Despite the various advancements in the programmatic selling of ads, there still remain obstacles. Ad fraud and the lack of transparency in the supply chain have been major concerns that need to be addressed. Although this problem won’t disappear instantly, the industry has taken initiatives to create solutions to tackle these issues. One such solution released by the IAB is ads.cert. Let’s learn what it is and how it helps publishers and advertisers reduce ad fraud.
Table of Contents
- What is Ads.cert?
- Why is ads.cert needed?
- How does ads.cert work?
- Why is ads.cert not adopted yet?
- What’s next?
What is Ads.cert?
Ads.cert is IAB’s upgraded version of Ads.txt that uses cryptographically signed bid requests to authenticate your inventory and allows buyers to track the inventory’s path through the supply chain. This ensures buyers that they are only purchasing inventory from authorized publishers.
Why is ads.cert needed?
Ads.cert was released to complement the Ads.txt. Ads.txt is a widely adopted method that allows buyers to validate whether a seller is authorized to sell inventories on your behalf or not. While ads.txt provides a way to authenticate the involved parties, it does face some challenges. These include:
- DSPs or buyers could potentially ignore inventories because of a simple misspelling in the ads.txt file’.
- More than often, unknown third parties are being asked to add to your ads.txt files which can result in hampering your reputation in front of buyers.
- Ads.txt does not specify inventory type which can lead to duplicitous selling of repackaged inventory. Display inventory could theoretically be sold off as video inventory and wrongfully accrue higher CPMs.
By validating the supply chain at every stage, Ads.cert ensures that fraudsters are not able to manipulate your inventory. The data that advertisers can derive from ads.cert include:
- Ad type – Whether it is a display ad slot or a video ad slot.
- IP address – These can be cross-referenced against blocklists.
- Device type – Whether the user’s device is a tablet, smartphone, laptop, etc.
- Browser type – Whether the user’s browser is Chrome, Safari, Firefox, etc.
- The geographical location of the user.
- Position of the ad on the webpage. Whether it would be placed above the fold, below the fold, inline, etc.
“If someone adds information to the request, like viewability, they can add their signature to provide transparency and trust in the new variable. Since it allows every person in the supply chain to provide a signature, it encourages good behavior and a process to track bad behavior.”
– Chris Crawfurd, VP Sales & Product Strategy, Sovrn (Src)
In a nutshell, you need ads.cert because:
- It ensures brand safety and increases eCPM for your inventory.
- It provides you with a way to blacklist fraudulent middlemen and prevents unfair competition.
- It prevents the shady practice of arbitrage.
- It prevents IP fraud and domain fraud.
- It prevents device ID fraud
“Together, these technologies are a powerful combination in fighting fraud to allow buyers to check for authenticity and authorization of the sales channel.”
– IAB Tech Lab (Src)
How does ads.cert work?
- A publisher generates two keys – Public and Private. A Public key is secured but accessible by the partners that validate the bid request against the signatures. On the other hand, a Private key is secured and accessible for the partners that generate and sign the bid requests (e.g. SSPs)*.
- The SSPs attach an encrypted signature to the bid request and send it to the DSPs along with other details such as available ad impressions, publisher’s niche, domain, preferred language, etc.
- When the DSPs receive the bid request, they generate another signature for the same bid request. Now, the DSPs compare their signature with the signature sent by the SSPs to check whether the bid request is legit or not.
- If there is any alteration in the signed elements, the DSPs can identify it and reject the bid response.
Why is ads.cert not adopted yet?
When IAB launched ads.cert, it hoped that the solution would start gaining traction by the beginning of 2019. However, it still remains a solution that has been sidelined. One of the major reasons for the lack of adoption is that you can only implement it if your tech infrastructure has been upgraded to OpenRTB 3.0. It cannot run on OpenRTB 2.5 or older versions.
Ad fraud has been a big issue and advertisers are sick of seeing decent ad spend wasted on fraud. It has the potential to negatively impact advertisers, brands, and your ad revenue. The threat is real and the advertising industry is working hard to fight ad fraud through various methodologies.
Thanks to efforts like ads.txt and ads.cert, publishers can take one step in the right direction. But only time will tell how effective the adoption of ads.cert will be and how many publishers will join the bandwagon. Stay up to date with the latest updates from the ad-tech industry by signing up for weekly roundups.