Fraud detection

We recommend regular monitoring of fraud metrics to detect critical indicators, recognize fraudulent schemes, and find the source of bad traffic.

How to detect fraud using dashboard

Use Dashboard to monitor fraud easy and quickly and detect fraudulent traffic.

1. Select the Fraud Scanner section in your Dashboard.
2. Use filters App and Partner if needed. By default, the report includes data for all applications and ad partners.
3. In the Period field, set the report period. Fraud will be shown for installs/ first site visits made in the selected period.

MyTracker displays data in the following charts:

• Fraud metrics — displays incoming mobile and web-traffic checked for fraud according to strict, confident, and soft fraud metrics or strict and soft web fraud metrics accordingly.
• Combined fraud — displays data that sums up the combined fraud and its share in the total volume of the traffic.
• Fraud types — displays fraud types: hardware fraud, click fraud, in-app fraud and web fraud.
• Fraud by Partners — displays fraud detected according strict metric and grouped by a partner.
• Fraud by Sources — displays the share of fraud installs detected according the strict metric in regard to the total number of installs.

For each graph, you can configure the view of information display, date range by hours/days/weeks/months, and other special parameters.

You can download each graph the XLSX, PDF, PNG or SVG by clicking . If you want to analyse fraud in details, click to go to the Builder.

How to analyse fraud using report builder

Start with combined metrics from MyTracker, and then gradually refine the data by adding more and more dimensions and fraud metrics.

It’s a universal approach suitable for those who do not have time for hard research, are not familiar with key fraud metrics, have just rolled out an ad campaign, or have entered into a new partnership.

1. Open the Builder or build a report using a Template.
2. Select a report period. Fraud will be shown for installs/ first site visits made in the selected period.

We recommend building a report at least 3 days after an app install or the first site visit when Fraud Scanner has collected enough data about the user behavior

3. Add Combined metrics. At first, to grasp the mechanics of Fraud Scanner, we suggest using the common metrics: Select from list → Fraud Scanner → Strict..., Confident... or Soft Fraud Metric to analyze mobile traffic or Strict..., and Soft Web Fraud Metric for web traffic. Click Calculate.

Fraud metrics can be presented in absolute or percentage terms, where the percentage shows the number of fraudulent installs/first site visits as a proportion of the total number of installs/first visits made in the selected period.

4. If you detect confident or especially strict fraud, add more dimensions to identify traffic sources: Select from list → Dimensions → Traffic Source → Campaign or Partner.
5. Use hardware, click, in-app metrics, and web fraud to look into fraud causes. For example, by selecting Click fraud → Quick installs, you can see installs hijacked by your partner. Select only those metrics that are included in the combined metric where fraud has been tracked.

For more details on analyzing data, refer to the How to read reports section

How to read reports

As an example, let's build a report using a Strict fraud template (Reports → Templates). The report shows the number of suspicious and emulated devices, as well as the number of devices with quick installs and stacking clicks — i.e. the share of mobile traffic that is likely to be fraudulent.

The report includes data for installs made only during the selected report period. Remember, the most accurate fraud indicators are only available 3 days after an install, when Fraud Scanner has collected enough data about the user behavior.

Below you’ll find info on how to read reports using benchmarks, installs, comparison, and dimensions.

Benchmarks

Color indicators in the report are related to benchmarks.

• Green color indicates that everything is OK. This means that the percentage of fraudulent devices does not exceed the benchmark.
• Red color warns you about potential fraud, signalling that the share of fraudulent devices has exceeded the benchmark.

If the values are highlighted in red (above the benchmark), we recommend adding more dimensions: Select from list → Dimensions → Traffic source → Campaign or Partner to determine the potential source of fraudulent traffic and take necessary measures.

Color-based fraud indication is only applicable if there is an Application or a Platform dimension in the report

New devices

Use the New devices metric to see the volume of incoming traffic. This comes in handy when working with absolute metrics (not percentage ones), when the same fraud values can be highlighted with different colors. Fraud indicators per se do not mean a fraud attack, it's the share of fraud in the total number of new installs that’s important.

Compare the following:

• campaign 1 brought about 10 000 new devices of which 10 were quick installs
• campaign 2 brought about 200 new devices of which 10 were quick installs

It's clear that campaign 2 is using fraud methods to drive traffic.

Comparison

Compare fraud metrics with data from previous periods, such as yesterday or the previous month, to track suspicious traffic flow.

The results of the comparison feature the "+" and "-" signs. Color coding is the same:

• Green color means everything is OK, fraud metrics are declining.
• Red color is a negative sign, meaning the fraud volume is increasing.

Template reports are configured to compare data with those of the previous day. To add a comparison chart to your report, click Settings in the Builder, and enter new settings in the Comparison field.