data cloud and measurement business said it detected a new instance of fraud in streaming television that likely impacted millions of dollars in advertising spending, signaling a growing problem for advertisers as they move more dollars into the medium.
The operation, which Oracle Data Cloud has dubbed “StreamScam,” took advantage of flaws in streaming-TV ad-serving technology and the supply chain to fool marketers into paying for ads that were never actually seen by viewers on real devices and apps, the company said.
Based on an estimated average cost of $20 to deliver a thousand consumer impressions in connected TV viewing, the swindlers likely stole $14.5 million over the last four months, according to Derek Wise, chief product officer of Oracle Data Cloud. The scam, which was first uncovered by Oracle over the summer before the fraudsters accelerated their operation in September by faking more devices and apps, is still ongoing, the company said.
Ad fraud is more commonly associated with web video and display advertising, but bad actors are following the money as marketers shift money into streaming TV.
Although still only a fraction of the $60 to $70 billion spent on traditional TV in the U.S. every year, ad spending on internet-connected TV sets, where most of streaming TV happens, will reach almost $8 billion in the U.S. this year and likely total $15.6 billion in 2023, according to research firm eMarketer.
And the ad technology infrastructure underpinning streaming TV remains nascent compared with online and mobile advertising, giving swindlers an opening, Mr. Wise said. “This is escalating significantly,” he said.
With StreamScam, swindlers used a practice known as “spoofing” to trick advertisers into believing their ads were running on legitimate apps and devices, according to Oracle. They used thousands of servers to impersonate “server-side ad insertion” technology, which are systems that stitch ads directly into programming to prevent issues such as buffering during an ad break. These fake SSAI servers then sent falsified ad requests masquerading as legitimate IP addresses, devices and apps.
Oracle said it uncovered StreamScam after noticing irregularities in the measurement data such as ad requests coming from older Apple TV models running on new iOS software that they couldn’t support. An analysis from Moat, a measurement and verification business within Oracle Data Cloud that says it tracks server-side ad insertion as well as ad impressions that actually play, confirmed the purchased impressions and programming never ran on real devices.
StreamScam involved 28.8 million fabricated household IP addresses, and spoofed about 3,600 apps and 3,400 internet-connected TV device models, according to Oracle.
Spoofing, the most common and troublesome version of fraud in streaming TV, requires the exploitation of not just flaws within the server-side ad technology but also a lack of visibility for advertisers buying inventory on open ad exchanges, said Tal Chalozin, chief technology officer of ad-tech firm Innovid Inc.
“That is the core part of all of this,” he said. “They take advantage of there being no direct connection between the merchant and the buyer by inserting themselves into the middle.”
Some advertisers have sought to do more direct deals with streaming-TV ad sellers, sometimes setting up private, invite-only automated marketplaces, in an effort to evade swindlers and secure more control over where their ads run. But the industry will need to improve the technology tools, systems and measurement within streaming TV to more effectively combat ad fraud, Mr. Wise said.
Device makers, for example, can do a better job of disclosing what percentage of different models are being used by consumers currently, which would make it easier for measurement firms to detect anomalies, he said.
Some efforts already have been made to combat ad-fraud in streaming TV. Measurement and tech firms such as DoubleVerify Inc. and MadHive Inc. are developing brand-safety and fraud-management tools. Earlier this week, the IAB Tech Lab, a digital-media industry nonprofit, signaled plans to bring a set of standards to streaming TV called “ads.txt,” which enable publishers and distributors to declare who is authorized to sell their inventory.
Oracle’s Moat, which is used by advertisers as an independent third party to measure and track digital ads, also is pushing clients to make “valid traffic” a requirement before purchasing streaming-TV ads, much in the way they have learned to do in mobile advertising, Mr. Wise said.
“Connected TV looks a lot like digital five years ago,” Mr. Wise said. “Our past told us programmatic advertising without measurement was a bad idea; now we are talking about programmatic ads across connected TV without measurement. We need to learn from our mistakes a little bit quicker.”
Write to Sahil Patel at [email protected]
Corrections & Amplifications
The IAB Tech Lab is a digital-media industry nonprofit. An earlier version of this article incorrectly said that the Interactive Advertising Bureau, a separate organization from the IAB Tech Lab, signaled plans to bring a set of standards called “ads.txt” to streaming TV. (Corrected on Dec. 18, 2020)
Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8