The threat from bots in online advertising and data breaches in electronic commerce and emerging payment systems continues to grow. While threats and new security challenges seem daunting, the online advertising and payments industries continue to take steps to focus more on security. Some believe that not enough is being done. After all, the average U.S. adult got three data breach notifications in 2014, per Experian data, and a recent Google study found that 192 deceptive Chrome extensions affected 14 million users.
The Trustworthy Accountability Group (TAG), an advertising industry initiative, Monday announced plans to create a database of domains that have been identified as known sources of fraudulent bot traffic for digital ads.
The TAG Fraud Threat List unveiled at the IAB Advertising Technology Marketplace Conference in New York will publish the technical proposal for the Fraud Threat List and, for 30 days, solicit comments from the advertising industry before finalizing the program.
The American Association of Advertising Agencies (4As), the Association of National Advertisers (ANA), and the Interactive Advertising Bureau (IAB) support the program and will compile the list using information from participating companies with specific insight on domains that are driving significant fraudulent ad traffic to the ad industry. AOL, Yahoo's BrightRoll, and SpotXchange are among the companies that are designing the pilot.
The Fraud Threat List is TAG's second major initiative this year to address those issues. In February, TAG launched the Brand Integrity Program Against Piracy, a program that will help advertisers and agencies avoid brand damage from unwanted sites by using TAG-validated providers of anti-piracy services.
Fraud puts a hole in the online advertising industry as well as mobile and desktop ecommerce. As new payment methods are introduced, it's important for marketers at brands and retailers to understand the security risks they create. More people need to work with their respective IT and security departments to understand that innovations in the payment systems increase the risk of a data breach.
In fact, mobile payments in stores increase data breaches by 59%; eWallets, 58%; and mobile payments on devices and apps, 57%, according to the Ponemon study Data Security in the Evolving Payments Ecosystem sponsored by Experian. The study surveyed 748 U.S.-based IT and IT security, risk management, product development and other professionals involved in the payments systems within their organizations such as retailers, financial institutions, payment processors, credit card brands, regulators, consumers and others involved in the flow of payments and transactional information.
Michael Bruemmer, VP with the Experian Data Breach Resolution group, said the company helped businesses through more than 3,100 data breaches in the past year. About 87% are attributed to employee negligence such as running open tests that make the system vulnerable. "Consumers think that with new technology comes better security, which is not true," he said.
Companies feel pressure to adopt emerging payment systems to keep customer satisfied. About 65% of the executives feel pressure to migrate to the new payment systems, but this is putting consumer data at risk. Some 53% said they are prioritizing customer convenience over security. About 69% said the media coverage in the past year has caused them to revaluate and prioritize security.
Another major help would be actually releasing all these results and blacklists to vetted member companies, without the extortionate fees. It does no good to come up with a list of bad domains and traffic sources, only to charge for access then wonder why nobody is really using it.
Transparency is one of the biggest ways to combat this, both with bad sites and any company that either willfully trades in fraudulent traffic or doesn't put forth best efforts to stop it.