If you think 3ve was a sophisticated operation, just imagine what all the other operations look like that continue to evade the grasp of law enforcement.

3ve reportedly made US$29 million over the course of its operations – that is a substantial amount of money but in the context of ad fraud as an industry, it is barely a drop in the ocean. For some perspective, more money is lost to ad fraud in one day than 3ve was reported to make in 3 years.

3ve is an indicator of what some of the less sophisticated operations look like.

The 3ve investigation relied on an unprecedented level of cooperation, spanned 3 years and no doubt, cost a substantial amount of money to pull off. The reality is that dealing with fraud by bringing every fraudster to justice isn’t feasible. But while we may not be able to catch them all, that doesn’t mean we should give them our ad spend on a silver platter.

Fraud prevention is the best way to beat these organisations. Stop the fraud, make sure the fraudsters don’t get paid and make the business of fraud less profitable.

Ad fraud and the sophistication of perpetrators has evolved at a rapid pace in the last 20+ years. Before 2000, it was mainly individuals exploiting loopholes in a still relatively juvenile internet advertising ecosystem. As budgets for online advertising grew, so too did the lucrativeness of ad fraud as a business opportunity, attracting more sophisticated players to the arena. Now ad fraud is an industry in its own right, worth approximately $19 billion in 2018.

Ignorance on a grand scale allowed fraudsters to make a lot of money for a very long time and gain a substantial head start on anti-fraud providers. By the time the industry woke up and smelled the bull$h!t in their ad spend, the pockets of fraudsters were deep enough for them to adapt and conduct their own R&D to find new ways to exploit digital advertising.

The fraud prevention space has taken a similar trajectory as the cyber security space – albeit a few years behind. Initially we blacklisted (like anti-virus software) and then we wrote rules (like firewalls). But fraud continued to evolve and adapt making it harder and harder to add to blacklists and manage increasingly complex rule sets, without catching legitimate traffic in the crossfire.

What is zero day ad fraud?

In cyber security, a zero day threat is a vulnerability that there is no patch for. Borrowed from cyber security, we define zero day ad fraud as a new tactic or variation of a tactic that rules are not equipped to detect or block.

As the tricks and schemes of the last 20 years become less successful for fraudsters, it is likely we will be seeing more new types of fraud as perpetrators adapt and evolve.

Using rules to address these new tactics would be a fool’s errand that perpetuates the cat and mouse game that has characterized fraud prevention until now. It is time to turn the table on the fraudster by introducing a new approach to fraud prevention that is proactive instead of reactive, removing fraud as it evolves.

This article originally appeared on the TrafficGuard blog.

To learn more about the importance of machine learning in your fight against ad fraud, download the full eBook.