washingtonpost.com
In Game of Click and Mouse, Advertisers Come Up Empty

By Leslie Walker
Thursday, March 16, 2006

Radiator.com got a jolt this month from the firm it hired to audit the nearly $40,000 worth of sponsored links it buys every month from Google and Yahoo.

It appears that many of the clicks on the Web site's search-engine ads were made not by potential customers but instead by automated programs or people trying to drive up Radiator's advertising bill. Like other advertisers that place links on search engines, Radiator.com pays only when people click on the links.

After analyzing where and when each click came from, auditing firm ClickFacts Inc. estimated that 35 percent of the referrals that Radiator paid Google for stemmed from bogus traffic. Likewise, 17 percent of the leads that came from Yahoo search results were illegitimate.

"They are reporting some very high fraud rates to us," said John Thys, director of Internet marketing for 1-800-Radiator, the Benicia, Calif., distributor that owns Radiator.com. Thys said his firm will present the report to Google and Yahoo next week and request a refund for the invalid clicks.

Such activity, commonly known as click fraud, may be far more common than search engines are willing to admit. Over the past year, click fraud has mushroomed into a problem so thorny that some analysts fear that it could bring the high-flying Internet economy to its knees.

I don't know if the issue is that serious, but I'm convinced that it deserves more attention than it's getting, especially since Google distributes paid links all over the Web and shares ad revenue with thousands of sites.

Think about it: If revenue from paid links suddenly were to shrink or dry up, you could kiss a lot of Web sites goodbye.

Google has repeatedly pooh-poohed click fraud, contending that it is a minor annoyance that it has under control with automated detection technology. At a meeting with analysts two weeks ago, chief executive Eric Schmidt said click fraud "is not a material issue." Co-founder Sergey Brin said such cases amount to "a small fraction" of Google's ad clicks.

But six days later, Google surprised analysts when it agreed to settle an Arkansas class-action lawsuit by setting aside $90 million worth of ad credits to advertisers that can show invalid click charges dating to 2002.

Few other details were released regarding terms of the settlement, still to be approved by the Arkansas court. Yahoo and six other search engines remain defendants in that case.

"We stand firmly by our proprietary click-protection system and look forward to vigorously defending our system," said Gaude Paez, a Yahoo spokeswoman.

Some analysts worry that Google is rushing to establish a legal precedent that could undermine a more serious click-fraud suit pending in federal court in California. That suit, which alleges that Google knows that click fraud is rampant and has not taken significant steps to prevent it, will be considered for class-action status at a hearing in May.

"Google is getting a deal," ClickFacts co-founder Michael Caruso said, referring to the Arkansas settlement. "This is chump change to them."

Google reported $6.1 billion in revenue last year.

Caruso said his year-old firm has seen fraud rates for Google ad campaigns range from 20 to 40 percent. Other studies have estimated that bogus clicking accounts for 10 to 30 percent of all clicks on sponsored links.

Click fraud is not new, of course. It has plagued pay-per-click advertising ever since Overture Inc., later bought by Yahoo, pioneered the ad model in the 1990s.

At Yahoo and Google today, merchants compete in online auctions to set pricing for keywords that trigger text links on search-results pages. Radiator.com, for example, pays from 80 cents to $1.20 for each click on sponsored links that appear when someone searches for "radiator," "car radiator" or other phrases.

The two most prevalent types of fraud are competitive sabotage -- rivals clicking to drive up ad costs for competitors -- and affiliate spam -- affiliates clicking on ads appearing on their own sites to boost their share of ad revenue from Google or Yahoo.

Analysts say affiliate spam is more common and really took off after Google launched its AdSense network, which distributes paid links to thousands of non-search sites. They get a share of Google's ad revenue based on clicks, giving unscrupulous publishers an incentive to inflate their clicks.

Yahoo started a similar ad network last summer but limits participation to invited sites to maintain quality and reduce the risk of ad spam, Paez said.

Over the past 18 months, cottage industries have popped up on both sides of this click-and-mouse game.

For $29 or so, anyone can buy fake traffic generator software such as Smart HitBot, Fake Hits Genie and Fakezilla, programs that can send bogus traffic to any Web page or ad.

But click-fraudsters have to watch out because more and more electronic sleuths are trying to catch them. Start-ups with names like Click Tracy, Click Detective and WhosClickingWho analyze traffic and tell advertisers about suspicious activity, such as a surfer in Malaysia repeatedly clicking on ads for a dentist in Baltimore.

Established Web analytic firms are adding fraud-detection capabilities, too. ClickTracks, for example, recently started a service that analyzes 20 variables surrounding each click and compares them with historical data to determine which are legitimate.

Jessie Stricchiola, president of Internet ad consultancy Alchemist Media Inc., said the big stumbling block that search engines face in combating fraud is lack of access to evidence that could prove it -- namely, what customers do after clicking on ads. Bogus visitors almost never buy anything, while a certain percentage of legitimate customers do. Advertisers, however, are reluctant to share sales data with the search engines.

Stricchiola is pushing for standards in Internet ad auditing. She recently teamed with Fair Isaac Corp. to study whether its formulas for detecting credit card fraud might help identify click-fraud.

Cynics fear that the search engines are too afraid of how much revenue they might lose to truly commit to fighting click fraud.

But I can't believe they'd be that stupid. They must know that if they don't find a solution soon, this escalating crisis of confidence could cripple search advertising for years to come.

Leslie Walker welcomes email atwalkerl@washpost.com.

View all comments that have been posted about this article.

© 2006 The Washington Post Company