Fraud detection

We recommend regular monitoring of fraud metrics to detect critical indicators, recognize fraudulent schemes, and find the source of bad traffic.

How to read reports

As an example, let's build a report using a Strict fraud template (Reports → Templates). The report shows the number of suspicious and emulated devices, as well as the number of devices with quick installs and stacking clicks — i.e. the share of traffic that is likely to be fraudulent.

Benchmarks

Color indicators in the report are related to benchmarks.

• Green color indicates that everything is OK. This means that the percentage of fraudulent installs does not exceed the benchmark.
• Red color warns you about potential fraud, signalling that the share of fraudulent installs has exceeded the benchmark.

If the values are highlighted in red (above the benchmark), we recommend adding more dimensions: Select from list → Dimensions → Traffic source → Campaign or Partner to determine the potential source of fraudulent traffic and take necessary measures.

Color-based fraud indication is only applicable if there is an Application or a Platform dimension in the report

Installs

Use the Installs metric to see the volume of incoming traffic. This comes in handy when working with absolute metrics (not percentage ones), when the same fraud values can be highlighted with different colors. Fraud indicators per se do not mean a fraud attack, it's the share of fraud in the total number of installs that’s important.

Compare the following:

• campaign 1 brought about 10 000 installs of which 10 were quick installs
• campaign 2 brought about 200 installs of which 10 were quick installs

It's clear that campaign 2 is using fraud methods to drive traffic.

Comparison

Compare fraud metrics with data from previous periods, such as yesterday or the previous month, to track suspicious traffic flow.

The results of the comparison feature the "+" and "-" signs. Color coding is the same:

• Green color means everything is OK, fraud metrics are declining.
• Red color is a negative sign, meaning the fraud volume is increasing.

Template reports are configured to compare data with those of the previous day. To add a comparison chart to your report, press the Settings button in the Constructor, and enter new settings in the Comparison field.

How to detect fraud

Start with combined metrics from myTracker, and then gradually refine the data by adding more and more dimensions and fraud metrics.

It’s a universal approach suitable for those who don’t have time for hard research, are not familiar with key fraud metrics, have just rolled out an ad campaign, or have entered into a new partnership.

1. Open the Constructor or build a report using a Template.
2. Select a report period. Fraud will be shown for installs made in the selected period.
3. Add Combined metrics. At first, to grasp the mechanics of Fraud Scanner, we suggest using the common metrics: Select from list → Fraud Scanner → Strict..., Confident... or Soft Fraud Metric. Press the Calculate button.

Fraud metrics can be presented in absolute or percentage terms, where the percentage shows the number of fraudulent installs as a proportion of the total number of installs made in the selected period.

4. If you detect confident or especially strict fraud, add more dimensions to identify traffic sources: Select from list → Dimensions → Traffic Source → Campaign or Partner.
5. Use hardware, click, and in-app metrics to look into fraud causes. For example, by selecting Click fraud → Quick installs, you can see installs hijacked by your partner. Select only those metrics that are included in the combined metric where fraud has been tracked.

For more details on analyzing data, refer to the How to read reports section