Protect360 anti-fraud guide

At a glance: Attribution related fraud is a significant challenge in the app industry. Fraud drains marketing budgets, pollutes marketing performance data, and can turn successful campaigns into losing ones. Protect360 provides app owners with real-time fraud protection and detection.

Protect360_-_Product_Master_Deck.jpg

For a comprehensive introductory marketer's guide to mobile ad fraud, click here.

What is Protect360?

Protect360:

  • Protects against attribution fraud. It consists of dynamic tools that detect fraud and block fraudulent attribution.
  • Uses AppsFlyer scale, machine learning, and behavioral analysis to provide cover against known and new forms of click/install fraud including bots and behavioral anomalies.
  • Guards marketers from fraud at the device, publisher, and media source levels.
  • Uses a layered approach of real-time fraud blocking and post-attribution fraud identification

Real-time fraud blocking

The first layer of anti-fraud protection blocks the attribution of fraudulent media sources in real-time: Protect360 automatically blocks fraudulent installs and in-app events in real-time.

Note: Protect360 does not impact the app user experience. In case of fraud attempts involving real users, app installs complete normally, and only the attribution data is affected. 

About blocked events

Post-attribution fraud

The second layer of anti-fraud protection relates to fraudulent events, detected after the install and real-time attribution.

When installs are detected as fraudulent in retrospect, they can't be erased, but need to be treated as real fraud and not charged for.

Once a source, like an ad network, site ID, or country is identified as fraudulent:

  • Future clicks from the source are blocked.
  • Past installs:
    • From the start of the current calendar month until the present, are labeled as post-attribution fraud, but not erased from the data. As of January 2020, advertiser invoices are credited for the attribution fees of these installs.
    • From before the start of the current month, are not changed.
  • In-app events occurring:
    • Up until the install labeling: labeled as fraud.
    • After the install labeling: labeled as fraud.

Examples of post-attribution fraud:

  • Seemingly regular installs followed by fraudulent signals within in-app events
  • A new form of fraud found
  • Installs which turn out to be fraudulent only after anomaly detection algorithms collect enough statistical data about the installs of any publisher

Fraud reconciliation with ad networks

With Protect360 advertisers gain the raw data needed to reconcile fraudulent installs and in-app events with ad networks.

To reconcile CPI-based campaigns using Protect360:

  • At the start of each month contact the account manager in each ad network where fraud occurred.
  • Collect the relevant fraudulent installs raw data from the Blocked installs and post-attribution installs reports.
  • Share the fraud raw data with the network for reconciliation and optimization of their traffic.
  • It's possible to create a raw data report which includes just the valid installs, but excludes post-attribution fraudulent installs. To do this, you need to download the monthly Attributed UA installs report and exclude all entries from the Post-attribution installs report.

To reconcile CPA/CPE-based campaigns using Protect360:

  • At the start of each month contact the account manager in each ad network where fraud occurred.
  • Collect the relevant fraudulent in-app events raw data from the Blocked in-app events and Post-attribution In-app events reports.
  • Share the fraud raw-data with the network for reconciliation and optimization of their traffic.
  • It's possible to create a raw data report which includes just the valid IAEs, but excludes post-attribution fraudulent events. To do this, you need to download the monthly Attributed UA in-app events report and exclude all entries from the Post-attribution in-app events report. 

How to use Protect360?

In the remaining tabs of this article, we explain how Protect360 works, how to use the Protect360 dashboard, and how to use raw data reports.

The table below describes where the data for both protection layers is found in AppsFlyer:

  Aggregate Raw Data
Real-time fraud Blocking Protect360 dashboard Export Data page/Pull API
Post-attribution fraud Protect360 dashboard Pull API
  • The Anomalies insight page offers information about media sources that have installs with abnormal CTIT values, when compared with other trusted sources.
    Visit the page to investigate these anomalies. Cross-reference the suspected installs with your raw installs data and look for suspicious signs such as weird app version numbers, old OS versions, distinctive locations etc. 
  • Use Validation rules to block installs with short CTIT values. Protect360 automatically blocks installs with very low CTIT values.

 Tip

How affected by fraud is your vertical?
Explore our App install fraud benchmarks guide covering a wide range of parameters.

Was this article helpful?