IVT Glossary

  • Abnormal browsing behavior:

    Easily detectable bots that refresh ads on your site multiple times or sophisticated bots emulating human behavior all come under abnormal browsing behavior.

  • Ad fraud:

    Activity that is deliberately preventing the proper delivery of ads to the right people at the right time.

  • Ad Injection:

    Ad injections is the process of secretly injecting ads on a publisher’s site without consent. Either the original ads are replaced altogether, or ads are stacked over the original display ads or placed on websites that otherwise never show ads.

  • Ad stacking:

    A single placement with more than one ad on top of each other, with only the top ad viewable. In such cases, the advertiser pays for all impressions regardless of whether the end-user is viewing the ad.

  • Ads.txt:

    Ads.txt was made to help the programmatic industry identify digital ad fraud by allowing publishers to integrate simple text files on its site to list the publishers authorized to auction off their inventory.

  • App installs fraud:

    If advertisers pay per install, fraudsters will find a way to fabricate the number of installations.

  • App name spoofing:

    Apps can submit fake app identifiers to the bidding platform, preventing ads from being detected by the platform and compromising brand safety and contextual targeting.

  • Auto Refresh:

    With auto-refresh, all ad inventory on the site can serve multiple ads within a single page view. Abnormal ad refreshes happen when scrolling, clicking on the screen or site search happens abnormally fast or multiple times.

  • Banner stuffing:

    Banner stuffing comes under pixel stuffing where multiple ads are stuffed in the same ad slot, but only one of those ads are viewable.

  • Bot traffic:

    Invalid traffic that mimics human activity or fakes users to inflate audience numbers.

  • Botnet:

    A botnet or bot network is a network of infected computers controlled by a single attacker that is infected with malware.

  • Bots:

    Bots are software applications carrying out automated tasks on the internet. They can be general or sophisticated. Good bots are search engine crawlers while bad bots are invalid traffic causing AdSense bans & revenue clawbacks.

  • Click Injection:

    Click Injection is another sophisticated form of click spam that uses apps on the user’s phone that listens to app installation broadcasts and then triggers clicks on conversions taking credits for all installs.

  • Click Spam:

    In click spam or click bombing, bots click on ads multiple times faking impressions, it’s obvious that real end users are not clicking on the ad in this case so Google categorizes this under click fraud activity.

  • Cloud hosting:

    The process of hosting devices in the cloud generating in-app impressions and displaying ads in apps that generate revenue for app developers.

  • Compliance Fraud:

    This type of fraud occurs when traffic is sourced from outside the advertiser’s target audience or is sourced through prohibited means. This is done by cybercriminals when they try to maximize their profits by misrepresenting cheap traffic as quality traffic.

  • Connected TV (CTV):

    CTV inventory (connected to the internet than a real television) drives higher-priced CPMs than most ads and cybercriminals gravitate toward them to maximize their profits with minimal effort. CTV ad fraud schemes have been costing publishers over $144 million a year.

  • Cookie stuffing:

    The act of adding cookies from a site that the consumer is not actually visiting in order to get more ROI’s from illegal actions.

  • Datacenter traffic:

    This type of traffic originates from data center servers with no actual user present. The proxy servers show traffic appearing to originate from data centers while still being delivered to human users.

  • Domain spoofing:

    Fraud involving the use of a company’s domain to impersonate the company so that low-quality inventory appears to be of premium quality.

  • Exclusion list:

    Blocking lists of known nefarious IPs, bad domains, or other parameters preventing ad serving from matching those parameters.

  • Fraudulent Impressions:

    Deception designed to manipulate legitimate ad serving and measurement processes or to create a fictitious activity that inflates actual counts. Fraudulent impressions are not viewable.

  • General Invalid Traffic (GIVT):

    Traffic that comes from known, non-human sources on publicly available IP lists. This fraud can be identified through routine means of filtration.

  • Hidden ad impressions:

    Ads that are hidden behind other ads or content, displayed within tiny iFrames (pixel stuffing). These impressions are served in a manner that stops end users from actually viewing them.

  • High-risk IP address:

    IP addresses that are malicious or illegitimate, as opposed to actual bots accessing your website.

  • Hijacked device:

    Attacker gets unauthorized access and takes control of your mobile device or desktop.

  • I-frames:

    I-frames are sections of a website in which ads are served from a third-party ad server, which is restricted to solely accessing the code of the page.

  • Incentivized browsing:

    Users may receive payment or benefits in exchange for viewing or interacting with ads or driving traffic to ad-supported websites.

  • Inclusion Lists:

    Inclusion lists identify and include only the sites where brands and advertisers want their ads to be displayed.

  • Interactive Advertising Bureau (IAB):

    An organization responsible for developing industry standards for the online advertising industry, conducting research, and obtaining legal support.

  • Invalid Impressions:

    Any impression that does not meet the quality or completeness criteria required by ad serving, or otherwise does not qualify as legitimate advertising impressions.

  • Invalid Traffic (IVT):

    Online traffic generated from machines or other bot activity that linger on your site and try interacting with digital ads.

  • Location fraud:

    When attackers provide false location information to allow ads to appear in different locations than the intended locations.

  • Machine Learning:

    The study of algorithms and statistical models that computers utilize instead of explicit instructions to perform a specific task. Invalid Traffic detection systems use machine learning to discover & stop ad fraud.

  • Malicious apps:

    Apps generating fraudulent impressions without the user’s awareness.

  • Obvious Invalid Traffic:

    Easily detectable bots that can’t pass through the RECAPTCHA on your site.

  • Open-source measurement SDK / OM SDK:

    OM SDK offers standardized code and libraries that facilitate third-party access to measurement data.

  • Pixel stuffing:

    Pixel Stuffing hides ads by serving two or more ads in a single 1 X 1 pixel frame.

  • Proxy traffic:

    Ads are routed through a device or network in which the ads are rendered by the user on their own device.

  • Real-Time Bidding (RTB):

    Real-time bidding is where ad inventory is auctioned, bought, and sold on an impression basis through auctions happening simultaneously in ad networks. Usually, the advertiser that bids the highest wins the inventory.

  • Retargeting fraud:

    Bots simulate human behavior to gain access to higher CPMs associated with retargeting. In this case, advertisers are fooled into believing they are getting valuable interested audiences.

  • SDK spoofing:

    In SDK spoofing, software development kits are hacked and advertising impressions are manipulated by mirroring real user behavior.

  • Software Development Kits (SDK):

    A collection of software development tools in a single installable package.

  • Sophisticated activity-based fraud detection:

    It uses analytical criteria that use traffic data with multiple sources of information or makes inferences from complex multi-data point assessments of the transaction set.

  • Sophisticated bot:

    A bot that is not listed in any known browser lists, or spider lists and can easily pass through RECAPTCHA code on your site, unlike general or obvious bots.

  • Sophisticated bot-driven Installs:

    Apps that appear legitimate are downloaded by unsuspecting users who run install bots in the background. These sophisticated bots mirror user behavior to install, launch, and engage with apps without the host knowing about it.

  • Sophisticated Invalid Traffic (SIVT):

    Non-human traffic that is more difficult to detect, requiring advanced analytics, multipoint corroboration/coordination, or invalid traffic detection tools to measure and block the same. SIVT includes hijacked devices, hijacked tags, malware, incentivized browsing, falsified viewable impressions, cookie stuffing, etc.

  • Traffic Cop:

    An industry-standard invalid traffic detection and mitigation tool that helps publishers steer clear from invalid traffic causing revenue loss and ad network bans.

  • Traffic sourcing/Sourced traffic:

    This is a method that publishers use to acquire visitors through third-party platforms.

  • Trustworthy Accountability Group (TAG):

    A joint industry initiative to combat malware, fight Internet piracy, eliminate fraudulent traffic, and promote transparency in the digital advertising supply chain. The initiative was formed by the IAB, the 4A’s, and the ANA.

  • User-agent spoofing:

    The act of changing a webpage header to obscure information about the browser being used, in order to obfuscate that information. This interferes with audience targeting & retargeting.

  • Vague Invalid Traffic:

    Sophisticated bots causing multiple ad setup policy violations like aggressive ad refreshes, ad stacking, ads that have loaded but aren’t actually viewable to the user, etc.

  • Viewable Ad Impressions:

    Generally, an impression is deemed a viewable impression if the ad appears in the viewable space of the browser window, when the browser tab is in focus, based on pre-established criteria like the ad pixels within the viewable space, and the time the ad appears in the viewable space of the browser.

  • Volunteer botnets:

    Computer networks whose processing power is used to steal data or impose a denial of service (DoS) attack for political or social reasons.