Documentation

Advertising Compliance Authority (ACA)

Methodology Description

1.0 Introduction

The Advertising Compliance Authority (ACA) service provides verification of pre-bid Ad Requests by Real-Time Bidding (RTB) Network/Exchanges and tracks display, video, social, mobile and in-app Impression (CPM/CPV) and Performance-based (CPC/CPL) advertisements.  This combined procedure effectively stops Ad Fraud while supporting the advancement of the Programmatic Advertising Industry by generating a vast array of Trusted Digital Advertising Intelligence including Absolute Domain, Botnets, and End-Node Browser Signatures which is analysed in Real-time for Data Compliance, Integrity, and Audit.  This Methodology Description is a summary of ACA’s measurement processes, including a basic description of our Data Filtration, Collection and Compliance in addition to audit capabilities, deconflict rules, reporting and analysis procedures, current limitations of the system, as well as our data policies.

2.0 Data Collection, Filtration & Compliance

The ACA deploys two (2) distinct and integrated methods, namely Data Connectivity through the ACA API and Data Collection from the ACA Sensor to collect all necessary digital intelligence generated from an ad campaign globally.  The ACA ensures Data Compliance by analysing that intelligence for any variances in the intelligence gathered in Real-time and Historically. No other ad fraud vendor combines these methodologies to ensure full data integrity to combat the global ad fraud issue.  By deploying both the API and Sensor, the ACA provides significant competitive advantage, digital intelligence, and financial compliance for the entire digital advertising ecosystem including the Advertiser, Agency, Advertising Network/Exchange and Publisher.

2.1 ACA API

According to the IAB, Ad blocking is less burdensome and carries less infrastructure risk when the verification function is integrated into the ad serving systems and decisions are made pre-serve. The IAB reported in their Open RTB API Specification Version 2.0 that this type of integration of verification services into advertising infrastructure is encouraged for the future (IAB).

The ACA API provides advertising networks and exchanges with single-digit millisecond latency access to an ACA Advertising Customer’s domain compliance response at the pre-bid level. This includes a binary compliance response to an inquiry request for the status of a domain where an ACA Customer’s ad is targeted for an impression before the ad is displayed. The list of domains queried to create the response are derived from a customer selection, provided by the customer and/or provided by the ACA. 

2.1.1 Infrastructure

The ACA is globally distributed and is located in the NY5 Equinix Ad-IX in Secaucus, New Jersey and directly interconnected and or accessible to every major U.S. advertising network and exchange. The ACA is a strategic member of the Equinix Ad-IX. The ACA is available in 31 major business markets across five continents and it is accessible to more than 950+ networks to assure the delivery of ACA responses in single-digit milliseconds.

2.1.2 Latency

Concurrency Level:       20

Time taken for tests:      0.800 seconds

Complete requests:       500

Failed requests:             0

Write errors:                   0

Keep-Alive requests:     500

Total transferred:           102000 bytes

HTML transferred:         7000 bytes

Requests per second:   624.79 [#/sec] (mean)

Time per request:          1.601 [ms] (mean, across all concurrent requests)

Transfer rate:                 124.47 [Kbytes/sec] received

2.1.3 Transport

The base protocol between an exchange or network and the ACA is HTTP.  No custom headers are required by this specification.  All conforming calls return HTTP code 200. One of the simplest and most effective ways of improving connection performance is to enable HTTP Persistent Connections, also known as HTTP Keep-Alive. This has a profound impact on overall performance by reducing connection management overhead as well as CPU utilization on both sides of the interface.

2.1.4 Security

ACA API Connections are IPSEC (secure IP over the internet).

2.1.5 Data Format

An HTTP request string is the format for the domain request. Response data is provided in JSON (JavaScript Object Notation) format (see examples below):

2.1.6  API Data Points Collected

The ACA API requires that the Ad Network / Exchange and/or Publisher makes an API Domain Request pre-bid, and obtains, among other data the following information from each Request:

•      Absolute Domain that is being Requested (i.e. mygame.foo.com)

•      Name of Ad Network / Exchanage or Publisher

•      Ad Network / Exchange or Publisher ID

•      Token of Ad Network/ Exchange or Publisher

•      Name of Client or Advertising Customer

•      Client or Advertising Customer ID

•      Advertisement/Bid ID

This information is then held in the ACA Datastore for future reference, compliance matching, and system audit to ensure the Ad Network / Exchange complies with the API Response.

2.2  The ACA Sensor

The ACA Sensor examines a number of variables during an Advertising Impression or Performance Advertisement transaction.  The Sensor determines if an Ad Impression or Ad Transaction is being generated on an illicit Domain or if the Impression or Transaction is being generated by either a Human or a Bot and within the scope of the Customer’s advertising insertion order by performing a number of Real-time Data Collection, Analysis and Response functions.

2.2.1 Generating Sensor Tags

The ACA collects all necessary telemetry and data using a standard JavaScript ad tag. This tag is seamlessly deployed in any ad server and enables an agency, advertiser or other third party to track impressions and performance metrics with our tracking pixel, prior release of the ad to the ad network or exchange. The tracking pixel is code that is inserted into creative that makes a server call and returns a transparent 1x1 image (a GIF file). Our ad tag is provided to each client and it accepts an unlimited number of values including: campaign name, client name, creative classifications, placement, domain or site, display advertisement size and any other customized parameters.  The ACA Sensor requires JavaScript on the client and does not offer a NOSCRIPT tag.

2.2.2 Hidden iFrames

The issue of tracking Ads within iFrames is well-known within the Digital Ad Industry. Issues include Hidden iFrames (up to 72 layers) and entire websites being loaded into iFrames to boost Impression numbers, multiple redirects and auto-refresh of pages.  Our Ad Tag gathers a comprehensive amount of Telemetry for both On-page and Cross-domain iFrames implementations. Using a unique “Domain of Origin” approach, we are able to “See Through” each iFrame and gather Domain Intelligence of each Ad tat has been obfuscated with multiple iFrames.

2.2.3 Sensor Data Format

An HTTP request string is the format for the domain request. Response data is provided in JSON (JavaScript Object Notation) format (see examples below):

2.2.3 Ad Impression Intelligence

The ACA Sensor retrieves all necessary telemetry data when an ad impression occurs. For web pages or browser tabs which are open but not active, the ACA Sensor sits dormant until that page or browser tab again becomes active. In this way, the ACA persistently collects impression intelligence (see Sensor Data Points Collected below) from any active web page without time or browser constraints. The entire intelligence gained from each impression is then captured in the ACA Datastore for Data Analysis, Prediction and Compliance assessment.  This intelligence is gathered across all digital devices where the ad was rendered, in addition to “in-app” ads being displayed.

2.2.4 Ad Performance Intelligence

The ACA also tracks Ad Performance metrics including detection of Bot Generated clicks and sophisticated fake mouse movement (or non-movement) and page scrolls.  We gather all this Performance Intelligence in the ACA Datastore and apply Data Analysis, Prediction and Compliance models that continuously evolve and dynamically change due to the fraudulent online behaviors of the Digital Ad Industry.

2.2.5 End-Node Browser Intelligence

The ACA Sensor detects each anonymous End-Node Browser Signature where an impression or performance advertisement has occurred, and queries the ACA Datastore for known fraudulent Browser End-Node Signatures.  When an Ad Impression or Performance activity takes place, a request to a web service includes a line identifying the End-Node Browser Signature making the request.  This essential part of the ACA process allows ACA to detect fraudulent behaviour at the Browser level, combining this knowledge with fraudulent Impression and Performance Ad activities at the Domain level resulting in highly accurate, predictive, and trustworthy Ad Fraud Detection, Security, and Compliance.

2.2.6 Sensor Data Points Collected

The ACA requires that the Customer deploy a tag into their advertisements that obtains, among other data, the following data telemetry from each ad impression and performance action:

•      Total Campaign Impressions

•      Time the Impression was present in the End-Node Browser

•      Cookie ID that is either present or that the Sensor drops

•      Binary indication of Impression cookie status and Impression type derived from the asynchronous query of the Datastore containing violating Domains

•      Binary indication that the Advertisement is in an iFrame

•      Absolute Domain of URLs identified in the iFrame tags <iframe> where Advertisement rendered

•      Absolute Domain of URLs in <img scr> tags that include obfuscated Script Tags <script> (Identifies the Ad Networks/Exchanges involved in serving the Advertisement)

•      Absolute Domain of URLs in <script> tags (Identifies Ad Networks/Exchanges involved in serving the Advertisement)

•      Advertisement Customer and Campaign IDs

•      Absolute Domain of the Domain of Origin of the iFrame or the Domain of the HTML page if Advertisement is not in an iFrame

•      URL of the Domain of Origin of the iFrame or the Domain of the HTML page if Advertisement is not in an iFrame

•      Width/Height of Advertisement and Width/Height of iFrame

•      Referring Domain and Absolute Domain prior to Ad Impression of the Referrer

•      List iFrames of Domains (hidden iFrames) in entire Ad delivery chain

•      Absolute Domain of where the Ad is presented and served from

•      URL where the Ad is served

•      Browser IP being served Ad

•      Client Browser User Agent

•      Language of Browser

•      End-Node Browser language, cookie and cookie parsed

•      End-Node City, Region, Country, Latitude, Longitude

•      Time of Mouse cursor hovered over the Ad

•      Clicks by the Mouse cursor on the Ad

•      Mouse position and Timing in the Browser

•      Token generated by Beacon

•      Time the ad was present on the End-Node Browser

2.2.7 Predictive Modeling

The ACA Datastore currently holds over two (2) million fraudulent Absolute Domains and over fifty (50) million fraudulent End-node Browser Signatures. Using this historical knowledge gathered from the ACA Sensor data, and combined with our ACA API data, we is able to predict and extrapolate future fraudulent Absolute Domains and End-Node Browser Signatures.  When an ACA API call is made by the Ad Network/Exchange pre-bid and the Absolute Domain is being Requested for the first time, our predictive models provide an intelligent Response whether or not to allow the Impression be displayed on the Requested Domain.  Fraudulent behaviour, when analyzed at a granular level can therefore be predicted and successfully eradicated before it even occurs (see Data Reporting / Analysis below).

2.2.8 Supported Ad Formats / Models

The ACA Sensor ad tag can accurately measure the above metrics on virtually all display ad units (Impression-based CPM/CPV) including Flash, HTML5, Image, Static, Video, Mobile, In-App, In-Game, and In-Stream/Pre-Roll Video Ads.  For Video Ads, the ACA would integrate the Tag process into the Video Ad Server and measure all Video Advertising Telemetry once implemented.  The ACA also supports the tracking of Performance-based Advertisement (CPC/CPL) models.

2.2.9 Supported Browsers

The ACA has been tested in a full suite of Browser compatibilities in order to accurately measure all Ad Impressions and Performance activities that take place through implementation of the ACA API and ACA Sensor.  Currently we support all major browsers on the Windows and Mac operating systems including Chrome, Firefox, IE, Opera and Safari.

2.2.10 Cookies

The ACA does not implement or drop cookies on any End-Node Browsers where the Ad Impression or Performance transaction takes place. We respect privacy.

2.2.11 Mobile Devices

Deployment of the ACA allows for tracking of Ad Impressions and Performance transactions on any mobile device (Smartphone or Tablet). The ACA is able to recognize the device type where the Ad Impression and Performance metric was rendered and provides complete Ad tracking on any mobile device (Apple or Android OS). This includes In-App Mobile Ad Impressions and Performance transactions.

2.2.12 Social Media

The ACA service is applicable to Social Media, including major global sites (Facebook, Google+, etc.), blogs (i.e. Blogger, Webpress ,etc.) and User Generated Sites (i.e. YouTube, DailyMotion,etc.).  By deploying the ACA Sensor, wherever an Ad Impression or Performance-based Ad is published, the ACA is able to track, compile and analyse all Social Media ads being displayed.

 

2.3 Data Compliance / Audit

All pre-bid ACA API Requests and Responses are tracked and placed in the ACA Datastore. With this intelligence, and in combination with the ACA Sensor measurements received from Ad Impressions and Performance-based metrics, we are able to make quantitative comparisons between the Absolute Domains of the API Requests, our API Responses to those Requests, and the Absolute Domains where the actual Ad Impression or Performance transaction occurs.  In addition, our continuous ingress of End-Node Browser intelligence into our Datastore is also analysed against our current known End-Node Browser fraud offenders. This 360 degree holistic approach provides unprecedented Data Integrity and Data Compliance across the entire global digital advertising ecosystem.

 

2.3.1 Advertising Compliance / Audit

Much has been reported on widespread fraud in the Digital Advertising industry. Until now there has been No Reliable, Third Party, Institutionalized Audit Tools available to Advertisers. Today, Agencies and Advertisers receive Monthly Reports and Invoices from Ad Networks/Exchanges informing them of Real-time Events, Conversions, Attribution, Audience Demographics, Geo-location, Technology used, and Online Customer Behaviour to name a few reporting metrics.  However, Ad Networks/Exchanges do not provide any specific information about the Absolute Domain where the Ad Impression or Performance transaction took place, and the specific End-Node Browser which produced the Ad Impression or Performance transaction. The ACA assists your Financial, Legal, and/or Marketing teams in retrieving your historical Ad Impression and Performance metrics from Ad Networks/Exchanges and audits your Digital Advertising Campaigns using both Real-time and Historical methods.

2.3.2 Real-time Advertising Audit

By connecting to the ACA API and deploying the ACA Sensor across global Ad Campaigns, the ACA provides a de-facto Real-time Audit of a Client’s Digital Ad Spend.  We proactively audit your Ad Impressions and Performance transactions using our proprietary technology, intelligence, and predictive models in order to stop Ad Fraud in advance of any Ad presentation in the Browser. This ability to Pre-empt Ad Fraud before it happens is a Legal team’s best friend: Suppression of Fraudulent Ad Impressions and Performance activities in advance of their occurrence eliminates costly Litigation and Dispute Resolution cases.

2.4.2 Historical Ad Audit

Ad Fraud is not a recent activity. The ACA provides the ability to recover the past 3 to 5 years of Ad Fraud based on analyzing and auditing actual Historical Advertising Spend. We recover your fraud related expenditures, learn from past mistakes, and support your discussions with Ad Networks/Exchanges to receive financial rebates. There is an absolute path to determine what domains you were being invoiced for over a specified period. All of these Domains or Publishers are on the Payroll of the Ad Networks/Exchanges. A retrospective Audit of your Digital Advertising Expenditures will enable you to Evaluate Performance of and Recapture Value from Ad Networks/Exchanges by looking at your Ad Impression and Performance Transactions.

3.0 Reporting / Analysis

The ACA uses a custom-built Business Intelligence Platform, providing elastic ingest, data fusion, search and discovery, system monitoring, data management, data privacy, geospatial analytics, security framework, data visualization, and advanced analytics capabilities to process the ACA API and ACA Sensor data measurement sources and to transform Ad Fraud Defined Data Models facilitating high-level Quantitative Ad Fraud Analytics, Intelligence, and Prediction. The solution provides Thin Client Query and Search and Government-Grade Security Infrastructure with Role and User-Based Access Control. All collected ACA API and Sensor transactions are tracked to a unique combination of these parameters allowing for multi-level (Domain, Browser, Ad, etc.) data aggregation. Dashboards are then customized with proper mappings to reflect the collected data.

 

3.1 Advanced Analytics

The ACA Module Analytics is relational and probabilistic. Relational focuses on Ad Fraud, rather than examining single Ad Fraud variables or characteristics. This focus on relationships makes ACA analytics uniquely useful for identifying Ad Fraud patterns within and between variables, as well as observations that do not fit these patterns (i.e. outliers). Identifying patterns which are pervasive and represent smooth qualities of data, as well as those that do not fit smooth patterns, analytics can serve as a data reduction tool, turning petabytes of Ad Impression and Performance data into short lists of important Ad Fraud observations and/or attributes.  ACA Analytics is also probabilistic, in that the relationships it identifies between and among variables hold on average, but do not necessarily hold for every individual observation. This allows for Predictions to be made for observations with missing data, as well as forecasts into the future. The probabilistic nature of analytics allows for the quantification of uncertainty (i.e. Predicting Fraudulent Domains and End-Node Browser Signatures).

3.2 Petascale Indexing

The ACA back-end provides a converged and integrated NoSQL Data Fusion and Analytics platform and has data processing capabilities unrivaled by competitors in the Digital Ad Metrics Industry.  Our system is capable of reaching performance indexing in excess of one petaflops (i.e. one quadrillion floating point operations per second).  This allows for Real-time ingesting of Billions of Ad Data Points gathered from ACA API and ACA Sensor deployments providing Petabyte-scale Storage and Processing capabilities, securing High-speed Data Access, and provides Immediate Ad Fraud insight. 

3.3 Data Anomalies

Built on the NoSQL Hadoop Framework supporting petabyte-scale storage and processing capabilities, all incoming data is grouped and stored by day, allowing the client to run reports and access the data in a historical fashion with highly granular Ad Impression and Performance visualizations.  The ACA tracks Activity based behaviours to Identify Anomalies within its massive Datastore, including Multiple Sequential Activities where we detect if there are Multiple Activities in a short period of time for a Single User such as Impressions or Clicks; Outlier Activities, where we Identify Users with the Highest Frequency of Activity among other Users on a given Publisher Page; and Interaction Intervals, where we Detect Users with consistent Intervals between Interactions on a Publisher Page.

3.4 Terascale Geospatial Indexing

One important and now-standard feature of any Dashboard is reporting ACA API and Sensor metrics based on the Geospatial attributes of the End-Node Browser IP and Signature, which provides the geographic location of the User. The ACA Dashboards have fully visualized Terabyte-scale Geospatial Indexing abilities of City, State, Country, Zip Code, and Latitude and Longitude coordinates for precise Reporting and Analysis of global Advertising Campaigns and its Fraud.

 

3.5 Multi-Lingual Support

Each Reporting Dashboard has Multi-lingual capabilities and can be deployed to Customers around the world depending on their language requirements, regional differences and technical requirements.  The platform is fully UTF-8 compliant and configurable to meet the needs of Corporate staff globally.

 

3.7 Cloud Security Architecture

The ACA has made Secure and Complex Data Mining Architectures a staple for the Digital Ad Industry and its Analysts. We architect Cloud-based Computing Models that enable convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

3.8 Role-Based Access Controls

Our Reporting Dashboard uses Role-Based Access Controls (RBACs ) as an approach to restricting system access to authorized users, or also referred to as role-based security. C-Level vs. Director level vs. Staff level views of the data can be developed and deployed for more efficient provisioning, and more efficient access control policy administration. Each User of the Dashboard will be given access to only the data that they are supposed to see.

3.9 Data Convergence

The ACA Reporting Dashboard has the ability to ingest additional Enterprise Data across the entire organization’s Customer touch-points, including Retail POS, e-Commerce, TV, Mobile, and Customer Relationship Management (CRM) systems for a fully integrated convergence and view of marketing data. This ability to fuse disparate data sources quickly and easily into one Business Intelligence Platform provides additional value for our customers who require robust Analytics for evaluating the strength of relationships between all the Enterprise’s Customer-centric characteristics.

 

4.0 Service Limitations

The capture of Digital Ad Fraud is not without specific service limitations, which are generally a technical function of the User’s Browser configurations and preferences.  The total percentage of Ad Impressions or Performance transactions effected by these limitations is negligible, and will not have a negative impact on the overall data values or campaign measurements.

4.1 Domain Blocking

Some User Browsers have installed domain blocking software, Toolbars or Ad Blockers which block content based on the Domain where the content is being requested. The ACA cannot stop these Blocking techniques to prevent communication with the ACA servers, and in some situations, our Ad Tag will not be able to load properly on the Publisher Page and thus stop us from capturing Ad Impressions and Performance actions.

4.2 Secure Tag Delivery

In some cases, delivery of the ACA Ad Tag to a Publisher Page may be blocked or tampered with technically.  There will be no Sensor data sent to the ACA Datastore in this case, and no record of any Ad Impression or Performance metric.  Although we cannot directly combat this issue at the Browser level, we do have knowledge of the ACA API Request and Response given prior the Ad Tag being blocked or technically changed.  Based on analyzing this anomaly in the data, we are able to look at methods to ensure the security and technical integrity of our Ad Tags in the future.

4.3 JavaScript and Flash

The User’s Browser must have enabled JavaScript in order for the ACA Ad Tag to perform necessary Ad Fraud measurements and collect analytics.  If the JavaScript is disabled, the Ad Tag itself will not execute, resulting in no call made to the ACA’s servers. The ACA is not able to capture events in this instance. In addition, in some cases the ACA utilizes other technology to aid JavaScript with measuring Ad Fraud metrics, so if a User’s Browser lacks installation of this technology, the result will be unmeasured Ad Impressions and Performance metrics. Ad Impressions and Performance actions will be reported to the Client, however, they will be excluded from the overall analysis and measurement calculations.

4.4 Browser Resources 

Unfortunately, Browser technological advances have not always kept up with those advancements in multimedia formats or platforms (such as the use of Flash).  These insufficient browser resources including such memory and processing power, reduce the ACA’s ability retrieve Ad Impression and Performance metrics and is increased in situations where the User’s device is significantly underpowered to render multimedia objects.

4.5 Cache Busting

The ACA implements standard cache busting techniques by affixing a cache-control function into the Ad Tag. All of our API methods also utilize cache-control to prevent caching. While these techniques eliminate most caching, it is not guaranteed to be 100% reliable.

4.6 Ad Viewability

The ACA does not provide standard ad unit viewability measurements using its technology at this time.  However, the ACA does employ certain technology, not entirely familiar to the digital advertising community, that is useful in determining viewability metrics. 

5.0 Data Policies

We follow strict policies regarding the retention of information for operational use, while ensuring adherence to the laws and regulations concerning them. In addition, we adhere to data confidentiality agreements and provide full-transparency into any data policy or service change that takes place.

5.1 Data Retention

We keep Client data available online for the length of the Client relationship, and can be accessed via the Dashboard or the APIs. We work closely with each Client to follow their Data Retention policies and are able to adapt to their set of guidelines that describes which important information to be kept for future use or reference, organize information so it can be searched and accessed at a later date and dispose of information that is no longer needed as per the Client Request.

5.2 Data Confidentiality

Our Company signs Data Confidentiality agreements with each of its Clients. Unless it’s otherwise specified in the agreement, we will not share any data with any other Clients without prior written permission to do so.

5.3 Data Security / Integrity

The ACA framework has been deployed using IPSEC and other government-grade IT security technologies to ensure full-scale data security and integrity of our Client’s data. Our Reporting platform and technology has been deployed by the U.S. DoD, NSA, and other government agencies and in military installations.

5.3 ACA Service Changes

The Company will provide written notification to the Client regarding any change to the ACA service including it’s methodology, technology, and capabilities which may affect the deployment of the ACA API and Sensor, including all metrics and their Analysis, Audit and Reporting.

6.0 ACA Contributors

Technical Assurance, Audit and Business Optimization

Success in our data driven economy is as much about learning and using what you don’t know as it is about acting on what you do know. Businesses need the clarity that comes from an organizational capability to leverage data in many forms, from many places, through many methods and for a variety of purposes – all at the right time and in the right situation.

Digital Advertising Policy Management and Sensor Network Infrastructure

Since 2009, Excelaca Corp. has provided market-leading managed services for brand protection, advertising campaign fraud detection, copyright infringement search, DMCA takedown submission, management and tracking. Having pioneered copyright infringement search and search noticing, Excelaca's services are being adopted by some of the world's most recognized companies.

• Home