Why I Don't Offer Certification or Accreditation
Over the years, I have been asked by both supporters and detractors whether I offer accreditation or certification for ad fraud detective work -- "Can I get certified by you so my clients know I know what I am doing?" or "If you're so good at ad fraud, why don't YOU accredit the MRC then?" respectively.
Of course, I have thought about both of the above, but I don't offer certifications or accreditations for a few reasons. Let me explain.
Certifications and accreditations are binary - you are either certified or not, accredited or not. Even the best accreditations are just like passing the driver's test and getting your driver's license. You passed -- but that doesn't mean you're good at parallel parking, driving safely, or even driving. You may not feel comfortable driving or even like driving.
"It's just like passing the driving test"
And just like the driver's test, certifications rely on a finite set of questions, created and standardized at some point in time. The nature of ad fraud, and all other forms of fraud, is fluid. Fraud constantly adapts to standards, guidelines, and rules and gets around all of these with aplomb. Those standards, guidelines, and rules are all catching up to the bad guys. This is why we have the expression "the laws have not caught up yet." Indeed.
Standards, while useful, also have the unintended consequence of giving the bad guys the permanent advantage. It gives them goal posts to shoot for. For example, the viewability standard provides that a display ad that has 50% of its pixels in view for 1 second and a video ad that has 50% of its pixels in view for 2 seconds shall be deemed viewable. Bad guys thus know exactly how to code their bots to hit that target precisely to sell 100% viewable impressions 100% of the time - so they are making money 100% of the time.
The good guys, on the other hand, don't even know what they don't know. They don't know what to look for and where to look for it. That's why most fraud remains hidden for long periods of time, before they are discovered. Some frauds get so big they fall apart on their own - think Enron, Madoff, Valeant, Theranos, etc. The parallel from cybersecurity is "zero-days" -- exploits that have existed all along; but had not been discovered until day zero. This is the asymmetric war we must fight every day.
"paid-for certifications always beg the question 'pay to play'?"
Finally, accreditations and certifications that are paid for always beg the question did they get accredited because they are actually good or because they paid the fee. Of course this is a very sad and pessimistic state of affairs but the question must still be asked. If history is a guide, all of those junk bonds that Moody's and other ratings agencies rated highly were still just junk. The fake positive ratings caused more investors to get ripped off because they thought those junk bonds were safe to buy. We're not even mentioning the certifications that devolved into permanent "pay to play schemes" because "making money" was prioritized ahead of "doing the right thing."
Do you trust the certifiers? The following simple example illustrates the conundrum beautifully. You've never heard of a site called custom-cursor[.]com. But on the front page it says some other party that you may or may not have heard of "guarantees" it is safe and can be "installed with no concern by any computer user." Would you now trust the first site? Would you trust the validator that told you to trust the first site? I hope not. And I hope you see why 3rd party, black box accreditations are also not sufficient.
never trust, always verify
never trust someone else to verify
if you can't verify for yourself, never trust
The same applies to those offering paid-for "certifications" in the ad tech space - like TAG (stands for "Trustworthy Accountability Group"). First question to ask of a party that calls themselves "trustworthy" is "are they actually trustworthy?" Why would you trust them?
Consider that TAG has:
1) no technology (to collect data),
2) no data (to analyze for fraud),
3) no truth set (to tell what is fraud or not fraud, and
4) no experience looking at analytics to know if a "certified" vendor is lying to them in their self-attested paperwork, and still committing fraud under their nose.
Further reading:
https://www.slideshare.net/augustinefou/an-analysis-of-tag-certified-against-fraud-program-177731648
https://www.theregister.co.uk/2019/09/30/tag_ad_fraud/
So, no.
I don't and won't offer certifications or accreditations even if someone offered large sums of money to me.
But is that the end? No.
A more appropriate concept than accreditation or certification is a system like karate belts -- from white belt for beginners to black belt for advanced practitioners. This better represents the levels of skill and experience, earned over time, that binary certifications -- certified or not -- do not. The skill of detecting fraud using data and analytics increases with practice. Some people are faster learners than others, but there is no substitute for hard work and daily practice. Furthermore, fraud evolves. New threats and exploits are discovered only when one has looked at enough data to know what makes sense (is not fraud) and what looks like an outlier (must be studied more). The tenacity to dig deeper is what is required to actually find fraud.
For those digital marketing, media, and analytics practitioners who would like to know what color belt they are, please reach out. I'd love to talk with you, hear your experiences, and learn from you too.
In the meantime, practitioners who want to learn on their own may find the following playbooks and case studies useful:
B2C (Brand) Marketers' Anti Ad-Fraud Playbook
https://www.slideshare.net/augustinefou/b2c-marketers-anti-adfraud-playbook
B2B (Performance) Marketers' Anti Ad-fraud playbook
https://www.slideshare.net/augustinefou/b2b-marketers-anti-adfraud-playbook
Marketers' Playbook Questions to Ask Verification Vendors
https://www.slideshare.net/augustinefou/marketers-playbook-questions-to-ask-verification-vendors
How Brands are Solving Ad Fraud Themselves
https://www.slideshare.net/augustinefou/how-brands-are-solving-ad-fraud-themselves
How Two Small Businesses Beat Ad Fraud
https://www.dhirubhai.net/pulse/how-two-small-businesses-beat-ad-fraud-dr-augustine-fou-?
Bonus Content: If you got this far, I'll also share why my technology is not MRC accredited or TAG "certified." For many of the reasons above -- for example they don't have their own technology, they don't have data, and they don't have the expertise to verify the accuracy of the measurement. But the key reason is that my tech is not black box. I show clients the supporting data, summarized in a usable format, so they can understand why something is labeled as fraud or not fraud. The raw logs and data is also available if they want to have their own data science teams do further analysis. The other black box detection tech needs someone else to say that they are accredited or certified, because their customers can't check for themselves. My tech is not black box, so I don't need someone else to label it (or pay money for someone else to label it as certified when they are not even qualified to do so).
Note that I have gone through the entire gruesome MRC accreditation process. And I can confirm they meticulously review every single line in the spreadsheet to confirm we are measuring what we said we would measure. But that is different than knowing and accrediting whether the measurement of fraud is correct or not. And they had additional questions about data handling, data governance, privacy and compliance, which are useful.
"see fou yourself"
two write-ups about FouAnalytics
https://www.dhirubhai.net/pulse/fouanalytics-alternative-google-analytics-fraud/
https://www.dhirubhai.net/pulse/does-your-analytics-platform-have-cybersecurity-dr-augustine-fou-/
2 decks -- what it is with screen shots; how marketers use it
https://www.slideshare.net/augustinefou/how-to-use-fouanalytics-for-marketers
How we use entropy analysis in fraud detection
?
About Me: “I consult for advertisers and publishers who actually want to know the truth and who have the courage to do something when they find ad fraud. I am not a fraud detection tech company that relies on fraud to continue. I show my clients the supporting data so they can understand and verify for themselves what is fraud and what is not fraud. If they agree, they can take the necessary actions to eliminate the fraud while campaigns are still running, rather than post-mortem fraud reports and trying to get their money back.”
Follow me here on LinkedIn (click) and on Twitter @acfou (click)
Further reading: https://www.slideshare.net/augustinefou/presentations
Proven SEO results $41 - 216K in 10 months | Top SERP rank for keywords 1 month | 8 Top keywords in 4 months - results differ by case
3 年Your approach to the belts is a good one and makes perfect sense. It allows publishers an opportunity to continually work on their quality to get those belts. I never got my black belt in Karate. Hopefully, I can still get my black belt with Fou Analytics
I Help CEOs build ‘CRO-Ready’ organizations and arm CROs to succeed // Founder of The CRO Collective / Zenna Consulting Group
4 年Fighting the good fight, Dr. Augustine Fou -
I Help CEOs build ‘CRO-Ready’ organizations and arm CROs to succeed // Founder of The CRO Collective / Zenna Consulting Group
5 年Always great stuff from you, Dr. Augustine Fou. ?Appreciate your integrity and diligence. ?I agree whole heartedly that these certification organizations are mostly a racket. Once a tech is blessed with an MRC accreditation the spigot opens and agencies breathe a sigh of relief - with little to know understanding of what a true certification process means. Its just a trusted badge. ?I know the MRC folks and they are wonderful people doing a great thing for the industry - however any tire-kicking exercise that is conducted in a laboratory driven by pre-determined standards and criteria will always get a pass. Your drivers license is an excellent analogy. ?We all have the same license, but there are some really incredibly crappy drivers out there who are a menace to society. ?Having a truth set of data poses other issues as sample testing is very very limited (up very very very close a rhino can pass for an elephant). Fraudsters know this - and take advantage of these gaps every day faster than any test can detect them. ?
Ad-Fraud Investigator & Media Expert, member of Digital Forensic Research Lab cohort "Digital Sherlocks" - Adding some fun when asking unexpected questions you were not prepared to hear
5 年Try this: what marketers should ask 1. What is the benefit? 2. Which disadvantages could arise? 3. What happens if we wait and do nothing? 4. What empirical evidence is there to support the 1st and / or 2nd and / or 3rd? 5. Would you invest your own money as well? and on top What should I consider? What is relevant for me? Who should I believe and why? What's in it for me?
FouAnalytics - "see Fou yourself" with better analytics
5 年My poll on this on Twitter https://twitter.com/acfou/status/1204749983288827904?s=20