address validation
• Digital fingerprinting (machine, browser and Internet connection data)
• Trap questions
• Honeypots (hidden computer code aimed at stopping “bots”)
• Captcha (typically alphanumeric characters that can be read by humans but not machines)
• Expert rules (static, human-created rules behind the scenes to trap mindless machines)
• Analysis of open ends (first manually, but increasingly involving artificial intelligence)

Unfortunately, although these techniques are necessary, they are individually and collectively insufficient. At best they only stop the amateur. The trouble with each of them is that they are static. In other words, once they are discovered, fraudsters can continue to exploit them until the holes are patched.

Dynamic Fraud Detection is the Key

Our techniques for detecting and squashing fraud MUST be able to respond without human intervention to changing threat vectors. If the fraudsters are using machines, we must do so as well – and do it better. This is achieved through artificial intelligence (AI). Machine learning, a subset of AI, significantly enhances detection. Using billions of data points and leveraging domain knowledge at the outset, machines can be trained to recognize unusual emerging patterns. Today the system may detect a huge number of entries from people claiming to be young males in New York making $100,000 per year. Tomorrow it may be an inordinate amount of mothers in Minnesota. The key is that the system adapts to changing threat vectors without requiring meetings, conference calls, and refactoring of survey templates.

Equally important to containing fraud is the capture of personally-identifiable information (PII) on the individual. While this comes with high standards for data protection and privacy, it greatly facilitates fingerprinting and fraud detection. It also eliminates one of the main concerns about real-time sample, as it results in a concrete “opt in” event and permits all kinds of work that was heretofore impossible, like recontacts and product tests and even offline qualitative work.