There’s a fairly in depth article at BusinessWeek that goes into click fraud and what is being done about it. Once upon a time I used to work for one of the very first banner advertizers on the web, so I am personally very familiar with how click fraud works and how to stop it. In fact, when I started, we were seeing numbers in the 10-20% range of fraud and when I left, we saw less than 1% fraud. Still, if you consider that that could account for millions of impressions and hundreds of thousands of clicks it’s still a huge number that advertisers don’t want to shoulder in expense.
First of all, let me get my rant out of the way. Banner advertizing (not text based, just the images) is highly flawed. The advertizers will ask you to create a banner that his highly attractive to consumers (like hit the monkey) the problem with that is that they create a huge amount of clickthroughs which is great for the banner advertizing companies, but it’s terrible for the advertizers because they don’t make any money off of it. Unqualified leads aren’t worth anything. It is really in your best interest to make the most ugly banner possible, that no one would ever want to click on unless they knew for a fact that money would immediately be withdrawn from their account. Anyway, sorry for the rant.
Okay, so how do banner advertizers catch you? Well without disclosing everything, there are a few key things to remember. First of all is ratios. If your ratios get extremely out of whack (over 1% clickthroughs/impressions) it’s highly likely that you are fraudulent.
Second, you are exposing only what your browser exposes (referring URLs, user agents, etc…). So if you expose the same thing over and over, or fail to do so, your ratios are off in that way too.
Third is cookies. For repeat users, you probably should have a series of cookies. Chances are you have had a cookie set by one of the banner advertizers. If for some reason none of your traffic ever send a valid cookie twice, that looks bad. Then there is the inifinite monkey thing, where they set up fake advertizers with free contests. If they never see anyone click on the free contest to win a plasma TV then they know your traffic is fake (in an infinite monkey with infinite typewriters situation). Think about click fraud detection as anomaly detection.
It can be done under the guise of understanding what is on the page so you can do targeting, but in the end they are doing data collection. They want to know what is on the page, who is calling it, and if they are committing some form of fraud. The trick is that they have only recently been figuring this out, as you can see by the statistics of how much they are paying out in fraud loss. In fact it was mentioned as one of the main ways that Google could fail as a business model. Having worked in the industry and invented a lot of the technology I’m talking about, I really have no opinion about it. Lots of it is flawed, which is why I quit - click fraud prevention is just too flawed.