Google: Click Fraud Is 0.02% Of Clicks

Mar 1, 2007 at 12:00am ET by Danny Sullivan

Finally, we have a click fraud rate from Google itself: less than 0.02 percent of all clicks slip past its filters and are caught after advertisers request reviews. That low figure is sure to bring out the critics who will disagree. Below, more about how Google comes up with the figure plus some click fraud fighting initiatives it plans to implement later this year.

Why release this figure now, when many have wanted it for literally years?

"We’ve been working to be more transparent and informative on the issues related to click fraud. Recently, this metric has been something advertisers have specifically asked for and we agree that is useful in describing the scope of the problem. Further, it is something we measure and use to monitor the performance of our click fraud detection systems," said Shuman Ghosemajumder, business product manager for trust & safety at Google.

To understand the figure more, I want to revisit some of the click fraud terms I explained back in December. The first term below is from Google itself. The rest are terms in common use, though people might define them differently. That’s why I’m providing my own definitions.

Invalid Clicks: This is a Google term. It means that of ALL the clicks Google ads generate, a percentage of these are deemed "invalid." These are clicks that Google makes no money from. It either never bills for invalid clicks or eventually issues a refund. Not all invalid clicks are necessarily fraudulent (such as in cases of quick double-clicks that aren’t billed).
Fraudulent Clicks: These are the percentage of clicks that an advertiser is charged for when the person (or bot) clicking is doing so to purposely cost the advertiser money or make money for themselves through an ad program.
Overall Click Fraud Rate: This is the number of fraudulent clicks as a percentage of ALL clicks that happen, regardless of whether Google issues a refund or doesn’t bill.
Detected Click Fraud Rate: This is the number of fraudulent clicks as a percentage of ALL clicks that happen where Google generates a refund after performing a requested or "reactive" investigation asked for by an advertiser. Google would call this the "reactively identified invalid click" rate.
Undetected Click Fraud Rate: This is the number of fraudulent clicks as a percentage of ALL clicks that happen where no refund has happened because neither Google or the advertiser spotted the fraud.

Google could have an extremely high overall click fraud rate, yet that’s not a problem if most of those clicks are detected and either never charged for or refunds issued promptly. When I talk about the Google "click fraud rate," I specifically mean the detected click fraud rate — clicks that got past Google’s own filtering systems and only were refunded after a manual investigation was requested.

As for the undetected click fraud rate — that’s impossible to know. There are clicks that might get past Google and advertisers both. Potentially, this could be a high percentage. However, if the detected rate is low, I tend to think the undetected rate is also low or near the same level.

Next, let me recap Google’s three step process for catching click fraud. You’re going to hear lots of people talking about this in relation to today’s news, so it’s helpful to review:

Proactive Filters: Google automatically watches for activity and throws out clicks without billing. These are the "invalid clicks" I mentioned earlier. This is a "proactive" filter in that Google does it proactively without being asked by the advertiser.
Proactive Offline Analysis: Google uses both automated and manual checks on clicks after billing, in particular clicks on websites using running AdSense For Content. This is also a proactive filter, done without being asked. It’s this work that causes advertisers to sometimes get credits out of the blue.
Reactive Investigations: This is where the advertiser comes to Google concerned about charges. Google says all queries from advertisers are investigated and that refunds are relatively rare.

Now let’s talk percentages. First, less than 10 percent of all clicks are deemed invalid — clicks that either are never charged for or where refunds are issued.

"The overall rate can fluctuate. We’ve said before that this is in the single digits and want to clarify that this means it’s from one to nine percent. It’s not zero, but these are lower bounds," Ghosemajumder said.

Sound too low? Ghosemajumder anticipates this, pointing out: "Even one percent of Google’s revenue is a significantly large amount of money, more than the actual click fraud settlement," referring to last year’s class action case.

What about the main mystery figure that I and others have been wanting — the detected click fraud rate, the percentage of clicks that got past all Google filters and would have cost advertisers money, had they not raised an alarm? The detected click fraud rate is less than 0.02 percent of all clicks. To use Google’s term, this is the rate for "reactively identified invalid clicks" – refunds given after advertisers asked for an investigation.

It’s low, and Google says it’s been getting lower all the time.

"Our system have gotten better and better at catching this stuff," Ghosemajumder said. "Not only is the percentage a small amount but percentage as revenue overall is smaller."

As I said, no doubt critics are going to be in disbelief, especially when you have recent reports like that from the Click Forensics’ Click Fraud Index of an average industry click fraud rate of 14.2 percent for last quarter.

Google’s answer — which is pretty compelling — is that some reports such the Click Fraud Index don’t take clicks that aren’t billed or refunded into account. In other words, clicks might be flagged as suspicious or fraudulent in the monitoring system, but there’s no reconciling to see if they actually resulted in a final charge.

Think of it as a credit card bill. Perhaps at the end of the month, you’ve got 500 charges. You’re concerned that some of those might be fraudulent, so you hire someone to comb through your bill. They flag all the suspicious items and declare you have a 15 percent fraud rate. However, they don’t see the part of the bill showing credits issued to you. If they had, some — maybe many — of those "fraudulent" charges resulted in refunds. That would lower the fraud rate.

It’s not an entirely accurate metaphor, but hopefully it gets the main point across. To know a click fraud rate, you have to know what clicks were and were not charged. Some auditing companies do this — looking at actually billed records, then combing through and raising those "reactive investigations" mentioned above. But talking about a "click fraud rate" without first removing clicks that were never charged for or refunded isn’t a useful figure.

It also gets more complicated. Ghosemajumder was adamant that it’s not just a case that Google says the slice of click fraud is smaller than what auditing firm may find. He says that the chunk of clicks that Google catches as invalid might be significantly different than the chunk of clicks an auditing firm considers suspicious, because of different tracking methods. For more on this, see Why Third-Party Click Fraud Estimates Don’t Add Up and Why Third-Party Click Fraud Estimates Don’t Add Up – Part 2 that he posted on his personal blog last year.

Google, of course, reports invalid clicks to advertisers through their advertising accounts. That started last July. Those individual reports could be much higher or lower than the average, and Google says there’s definitely variations between advertisers and advertisers in particular vertical market segments.

Going forward this year, Google plans four things it hopes will help combat click fraud and reassure advertisers more:

IP Filtering: Advertisers can block particular IP addresses that they think are fraudulent. When this happens, people coming from these IP addresses will not see ads.
Invalid Revenue & Enhanced Reporting: Advertisers will get more detailed information that currently provided.
Invalid Clicks Resource Center: Further guidance about filtering and click fraud questions will be added.
Standardized Inquiry Reporting: Google already has a reporting form for advertisers. But some advertisers want to provide even more information, logs, and other data. So Google says it will explore a more standardize way to take material in.

Agree or disagree with the newly released Google figure? Chime in with comments below! Also see related discussion now going on via Techmeme.

Danny Sullivan is editor-in-chief of Search Engine Land. He’s a widely cited authority on search engines and search marketing issues who has covered the space since 1996. Danny also oversees Search Engine Land’s SMX: Search Marketing Expo conference series, maintains a personal blog called Daggle and microblogs on Twitter as @dannysullivan.

See more articles by Danny Sullivan >

Share, Bookmark & Discuss This Article
More:

See more stories like this in the Members Library! Check out the Google: AdSense, Google: AdWords, Google: Legal, Legal: Clickfraud sections of the Members Library where this story is filed. Members also get access to exclusive video content, a members-only weekly & monthly newsletter, plus more. Check out all the benefits!

13 COMMENTS ON Google: Click Fraud Is 0.02% Of Clicks

Don Dodge, March 1st, 2007 at 10:16 am ET:

Danny, Are the click fraud rates for the Google search site only, or for all clicks through their advertising network?

I have always believed that Google, Yahoo, and Microsoft could control and filter click fraud on their own sites. It gets more difficult when you are trying to filter clicks that originate from advertising network sites. I may not be using the right term, but what I mean is a clicks from independent web sites that use Google to place ads on their site.

I am not surprised that Google has solved this problem, but I am surprised they were able to get it down to .02%. Did I read that right? I could certainly understand 2%, but .02% means they are catching 99.98% of all invalid clicks? Amazing!

Don Dodge

Danny Sullivan, March 1st, 2007 at 12:58 pm ET:

Rates are for the entire network, on Google and anywhere Google is showing ads.

exposureTim, March 1st, 2007 at 3:00 pm ET:

It also important to note that it’s possible there is a counter argument to Ghosemajumder’s opinion… It could be that Google is NOT better at tracking those invalid clicks than others.

In fact, I think Google could intentionally NOT be better than independent resources. It’s not really in the interest of Google to admit that they had charged you for invalid clicks nor to admit that the advertiser was quicker at catching their mistakes.

Once they claim that a questionable click is valid, it’d reflect poorly upon them to later have to admit that they were wrong, that their systems didn’t catch it even after the advertiser did.

They don’t want to be proven wrong so they self-fulfill their desired outcome even when presented evidence that is clear to the naked eye (let alone some algorithm).

Jakob Nielsen, March 1st, 2007 at 4:12 pm ET:

As I read the article, the 0.02% number refers to the number of fradulent clicks discovered through client-requested investigations divided by *all* the clicks on Google.

This doesn’t mean that 0.02% of clicks are fraud that was not discarded automatically. For that to be true, *all* clicks would have to go thorugh the manual investigation.

In other words, the percentage is calculated by using different scopes for the numerator and the denumerator. The type of classic math mistake one would not expect from Google.

The only valid percentage is the number of manually-discovered fraudulent clicks divided by the number of clicks in those campaigns that complained and were investigated.

Presumably, most campaigns don’t complain and thus are not investigated, meaning that they hide some additional clicks that would have been found through manual investigation.

Sean McCoy, March 1st, 2007 at 4:27 pm ET:

Google’s provided number is absolutely a slap in the face! Ask any of the service providers doing click fraud analysis or those who have high target key terms. We have reports of click fraud numbers from Google that are over 60 to 70% of the inbound traffic from both Google direct as well as their affiliates. If Google wants to come clean they should provide their advertisers with an itemized accounting of what they are charged. Every phone carrier on earth has a financial responsibility to provide a detail of who called you, who you called, and the duration of the call. In practice this issue is really no different but Google’s claim is that revealing this data would divulge some magical trade secret; complete rubbish.
The business model is inherently flawed and the problem won’t be resolved until Google has had time to offset their revenues by cleaning its conversion of fraud to high stock prices.

JoeDuck, March 1st, 2007 at 5:05 pm ET:

Danny *you* should get Google’s permission to run some tests that would help get to the bottom of the disagreements about this.

You’d be given “immunity” from Google and would open several new Adwords accounts under fake names and try to spoof the system, then publish the results.

About a year ago wasn’t somebody in SEO going to try some experiments where they would click on their own advertisements (ie defraud themselves and pay for it) and publish the results?

Jakob Nielsen, March 1st, 2007 at 5:21 pm ET:

A further thought: the true percentage should be derived by taking a random sample of campaigns, whether or not they have complained, and investigate them manually.

(Only investigating campaigns that complain might bias the sample, if you assume that some companies have the ability to estimate the extent of fradulent clicks in their campaigns.)

All of this, of course, assumes that the manual check is in fact capable of identifying the fraud. The way to check *that* is the method suggested by JoeDuck: to deliberately induce fraud for some sample campaigns and then see how much of that is identified by the investigators.

Toivo Lainevool, March 1st, 2007 at 6:17 pm ET:

I find the headline to this story very misleading. Google says nothing about the actual level of click fraud going on, they are simply reporting how many invalid click they are catching. The actual level of click fraud may be higher. I have more details on my blog post.

Steve Morsa, March 1st, 2007 at 10:18 pm ET:

The “funny” thing about this (though no one paying for the fraud is laughing), and really, all discussions anywhere concerning click fraud, is that, until such time as everyone–or at least most everyone–agrees just what constitutes “click fraud,” such discussions are largely academic…

Shona, March 2nd, 2007 at 5:02 am ET:

An average across Google’s entire click portfolio is perhaps slightly misleading. Certain industry sectors are undoubtedly going to be more likely to be hotbeds of click fraud (not least those with high CPCs), meanwhile other sectors with extremely high volume but low value clicks are arguably less attractive for fraudsters and will help bring the average right down.

Perhaps a % based on click revenue would be more interesting (and therefore most likely remain unpublished!)

CPCcurmudgeon, March 4th, 2007 at 9:25 pm ET:

I still don’t see how this constitutes proof that Google is detecting almost all of the click fraud that is out there. It does not at all address the situations I have been discussing for years now, where human clickers or botnets can generate clicks from a wide selection of IP addresses, user agents, language preferences, etc. — enough to make it look like ordinary traffic.

I am not the only one who feels this way. Noted Internet technical experts such as Bruce Schneier and Lauren Weinstein have made such commentary. As an aside, I still wonder why it has take so long for Google to even come out with rudimentary filtering, when the problem of fraudulent clicks has been known and documented for over a decade. Futhermore, anyone who has some experience with Internet protocols and architecture knows that traffic can be easily disguised and generated; look at the volume of (unflagged) spam, for example.

ClickHawk, March 5th, 2007 at 4:44 pm ET:

Jakob Nielsen’s comment above hits the nail on the head.

With regards to the 0.02% statement, many people interpreted the statement as “0.02% of total clicks are both fraudulent and not being detected and discounted..”. What was actually stated (as you know) is that the number of billed clicks reported to Google by advertisers and then found (by Google) to be invalid, is 0.02%.

Close examination of this statement brings us to the conclusion that the statement is worded in such a way that it means absolutely nothing without other variables that they are not disclosing.

Getting to a number as low as 0.02% should be relatively easy.
First, we all know that the vast majority of advertisers are not
taking the time to file complaints, for any number of reasons.

Once you remove all of the potentially reportable clicks that are
never reported, you are most likely already well under 1% of total
billed traffic.

Next, out of the small number that ARE submitted by advertisers for
further review, you have the vast majority of those which are
declined by Google. This is a number that they do not seem to be
disclosing and without it, you cannot complete a calculation of their
0.02% claim. We know from our experience of filing claims that only a
small fraction of the reported invalid clicks that have previously
been billed are later refunded.

At this point, we have already eliminated most of the clicks from the
total; those which are not reported, those were have already been
filtered out, and those which are reported but declined.

Finally, and perhaps the largest unknown variable, are all of the
clicks that are both unreported AND undetected by Google. Note that
any such clicks would come out of the 90% that they claim are
“valid”, and that however large the number of such clicks, it would
not affect the 0.02% figure, based on the way that it was worded.

Our company is studying a new click fraud method that is virtually undetectable to the networks. Our findings will be posted in a whitepaper on our web site at http://www.trafficsentry.com

Tic Howard, March 8th, 2007 at 1:45 pm ET:

0.02 is a perfectly good percentage, but it has nothing to do with click fraud. “Reactively identified invalid clicks”, whatever that is, doesn’t sound like click fraud. On the other hand, there’s no mistaking the headline.

Click fraud is not a function of validity. It is a state of mind defined in terms of malicious intent. It exists only in the mind of the perpetrator, and no machine can read the perpetrator’s mind. It is therefore impossible to quantify click fraud. But it may not be impossible to change the public’s perception away from malicious intent to blatant red herrings, such as “return on investment”, “manageability”, “controllability”, “validation”, and “statistically insignificant”. The fact is pay-per-click is a fundamentally flawed business model which invites malicious intent with no controls except those which are imposed long after the fact and at great expense, and even then they are ineffective.

The industry’s attempt to redefine click fraud in terms of a different language may indeed be succeeding. If you believe that the rate of click fraud is 0.02 percent, then you must also believe that your intent is irrelevant. But it’s easy to prove. Click away with as many clicks as you muster, and that percentage will never change, because it has nothing to do with intent. If your intent is malicious, that is, to bring “unqualified” financial charges against a publisher, there’s nothing standing in your way because one way or another, you will drive up the publisher’s costs. When those costs become high enough, the publisher will lose interest in pay-per-click as a business medium.

Here’s what’s wrong with pay-per-click. It does not target an interested class to the exclusion of a disinterested class. By inviting a disinterested third party to control the business transaction between two other interested parties, the intent of the third party is made transparent and impossible to determine, although it is highly relevant. That is not a good business practice and no level of technology will ever correct it.

FREE DAILY SEARCH NEWS RECAP!