Registration fraud is harder to detect than click fraud. Why? Because the attacker programs bots to mimic your business process. It directly affects your revenues, and can be detected only afterwards. But you can avoid the damage when treating this threat as a business matter.
What is Pay-Per-Registration Fraud?
The term click fraud refers to a type of fraud that occurs on the Internet in pay-per-click (PPC) online advertising. Dating, gaming or gambling sites do not use pay-per-click advertising; they pay publishers for pay-per-registration: they pay for each user who has been directed from the publisher’s site and completed an online registration form through their web site.
A registration fraud occurs when an automated computer program, facilitated through a bot, imitates a legitimate user registration process to a web site. The advertiser may receive hundreds or thousands of new registrations per day, for which they need to pay the publisher. The cost per registration may range between $1 to $5. The advertiser would detect only later that a portion of the registered accounts were created by fake users, which stay dormant forever.
Understanding the Nomenclature
PPC and pay-per-registration (PPR) are common internet advertising models used to drive traffic to websites. The target websites are called advertisers, and they pay publishers (search engines, news sites, social networks) when an ad is clicked.
Fraud occurs when artificial users click on ads without having a real interest in the target of the ad’s link. Click fraud is the subject of some controversy due to publishers being a key beneficiary of the fraud.
Registration Fraud is a Business Problem, Not an IT Problem
PPC and PPR fraud is typically generated by bots, which are running hundreds of machines that click or register to the victim website or service. Detecting click fraud requires the implementation of a Bot Manager solution. Unlike other cyber threats whose revenue damage is indirect, click fraud has a direct impact on the advertiser’s revenue. A mid-size dating site typically registers hundreds to thousands of new users every day. If one-third of the new users are fake, they may find out they pay $1,000 every day to the publisher – for garbage.
Therefore, click fraud is primarily a business problem. A CMO or CRO would be the focal point to discuss how to reduce the click fraud risk and minimize the cost of fake user registration. For them, security is a business enabler, and they look for highly accurate classification of good and bad bot traffic. Analytics and meaningful reporting are key to making business decisions.
Here are the main questions a CMO/CRO should be asking when selecting a Bot Manager solution:
- How do you detect registration fraud today?
- What costs are involved when fake users register to your site?
- How sensitive are you to false positives (blocking a real user)?
- What information would help you analyze the health of your registration process?