Industry Insights

The 2022 Publisher Ad Security Checklist

Post by
Kate Reinmiller
The 2022 Publisher Ad Security Checklist

The ad ecosystem is like the wild west. Not only are there fraudsters lurking around every corner of the internet, waiting to pounce at the smallest gaps in your systems, legitimate advertisers and publishers are leaving themselves and their partners exposed to consequences due to non-compliance.

With many options to consider, it can be overwhelming for publishers to find the right solution. Especially when vendors are trying their hardest to convince you they’re the best solution since sliced bread in their determination to increase their own bottom line. So, who’s right?

We’ve put together this guide that provides the groundwork for finding a comprehensive solution that protects your brand, customers, stakeholders and revenue opportunities.

Use this guide to evaluate whether ad quality solutions truly live up to their marketing, or the SDR you’ve been chatting too is a bit overzealous. Don’t be left with a less than perfect tool that could cost you heavily, not only in revenue, but also in reputation and relationships.

Why is finding the right tool important?

As every publisher knows, it’s far more than impressions that drive your bottom line. Time is money, and time spent fighting malicious ads and fixing compliance issues is time taken away from other critical business tasks.

But not only that, your relationship with ad partners and your audience is essential to operating at peak performance. Are there certain ad categories that you don’t want displayed on your site, because they could damage those relationships? What happens if your solution fails to protect you from situations like this?

Finding an all-encompassing solution will help you generate more revenue, maintain brand safety, increase efficiency, and maintain and improve relationships with partners and audiences.

Your solution checklist

We’ve broken this checklist into five sections, so you can quickly, easily, and effectively evaluate potential solutions. We’ve covered all the essential features and functions you should consider when implementing a new tool to tackle the bad ad battleground.I have t

So, what should you look out for when it comes to features, capabilities, user experience, and results?

1. Security features

There is no one-size-fits-all feature in the fight against ad fraud. Instead, you have to combine multiple strategies to attack the problem from all sides and layer protection for when a new threat, inevitably, slips through the net. Because of this, there are some must-have features.

Here are four components to look out for when it comes to security and ad blocking, which will identify, assess, and analyze threats with maximum impact and insight.

Real-time blocking script

Arguably the best way to integrate a blocking script into your configuration, because it provides more inventory coverage compared to DIY solutions or pre-bid only plugins. You can also see exactly what loads on the page when using Javascript code in the page header or directly into the ad slot via a wrapper.

The caveat to making this a great solution is to ensure that the on-page code is flexible enough to cover inventory delivered through GAM, as well as native units and widgets. A tool is only as strong as its weakest link, and you need to block any holes where problems can leak through.

Real-time blocklist

Blocklists are crucial to ad quality because they allow solutions to block known threats in real-time. They are also flexible enough to account for category and other attribute blocks. Without a cached blocklist, solutions must run resource-heavy processes for each impression that slow down your pages. Talk with your service provider about how customizable, scalable and fast their blocklist search capabilities are.

Dynamic threat analysis

There are however, some benefits to running a real-time secondary analysis to look for new threats and stop bad code from executing.dynamic threat analysis loads and executes scripts in a protected environment on a subset of impressions to catch new patterns in the wild   Threat-analysis often can’t “see” inside cross-domain iframes, which means it can’t be used on it’s own for complete coverage.

The most secure option is to combine the blocklist with real-time threat analysis.

Ecosystem exposure

The more data your solution has access to, the better security they can provide. The ad ecosystem is bigger than most realize, and tools exposed to more impressions (preferably billions per day) are better equipped to assess new threats from this additional coverage. Ask your provider about how they leverage their existing footprint to feed ML learning models to decrease detection speeds of future threats.

2. Quality assurance features

So now that you're doing everything you can to stop malicious ads and fraudsters from causing you problems, you need to focus on the next step, ensuring that other types of bad ads don’t reach the page, ensuring that monetization is preserved and adding additional features that help drive more revenue.

Coverage for categories, custom blocks, and unwanted formats

Unwanted ads go far beyond malware. Whether you’re an e-commerce publisher that needs to stop competitors from running ads on your site, an educational site that can’t show mature ads to a younger audience or someone that wants to ensure in-banner video doesn’t run, your ad quality solution needs to block these ads on your behalf. Specifically, ensuring that you have controls to block at the category level, custom level (blocks specific to your audience, and ad format level will be critical to the success of your AQ implementation.

Flexible ad replacement options

You've dealt with a bad ad, but what then? Leaving a blank space, or filling it with an in-house ad, doesn't drive revenue. But a solution with flexible ad replacement capabilities will block malicious content and replace it so your revenue doesn't take a hit. Some solutions block only the malicious code—be weary of this. Malicious code is often found within a cross-domain frame. If that’s the case, the entire ad may be blocked with no revenue recovery. Your best options are to refresh the slot, re-run an auction or get the next highest bidder. Beyond malware, there are many other types of bad ads.

Heavy Ad Intervention and Blank Ad Refresh

Heavy ads are resource-intensive ads. They can range from malicious ads to genuine content with performance issues or non-optimized content. To tackle this, Chrome has implemented an intervention that limits the resources a display ad can use before serving on the page. Solutions need to ensure that ads blocked by chrome, or are showing up as blank, get replaced with monetized, user-friendly creative to maintain a positive experience for the end user.

Site scanning

In addition to blocking, having site scanning live on your site provides additional, granular insight into ads as they are delivered to the site. Site scanning samples ads looking for ads that cause latency, leak data or lead to CRPA/GDPR privacy violations.

3. Experience

The right solution isn’t just about blocking ads, or even refreshing content to avoid revenue loss. The right solution seamlessly integrates into your everyday operations and supports your teams to do their jobs more efficiently and to a higher standard.

Make sure you have access to:

Easy to use UI

Your team doesn't have the time to learn complicated new systems, wait for lengthy reports to generate before you can make business decisions, or amend and fix campaigns in a complex UI. The point of bringing new tools into your stack is to make your business more efficient.

Meaningful analytics

Being data-driven is essential in today’s fast-paced world, and having the right data is the key to making that happen. Quality is better than quantity, and being blinded by vanity metrics or supplied with 15 page reports is not useful. Meaningful analytics get to the point and get you there quicker.

Responsiveness of the team

When ad revenue generated is a result of real-time activities, you don’t have the luxury of time when you run into a problem. No solution is foolproof and new threats will rear their ugly head. You want a responsive partner that provides best-in-class customer service and has the capability to support you whenever you need it.

4. Integration

Now that you’ve taken a 360-degree look at potential solutions, you’ll likely have a short list of top contenders. The next step is to look at how these tools interact with the rest of your tech stack. The right tool should blend seamlessly into your operations to prevent adding problems to your already busy workloads.

Here are three functions to look out for:

A seamless process to add blocking script

As mentioned above, blocking scripts are critical for stopping fraudsters in their track. But without a seamless integration, you’re left vulnerable to malicious scripts and bad ads sneaking into your systems.

No interference by on-page code

Integrations should help, not hinder, and their benefit shouldn’t be a trade off for losing efficiency somewhere else. Get confirmation that on-page code doesn't impact key site metrics like viewability, latency, impressions per session, and other 3rd party reports.

Clear communication on product updates

Staying up to date with the most recent software updates, new features, and changes means you’re protecting your brand and bottom line, but staying on top of this isn’t 100% your job. This shouldn’t be a ‘plug-in and never hear from your partner again’ solution - they should check in regularly to offer insights and best practices so you get the most out of the product.

5. Effectiveness

Arguably the most important part of evaluating a solution is its effectiveness. That’s the reason we add tools to our tech stack in the first place, so make sure you’re assessing your results.

Success is a relative term, so ensure you lay out the metrics before implementing the solution, so you can evaluate with ease and clarity.

Here are some of the things you should be seeing after implementing a comprehensive solution:

  • Elimination of complaints
  • Minimal false-positives
  • Improved communications with SSPs and less ops time spent addressing malware
  • Effective prevention of emerging threats
  • Additional tools to report ads that are more subjective (Report ad or Chrome Extension)
  • No impact on latency
  • Positive impact on monetization

Ad Lightning checks all the boxes for a comprehensive Ad Security and Quality Solution

We may be biased, but we can hand on heart say that Ad Lightning is the only solution that gives you the essential security and quality assurance features with the powerful integration capabilities and quality experience you deserve.

Our technology stops ad fraud in its tracks without creating latency that diminishes your impressions and hits you where it hurts—your revenue.

As your ad security and quality partner in (fighting) crime, we keep our customers apprised of new features and techniques to protect you and your customers from fraudsters.