With the cloud comes fraud 2.0
Rich Kahn
May 31, 2017

Famous hacker, Kevin Mitnick, recently wrote in Wired that the cloud is where we’re most vulnerable, in part, because the popularity of cloud-based email services provides ready avenues of attack for those with nefarious intent. Mitnick’s warning was directed at consumers, but given the scale and scope of cloud computing investments, advertisers should be worried too. The sky isn’t falling, but what’s coming next will make recent challenges for the advertising industry look small by comparison.


Kahn

Anti-fraud is always a step behind

Fraud comes in many forms, but you can’t detect what fraudsters have yet to invent. In other words, anti-fraud is a reactive discipline. Big technological disruptions, like cloud computing, give fraudsters an opportunity to expand their lead.

Before cloud computing, fraudsters first had to find and compromise hundreds of servers. That took a lot of time and quite a bit of skill. Today, server access is no longer a limiting factor and hacking tools have become more accessible to a larger community. Using the cloud, fraudsters can spin up hundreds of servers quickly and only pay for time used. Essentially, cloud technology makes it easier and cheaper to commit fraud in much the same way that it reduces costs and increases efficiency for legitimate businesses

Fraud is more complex than we think

There’s a misconception among advertisers that an IP address is either infected or clean. In fact, to give you an idea of how complex detecting fraud can be, a device can send both legitimate and fraudulent traffic at the same time.

Suppose you download a free game, and unbeknown to you, that download contains malware. Later, when shopping online, your computer will run slower than usual because in addition to the legitimate traffic that comes from your actions, the malware may be sending fraudulent traffic.

Compounding matters, you may eventually run a program to clean up your computer, which means the advertiser is going to have to make a judgment about your IP address based on a lot contradictory information. That judgment call depends on data—not just a brief snapshot, but a long history. That’s because detecting fraud is largely about understanding the complexities of user behavior. Those complexities grow exponentially in the face of cloud computing.

A decade ago, the average home had only one connected device—a computer. With only one way to get online, user behavior fell within a relatively narrow framework. Today, we connect phones, televisions, even thermostats. Soon, homes will have dozens of connected devices. On the one hand, the proliferation of connected devices expands the cloud and gives fraudsters more room to maneuver. However, at the same time, the cloud also represents a radical change for user behavior, adding more complexity to the challenge of discovering fraud.

The cloud makes it easier for fraudsters to look human

While far from foolproof, focusing on human engagements that can only be delivered by humans is a good way for advertisers to mitigate the fraud problem. Unfortunately, cloud computing makes it easier for fraudsters to develop more accounts and spoof human behavior, which means advertisers are going to have to go deeper into the weeds to understand their traffic. How deep in the weeds?

The answer is as deep as you can go. Remember, cloud computing makes it easier for a single fraudster to do a lot of complex things at the same time. Not only can they spin up a suite of servers on the cheap to send fraudulent traffic, they can deploy bots to fill out forms and even automate fraudulent transactions with stolen credit cards. That means advertisers can’t be content to focus on conversions; they need to go the extra mile and make sure that the suspicious traffic that led to a sale didn’t result in a chargeback a month later.

Are you ready for fraud 2.0?

While combating fraud 2.0 represents a technical challenge, perhaps the biggest challenge is facing the real scope of the problem. The cloud scales our capabilities while magnifying our vulnerabilities. Unfortunately, it often takes a big disaster to raise awareness about the problem. No doubt, Kevin Mitnick’s warning struck a cord outside the IT community because hacked emails have played such a prominent role in political news for the past two years.

Advertising hasn’t suffered a cloud-based fraud on that scale—yet. But eventually, advertising will be hit hard enough to cause an industry-wide outcry. When that moment comes, the advertisers that did the hard work of facing the threat early will see the greatest return on their vigilance.

Richard K. Kahn, co-founder and CEO of eZanga.com, Inc., has been a leader in the online advertising industry since 1993. Rich started eZanga.com, a digital marketing firm specializing in pay per click and pay per call advertising, in 2003 with his wife, Beth.