What is creative scanning?
There are many partners in the programmatic system that may perform scanning on ad campaigns. These include partners such as: DSPs, SSPs, publishers, and DoubleVerify. The goal of running this scanning are to ensure campaigns are not vulnerable to attack, are not hijacked, and operates properly. Just as ad fraud can exist on the supply and inventory side, malware can be coded into assets leveraged on the buy and demand side, for example HTML5 display creative and web pages. As a general rule of thumb, if something can be coded, it can be at risk and vulnerable to attack. If malware can be placed, it could lead to ad fraud (among other malicious activity: personal information phishing, creative scams, and computer hijacking). This scanning is a crucial part of the process to ensure nothing fraudulent is happening.
There are two specific points in the activation process in which scanning occurs:
- When display banner creative is uploaded into DSP platforms, in conjunction with the supply, SSPs, and publisher platforms, it performs click checks on the creative first to ensure it abides by their advertising policy, as well as clicks through to legitimate landing pages. This occurs any time a new campaign is launched and/or if there are new creative pieces put into rotation.
- Throughout the duration of a campaign flight, creative scanning partners like GeoEdge and The Media Trust will again perform creative checks in an ad-hoc, randomized fashion to ensure there are no potential hijacking risks. This is usually performed at a much less frequent rate than the scanning that occurs when new creative is added.
Why does it occur?
Creative scanning is intended as a protection for both the publishers and the end user. “Bots” (good bots) will crawl the creative and follow through the click path to (typically) the landing page (one click). This helps ensure that the user isn’t being presented with a “bait and switch” type offer, and helps ensure that users won’t encounter a low quality and potentially dangerous landing page after clicking on an ad. Additionally, it helps the technology partners (DSPs and SSPs) ensure that the advertisement experience matches the stated classification and categorization to ensure proper compliance to potential regulations.
To be effective, creative scanning will typically happen in a manner that is meant to look like general user traffic and can be hard to isolate. If it were consistently from a specified set of IP addresses, for example, dubious advertisers could figure out the pattern and modify the behavior of the ad accordingly to “appear” safe.
How can this scanning activity impact your campaigns?
Because this third-party scanning activity is meant to be unpredictable and untraceable, it is quite difficult to extract the activity from our campaigns’ performance data.
The implications across the two types of scanning also varies:
- For initial scanning and approval of the creative assets, it can inflate clicks on the first day the campaign runs.
- For ongoing scanning throughout the campaign, it can lead to significant variances from DSP-driven clicks, to site-side sessions when the site-side activity is filtered down to the DSP as the referrer (we’re seeing this across Google Analytics and Adobe Analytics).
What is Butler/Till doing to address this?
It is important to note that creative scanning is a universal industry practice and not specific to any one agency or DSP platform. It occurs to every advertiser, on every DSP, and impacts every analytics platform, too.
At Butler/Till, working collaboratively between our Programmatic Channel Team and our Analytics Team, we’ve been able to run a series of “data tests” to filter out as much of this data as possible. There are several signals we pair together that lead us to believe some sessions-based activity can be directly tied to creative scanning:
- The geo referrer is outside of what’s been set at the campaign and ad verification partner settings.
- There is either a very high (98-100%) or very low (0-2%) bounce rate.
- This activity drives either 0 or exactly 2 page views per session.
- Future state, The Analytics Team is considering a revised model, where instead of looking to filter out (remove) invalid traffic, they qualify valid traffic instead, which is a more robust solution.
Together with our Programmatic partners (DSPs, SSPs, and Ad Verification), we keep an open dialogue on their scanning activity to continually evolve our data testing approaches. When we see changes happening in our ecosystem, we are better equipped to tackle those challenges to meet our clients’ evolving needs in an ever-changing marketplace.