Below are the questions we sent to Criteo’s corporate headquarters after learning about the Method Media Intelligence research. We never received specific answers. However Criteo did provide the following statement:
“Whilst Criteo does not comment on individual cases, we would like to reaffirm that Criteo’s goal has always been to serve as a trusted partner and ensure a high quality, brand-safe environment for our community of more than 15,000 advertising clients. When advertising with Criteo, brand safety covers both the appropriateness of the site content and the integrity of the traffic the site generates. We are committed to detecting and combating fraud in digital marketing through numerous internal and external prevention methods.
Our proprietary targeting and bidding engine has built-in detection of signals that indicate non-human activity. We have a dedicated operations team who constantly monitors the extensive reporting from our systems to pick up suspicious click activity which could indicate fraud. When such activity is uncovered we immediately reimburse affected clients. Criteo also employs a robust blacklist process to enforce our brand safety guidelines. Our publisher account teams regularly review advertiser performance metrics on publisher sites to spot suspicious trends, and terminate any sites that may be generating invalid traffic. Criteo continuously enhances its protection by adding any new fraudulent agents or suspect behaviour types to our detection tools. In addition, we are a member of TAG (Trustworthy Accountability Group) and work with leading third-party vendors to assess any additional protection they can offer to our own tools and processes to prevent fraud and non-human traffic.”
- COVER STORY: Gotham City Research Goes After Criteo Asking, “Is It Malware?” Promises New Disclosures
Questions for Criteo
Is Criteo HQ aware of a dispute between Ivory Ella and Criteo in the US (we believe specifically with it ts Boston office)?
Is Criteo HQ aware that Ivory Ella commissioned an ad safety consultancy to analyse its data? Is it aware that the analysis threw up a number of anomalies which caused concern to Ivory Ella?
Is Ivory Ella currently seeking compensation from Criteo as a result of this analysis?
According to the consultants, the analysis found a significant discrepancy between the number of clicks Criteo was reporting and the number of clicks they could verify from the Ivory Ella data. Criteo was reporting about 40 per cent more clicks than could be verified. Why would such a discrepancy occur?
The client spent a significant amount of money with Criteo, yet the amount of money it paid out on clicks was more than the revenue it generated in sales. This seems unusual. How common is this experience for Criteo’s clients? Or would such a result be considered unusual and potentially a red flag for fraud?
The client was told its ads would only appear in brand-safe environments (“PG 13”), however its ads appear to have been served to sites that contained adult content. Does Criteo accept that this happened, and what steps did it take to mitigate this and to compensate the client?
The ad safety consulting business told Which-50 it repeatedly created transactions that were clearly fraudulent to test Criteo’s response and that Criteo should have easily recognised these as fraudulent. Instead, Criteo claimed all of the transactions as legitimate. Has Criteo discussed this issue with Ivory Ella or its agency, and what processes does Criteo have in place to detect fraudulent clicks?
By tracing back where the referrals came from, the consultants identified a significant frequency of referrals from known malware such as Spigot. What processes does Criteo have in place to exclude known malware from exploiting its software?
Has Criteo ever had to caution or terminate employees or cancel partnership arrangements because it discovered employees or partners using malware to inflate their results? Has Criteo ever communicated in email or in writing or via any other medium to its staff or partners cautioning them not to use malware or other software that would fraudulently inflate clicks? (Note: we subsequently received a denial on this question from a senior executive with strong ties to the company who spoke off the record as he was not authorised to comment.)
What compliance procedures does Criteo have in place to detect the inappropriate purchase of clicks from adware either by its employees or partners?
Is it possible that high CTR traffic could be purchased unknowingly from adware/malware/fraudulent bot web sites — by people or companies not associated with Criteo and without Criteo’s knowledge — and from which those third parties would derive a commercial benefit?
Does Criteo accept that in the performance marketing sector it is easy for bad actors to purchase fraudulent clicks and traffic? What doesn’t the company regard as an “acceptable” level of fraud? How much money did Criteo return to its clients during 2016 as compensation for click fraud?
Does Criteo have a senior executive whose primary focus in fraud mitigation?