Ad-supported Music Services Can Be Abused By Bots

About 10% of online advertising revenues are lost to fraud, often involving bot networks that create fake impressions and clicks. Given that ad-supported music services are part of this market, is it credible that they are completely fraud-free?

A known problem: widespread fraud in the online advertising business

Last year the worldwide online advertising industry was worth USD 129 billion, but perhaps 10%, or USD 13 billion, was paid to fraudsters.

Two known fraud mechanisms include:

  • Fake websites: Here, the fraudster sets up a legitimate-looking, but fake website that carries ads. Some of these websites can look highly professional and on first glance would not arouse suspicion.

    The fraudster then uses a network of bots to request pages from the website to build a traffic profile which is then used to join a number of ad networks, which might include Google. The money now starts rolling in: advertisers are ultimately paying the fraudster for the fake ad impressions or clicks.

    In this arrangement, the fraudster collects all the fraudulently-generated ad revenue.
  • Deals with legitimate publishers: In this case a legitimate publisher website unwittingly does a deal with a new partner who offers to provide the publisher with inbound traffic (e.g. requests for pages on the publisher’s website, as might be achieved naturally by inserting a link to the publisher’s website on another website, for instance).

    The fraudster then programmatically creates traffic and sends it to the publisher who then serves pages that contain ads.

    In this arrangement the publisher and the fraudster have to share the fraudulently-generated ad revenue.

These, and other, online ad fraud mechanisms have become possible for four main reasons:

  • The byzantine complexity of the online ad industry means that is it impossible to define the value chain for every ad impression.
  • Lack of protocols for validating ad inventory mean that inventory is traded without any guarantee as to its legitimacy.
  • The presence of multiple layers of intermediary who are just in the business of buying and selling ad inventory, makes it possible to launder dirty inventory.
  • The increasing amount of automation in the online ad market where complex algorithms are used by advertisers to minimise their costs (i.e. buy-side platforms) and publishers to maximise revenues (i.e. sell-side platforms), means that the focus has shifted to real-time revenue maximisation and cost minimisation.

Specifically, it is relatively easy to ‘launder’ fake inventory using a network of intermediaries. Like a money-laundering operation – which relies on inserting a small number of fake transactions into a large volume of legitimate transactions – by the time an advertiser comes to audit their traffic report from their media agency, the percentage of their spend that has gone to criminals is low and will just appear at the end of the report as part of an ‘other’ category (which means that the ads were served by unknown sites to an unknown audience).

If the fraudsters are clever about how they manage their operations - so that the value of the ‘other’ category is less than 10% (for instance), then most advertisers will not even care.

It should be noted that even well-managed ad platforms like those run by Google, Facebook and Twitter – who have control of their entire operations – are not immune to these problems and they have all been making strenuous efforts to reduce the amount of fraud on their networks. But it is certainly not zero...

What does this mean for ad-supported music services?

Our projections are that music subscription services will earn around USD 1.1 billion in 2015 from advertising. This figure includes services like Spotify (which in 2014 derived 9.1% of total revenues from advertising) and Pandora (80% of total revenue in 2014 came from advertising), plus all other subscription music services that have an ad-supported element.

But if 10% of total online advertising revenues are paid to fraudsters who are using technological measures to generate fake page views and clicks,  then what percentage of fraud exists in the ad-supported music streaming segment?

It somehow seems implausible that the answer is zero.

So if we assume that there is an element of fraud in the ad-supported music streaming market then how might it work?

Let’s imagine creating a fake account with a music streaming service that offers an ad-supported option.

If we assume that the process of creating an account can be automated then we could create many accounts over a period of several months, potentially in multiple countries and with multiple services.

We can imagine how this network of accounts could be managed using a central control interface, which would allow the operator to control listening profiles and of course the artists and tracks that each ‘bot’ would demand.

It would be quite difficult for a music service provider to discover that a given account was fake:

  • The fraudster could manage his bot network intelligently, so that the ’listening’ behaviour of individual bots was modelled on a human listener. Random elements could be added so that the bot network looked like a human network;
  • Intelligent management would also mean that the total number of streams of a given artist or track did not suddenly sky-rocket;
  • Any attempt to use the IP address to identify the fake accounts could be circumvented by routing requests through a network of proxy servers, or even the PCs of other users (although this would require the installation of malicious software of those PCs).

The final stage would be to enable a payment mechanism: the fraudster would need a connection to a legitimate artist account in order to receive payment from ad impressions arising from the fake listening.

While the fraudster could be a real artist, very few artists would have the ability or the technical skills to create the infrastructure needed to artificially increase the number of streams for their own music – even if they had the desire.

Hence, it seems the most likely model would be for someone to develop the platform and then quietly present it as a ‘revenue booster’ proposal to a select number of artists who are unhappy with the payouts they are receiving from their music.

It is interesting that this would not actually damage anyone in the music industry: artists would boost their income, affected music service providers would benefit through increased user accounts and ad revenues and record labels and music publishers would also see increased revenues in terms of royalty payouts.

The losers would be advertisers who would be paying to support this illegitimate ecosystem.