An engineer investigating Google’s click fraud detection system has concluded that the company’s efforts to combat the scourge are “reasonable.” Alexander Tuzhilin, a professor of information systems at NYU, laid out his findings in a report issued as part of a class-action lawsuit against the company.
Google and the plaintiffs in the Arkansas case, Lane’s Gifts v. Google, have agreed to a $90 million settlement, but the court is still determining whether to approve the settlement agreement. One of the settlement terms was that a third-party expert be allowed to examine the company’s detection methods.
Given Google’s secrecy around its click fraud detection systems, Tuzhilin is one of the rare outsiders given the opportunity to probe the company’s methods. Tuzhilin reviewed internal documents, interviewed Google personnel and received demos of various systems as he prepared the 47-page report.
Though Tuzhilin reaches the conclusion that current click-fraud efforts are “reasonable,” he questions one of the company’s policies before March 2005. Before that time, when an ad received a double click, one click followed by an immediate second click, advertisers were charged for both clicks.
“For me, the second click in the double click is invalid. . . and the advertisers should not be charged for it,” he wrote. “It is not clear to me why it took Google so long to revise the policy of charging for double clicks. Nevertheless, this policy was revised in March 2005 despite the fact that the company lost ‘noticeable’ revenues by taking this action.”
Tuzhilin also looked at whether economic considerations played any role in the company’s operations. For example, he tried to determine if Google benefits financially when click fraud goes undetected.
“As a result of these investigations, I realized that it constitutes exclusively an engineering decision with no inputs from the finance department or the business units, except in. . . two cases,” Tuzhilin wrote.
In the first case he describes, one particular IP address was disabled because of inappropriate clicking and a business unit requested an additional investigation because the IP address was associated with an important customer. The second case was the double click policy, which Tuzhilin notes the financial implications were discussed within the company.
In the document, Tuzhilin reveals that Google employs around 36 people on a dedicated click fraud team, about a dozen of which are engineers developing technological systems to detect invalid clicks. The balance of the employees investigate customer inquiries and other incidents in which click fraud is suspected.
Tuzhilin writes that he was surprised to find that most of Google’s filters, with a few exceptions, were very simple.
“I was initially certain that these simple filters should miss many types of more complicated attacks,” he wrote. “However. . . these simple filters perform reasonably well.”
In the report, Tuzhilin suggests other methods, which Google is not using, which might improve click fraud detection filters. These include data mining, using conversion data and developing more advanced types of filters.
Besides the proactive filtering method, Google also uses automated and manual “offline” detection systems. Subtle patterns of click activity that may or may not be valid generate an alert that staffers then investigate manually. The company’s systems also automatically alert the team to manually investigate AdSense publishers whose sites seem to be generating invalid clicks. When a publisher is terminated, all the clicks generated from that site over a given period of time are credited back to advertisers.
“My only concern with these manual inspections is about scalability of these inspection processes,” Tuzhilin writes. “Since the number of inquiries grows rapidly, so does the number of investigations required to investigate these inquiries.”