E-Commerce secrets to scale

E commerce secrets to scale logo
023-Fighting-Fraudulent-Website-Traffic-With-Rich-Kahn

023 – Fighting Fraudulent Website Traffic With Rich Kahn

E-Commerce Secrets To Scale is a marketing and entrepreneurship podcast that revolves around hearing the stories and strategies of successful entrepreneurs and e-commerce professionals to uncover scaling secrets that will impact your online store.

Listen To This Episode:

CONNECT WITH RICH:

Anura.io (Website)

Tanner:

This week on the show, I have Rich Khan, CEO and founder of Anura.io, a firm that specializes in identifying and blocking advertising fraud. Rich and I talk about what ad fraud is and why it’s important to be able to identify it when it’s happening and also how to stop it. Welcome to the show, Rich. I’m super excited to have you. Go ahead and introduce yourself to the audience.

Rich:

My name is Richard Kahn. I’m the co-founder and CEO of Anura.io. We’re an ad fraud solution designed to identify real people versus bots, malware, and human fraud.

Tanner:

Awesome. So how did your career get started? Can you kind of tell us your story?

Rich:

I’m a little on the older side. So, my story starts back when I was nine years old. I started programming when I was nine years old, wrote my first game on a PET computer for those who remember the green screen built in computers back in the day. I got published when I was 12 on running some windowing environments on the Commodore 64, just loved the whole concept of everything. I actually wrote a website when they were called bolts and board systems back in the ARPANET days, back in the eighties. I started my career in digital marketing, as it is as known today, in 1993, right before the year before the web browser was invented.

So, I was doing a new email newsletter and just basically did everything. I was just enthralled with the Internet, the ability to connect to computer. And this was something that was kind of interesting. You know, the first time I actually emailed an image to somebody that was doing some work for me, and I know all the behind-the-scenes stuff and the coding that goes into all this stuff, but just a basic environment. You send a picture; it breaks it up into a bunch of little packets. Those packets travel across the internet, not all taken the same path, not all in the same order. And they spin around Internet going from the fastest hop to fastest hop and finally make it to their destination, get all reassembled back in the right order so that the person on the other end can see the picture.

There were no fraud solutions back then. So as a developer, when you can’t find a solution to buy you build it.

And this doesn’t happen in less than a second. We all get upset and it still just mind boggles me with the amount of traffic that the Internet is flooded, that this stuff happens pretty flawlessly for the most part. And that’s part of like my history as I was going into things. I started fighting fraud in the late nineties. I actually had an application that I built called Paid for Surf, where people were actually paid to surf the web. We were just playing the ads in front of them and give them, you know, say 50 cents an hour. And we had people making thousands of dollars a month, you know, by using us and sharing this with their friends. And, you know, I saw fraud there. I got written up in Wired Magazine of the fraud that we were having and how we have solved it, which is kind of cool and just bouncing around from different situation to different situation.

But really in the early 2000’s, I was an advertiser, probably like a lot of your viewers. And we were buying traffic from different places and noticing something was odd about the way the traffic was acting with our ads. As we knew the ROI was low, but we didn’t know what the problem was. So, I think it was early 2005. I said, all right, I know this is fraud. I’ve seen it before. I know it’s fraud. Let me just go out and license a fraud solution, call it a day. Well, there were no fraud solutions back then. So as a developer, when you can’t find a solution to buy you build it. So, I started building a solution. And as, as I was building it and perfecting it, our ROI started going up. We started making more and more money. I thought this was the greatest thing since sliced bread and we just started growing with it and then realized later on the secret sauce wasn’t the advertising model that I was building for myself and myself and for my clients.

It was the secret sauce of the ad fraud solution. So, in 2015, we did a year-long study comparing us against all the competitors to make sure it made sense to launch a new platform. And it did. And then we launched it in 2017 and, and right after we launched it, we were the company that found three billion dollars in ad fraud on Google Play Store. It was the largest ad fraud find in history, got written up on CNBC about it, the whole nine yards, have nice white paper, which is still available on our site. And that kind of kicked us off as to where we are today. I try to keep that story short.

Tanner:

Yeah, I’m sure there’s a lot more that you could have said about that, but I find it really amazing the types of things that you were doing at such a young age and how that’s transpired across the years. But you started an agency, right? And so, you’re a digital marketing agency and Anura.io was just your proprietary technology that you were using to aid in your advertising efforts, right? And then you spin it off into a new business.

We built our solution to solve our own problem. So developed all our own bells and whistles. We did everything the way we wanted it done as a client of the product.

Rich:

Yeah. And that’s exactly it. The interesting thing is out of every one of the fraud companies, about 50 fraud vendors in the marketplace, there’s only eight that I’m aware of that are certified by a third party, but what’s interesting is every single one of the competitors in the marketplace built their solution to sell it. Period. We built our solution to solve our own problem. So developed all our own bells and whistles. We did everything the way we wanted it done as a client of the product and got to a stage where, let’s say ten years later after starting the project, we realized that’s what people really had a demand for, and it hit me. I had a client come to me and say, “We’re buying traffic from you guys, you’re filtering it. It’s working phenomenally well for us. Can I license your fraud technology to clean my organic traffic?” And I said, “Organic traffic, how is that possible? It’s organic traffic. There’s no reason behind it. There’s a reason why somebody going to try to fraud that.” And sure enough, we actually Jerry rigged the whole thing together in order to make it work for the client, just because it was a good client of ours. And lo and behold, about 30% of his organic traffic was fraudulent.

Tanner:

So, what’s the motive behind that? You know, we’re talking organic traffic. What is someone trying to gain by fraudulent traffic and organic results?

Rich:

Great question. It’s actually detailed in my article coming out on Forbes. I just became a Forbes contributor for the technology sector, and my title of the article, which is in review right now is called How Organic Traffic Can Get You Sued. So, it’s definitely a worthwhile read, but I’ll tell your viewers the same thing, how it works. So, there’s no paid incentive, obviously if it’s organic traffic. So where were the fraud come from? Well, a couple of years back when we had this uncovered what was going on with this for the client, it’s basically an advanced bot and what the bot is trying to do from everything we studied on this, this one particular bot that we uncovered, it wants to pretend that it’s a real person. It wants to bypass all four detection methods out in the marketplace.

So, I guess the way a lot of my competitors work, this was able to get around them, and we were able to see this. What it does is it’s a bot that spins up and says, okay, let’s, say we’re going to focus on the insurance vertical today. So, during the day it goes to Google, searches for insurance related terms, scrolls down the page, clicks on a couple of organic listings, goes to the organic listing pages. And then it will spend some time on the page, click on a few links, you know, and every once in a while, just to save face, if it needs to, it’ll fill out a form, it’ll bypass credit card authorization pages. Sometimes it’ll create user accounts, if they’re free user accounts, whatever it is on the site, it’s going to be programmed to act like a real person.

And it does this process for three days. And the purpose we figured out it was doing this for three days in order to build a user behavioral profile. Once it got to that point where the user behavioral profile was built, it would spend 30 minutes committing ad fraud across the internet, whether it’s impressions, clicks, video, you know, anything and everything that it could do, it would do it within a 30-minute window, because I believe that bot designer felt that it would take longer than that for a fraud detection system to recognize the bot and then block it. So do it for 30 minutes and then stop, recycle itself, and start all over. Now. It’s interesting. It’s a bot, it’s a piece of software. It takes very little resources. So, in a cheap instance in the cloud, you can launch thousands of these at the same time. So, imagine the damage you can cause with, you know, a couple of instances across Internet.

Tanner:

Yeah. I mean, that’s insane. And that actually makes a lot of sense now that you explain it like that. But who is the source for these bots? Are they the ones serving that and getting paid for the placements?

Rich:

There’s a lot of reasons, but it can be categories until one of two reasons. It could be for profit or it could be for competitive advantages. So, if I’m a competitor and I’ve got a client right now, who’s got a competitor fraud attack on him like I’ve never seen before, he literally can go to Google, put up $10,000 for the day to spend, drop his bid down to a penny, light it up. And his entire budget will be gone within hours. And it’s all fraud. It’s a hundred percent fraud because honestly on Google, you’re not going to get any traffic, any real traffic for a penny, a click, but somehow at a penny, a click, he gets pounded hard enough that he ends up losing his entire budget at a penny a click and not a single conversion. So that’s key. And that in that case, we know for a fact it’s competitive fraud. The other type of fraud is somewhere along the line, somebody is getting paid, whether it’s directly or indirectly for that traffic to be generated and they’re making money somewhere along the line.

Tanner:

Yeah. I mean, that’s insane to me. And what really sucks about this whole scenario is that Google doesn’t really care because Google is getting paid regardless, so they’re not going to do anything to stop it, right?

Rich:

Well, I always believe the good in people, right? So, while it is true, every click that runs through Google makes up their a hundred billion plus dollars in revenue that they bring in every year, they still have very high-profile clients. And at the end of the day, I have to personally believe in their heart. They want to stop the fraud. So, a couple of years back, they bought a couple of fraud detection companies in order to, you know, in order to own the data and be able to help with fraud detection. And I do believe that they work at solving fraud, but it’s interesting. We still catch a lot of fraud that they miss, you know, so there there’s still for that goes unchecked. And it could just be lack of resources spent in there, you know, it could be a number of reasons, but at the end of the day, they are trying to keep the fraud down to a minimum best they can, I guess.

Tanner:

Okay. So, we’ll get into a little bit more of the nitty gritty stuff in a second. Let’s back it up just a little bit. When it comes to a Anura.io, what are some of the obstacles that you’ve faced while growing?

If you’re going have a substandard product with a great marketing plan, you can do really well. And you can have a great product with a small marketing plan and you’re not going to do well. So, product shouldn’t always be judged by how well a company does.

Rich:

Well, looking at my industry, I would say 90% or more of my competitors are roles funded. So, they have investment funds and usually they’re not small investments. They’re usually fairly large investments. We’re bootstrap. So, while we believe based on client feedback, we have a better product where basically we’re catching more fraud, more with the analytics to back up what we do. So, we’re not a black box environment. We give them a lot of information. Our competitors have significant marketing budgets, and they are phenomenal at marketing. And hats off to my competitors because they really do a great job of marketing, which is why they’re growing as fast as they are. A couple of them have been bought almost a billion dollars apiece because of their marketing efforts. Like I said, you can have a substandard product and I’m not talking about anybody’s product in particular, but if you’re going have a substandard product with a great marketing plan, you can do really well. And you can have a great product with a small marketing plan and you’re not going to do well. So, product shouldn’t always be judged by how well a company does.

Tanner:

 I completely agree with that. When you’re going up against VC dollars, it can definitely be really tough. So rich, what would you attribute your success to over the years? I know you’ve probably found success at a very young age and you continue to find success.

Rich:

Just straight up tenacity and doing something and building. Back in 2003, I built a marketing firm and a digital marketing firm. It wasn’t earth shattering at the time. It wasn’t something new. It wasn’t a great new idea. You know, we just did it and we basically pushed, pushed, pushed and grew the company ad fraud. Like I said, we started building this solution before anybody else did. We didn’t market it until years later, actually more than a decade later, twelve years later. But it was the first time that I built a product that’s completely unique in the way it works and how it finds fraud, which is kind of unique for us. So again, it’s just a matter of whether you find a niche and you’re able to capitalize on it and just spend the time and resources to build it to a successful stage or working on you know, just straight tenacity.

If you have an idea and you start starting to start to see some growth, just stay with it, you know, just, just work, work at hard. Don’t sleep at night, you know, just, just work your business. Everybody that owns a business knows that, you know, there’s no weekends, it’s just another day in the work week. So, I looked at it this past year with COVID. I like to take little breaks here and there, but I still work when I’m on vacation. I haven’t taken a day off yet all year and it’s been COVID related basically. Otherwise trust me, I would have been on a plane going somewhere. But it’s about focusing on the business and you’ve really got to just push, push that effort towards it.

Tanner:

Yeah. I agree with that and perseverance has a lot to do with people finding success, right? At the end of the day, it’s all about doing what a lot of other people aren’t willing to do, you know, putting in those hours on the weekends, like you talked about. So, let’s get back into the click fraud conversation. How do you tell the difference between a real user and a fraudulent user?

Rich:

You want the secret sauce? There’s a combination of things. To try to keep it in a simple explanation, we have a variety of self-learning and self-updating algorithms that have been running through our system for the last decade. These are systems that we’ve taught how to defend against fraud and find new levels of threat. We almost entrust those self-aware algorithms to do some stuff on their own, limited, but some stuff, and always have the eyes of our engineering team on top of it. The other thing we do also is we’re collecting hundreds of data points on an individual user. We know how those data points are supposed to look and how they’re supposed to interact with each other. And then based on that information, we back track all those findings to performance, to validate their performance-based data, to make sure the rules of heuristics we roll out are real and they’re solving a problem because at the end of the day, we want to make sure we have no false positives. It’s something that we touted our network. And based on all that information, we can positively identify if the user is a bot, malware, or the more elusive human fraud. So, I’ll give you an example of human fraud. Humans are used right now. In fact, you can go online right now, do a quick search for human fraud forms and license them for nine bucks an hour.

Imagine how many ads you can click on, how many impressions you can see with the right software and the right technical know-how inside of an hour. So, the ROI is through the roof. So, people are doing it all the time.

Tanner:

Yeah, that’s crazy to me. But in other words, if you aren’t 100% sure that a user is a bot or malware, you don’t do anything about it, right?

If I were to block even a fraction of a percent of the users that are real as fraud by mistake, I’m going to cost my client more in lost transactions in minutes than they spend with us all month. So, accuracy for us is paramount.

Rich:

No, we would rather let a bot or let ad fraud through for our client, then block it by mistake and miss marker, a real person is fraud. And here’s a perfect example. Before the pandemic hit, one of our clients was booking 30,000 airline tickets a day through their e-commerce platform. And they were using one of our competitors, but their chargeback ratio was climbing, and they were getting into that danger zone that every e-commerce platform knows. If you get to a certain level of chargebacks, you could lose the ability to charge clients. First, they increase your rate and then eventually they can get to a point where it really impacts their business. And what we’re trying to focus on is making sure that user that we block is real. So, in this case scenario, if I were to block even a fraction of a percent of the users that are real as fraud by mistake, I’m going to cost my client more in lost transactions in minutes than they spend with us all month. So, accuracy for us is paramount. I would rather let it through not knowing than block somebody that potentially could be real. So, when we mark something as fraud, we’re a hundred percent certain that it’s fraud. And even though we only have that logic doing it that way, our clients are still reporting that we’re funding actually 200% to 300% more fraud than competitors. So, we’re doing a better job of it more accurately.

Tanner:

Yeah. And like you said, it’s really important to be accurate with it. You don’t want to stop real people from that are ready to buy from being able to do so. But what are some signs that ad fraud is happening? You know, maybe some businesses aren’t even aware that it’s happening, right?

Rich:

Yeah. So, we actually talk about all the time with our clients. So, it could be user behavior on your website looks odd. So, you go to Google Analytics and find out that you had a lot of, like all of a sudden, you got a lot of people hitting your site and a high percentage of looking at your privacy policy. That’s not the norm, right? That’s kind of weird behavior, you know, you start seeing weird behavior like that happen. There used to be an old check that a lot of people used to use where they would put an invisible link on your page. So, you have a white background, you put a white text, it says, robots, click here and look at all the volume of traffic that starts clicking that link. Humans can see it, but yet it’s getting clicked on.

So, it’s again, odd behavior, right? Other situations are, you know, your chargeback ratio on your merchant accounts starts to climb, and you’re not sure where it’s coming from. That could be a sign of fraud. You could have a lot of traffic or a lot of visitors looking at your ads and a very low conversion rate, unusually low. Again, these are some of the signs that you’ll see it. If it’s a lead generation company you’re getting forms that are filled out with real information, you validate the information, you know, the name matches the phone and matches the email address. You pick up in the phone to call the person and they say, “I never filled out the form.” So that’s a sign of fraud, human fraud. So, there’s a lot of different signs that you can look for. It’s just when something doesn’t feel right, trust your gut, there’s usually something going on.

Tanner:

Awesome. So rich, what would you say your secrets to scale are?

Rich:

Secrets to scale? I remember what was working on a new software package. And it was actually the design where we were paying people to surf the web. And I remember putting this whole thing together and working on something. And when it worked, I made like a nickel. So, I was dancing up and down and my wife’s like, what the hell? It’s a nickel. He can’t do it. I said, but you don’t understand. I can take that nickel and multiply it by a million, and now we’re making some money. And I would always find a way through technology, because again, scale comes in a couple different ways. You have scale of your technology, you know how many times you go to a site and when they offer something special and all of a sudden, the site can’t keep up, that’s a lack of scale on their own infrastructure.

They should have something that helps grow or scale or be ready for that type of traffic. Cause, you know, say, so when your, when your website’s down you’re losing money, so you have to have scale there. I’ve done hosting of my websites from like back in the day where I hosted it in my office, my own server. I’ve done it where I’ve gone colo racks, where I was actually going to the location and installing my own racks of servers inside of a data center. And I’ve also done cloud computing like with Amazon and each one offers a different layer of scale. You just have to be comfortable with the scaling process there and know what your limitations are. In the data center, if you want a new piece of hardware, it could take days or weeks to get new hardware. And depending on the hardware requirements in cloud, you can roll up and within minutes you can scale up new instances within minutes, if your infrastructure is built right. Cloud computing technically will cost you more for the same resources. So, all these things you’ve got to balance. Usually, your CTO will figure that out for you. Scale of the business is same thing. You, you know, when once all of a sudden you start doing all this marketing, and the leads start rolling in. You have to be able to scale the business to be able to accommodate that. So, all of a sudden, you’re used to getting, you know, five leads a week, ten leads a week, okay, what happens when you get 100, 1,000, or 5,000 leads a week? How do you handle that? And you have to be able to, as an owner of a business, to be able to see, if you’re getting five or ten leads a week, you cannot afford to scale your company up with people to handle 5,000 a week. If you’re not getting this 1,000 a week, just don’t have the money for it. You know, even if you’re funded, that’s a lot of resources and a lot of scale. So you want to be able to stay ahead of your growth and scale accordingly in order to watch your resources and make sure you’re not overspending.

Tanner:

So, with that being said, do you recommend, you know, maybe hiring someone just a little bit too early to prepare for growth like that?

Rich:

I am, I’m good with hiring, you know, a couple of people a little too early to get them trained up and ready so that I don’t hire them when it’s like, oh my God, I need somebody yesterday. And now you got to go find somebody. You’ve got to bring them on. You got to make sure the right person, you got to train them. And then what happens if you lose that person? You can’t keep up. So, you’ll always have to get into a situation where you’re hiring ahead of the head of the spike of the curve. You know, you want to basically hire people with enough time to give you that ramp up period, to find, hire, train, to make sure that the right person for the position. So I always tend to hire a little bit earlier on the scale and it’s okay to have a couple of people sitting around idle learning the business and then just doing other things, the less it’s okay to have that problem than it is to have, oh my God, I need 10 people yesterday. That’s a good problem to have, but it’s still nonetheless a problem.

Tanner:

Yeah. That’s really solid advice, Rich. So I want to really thank you for taking the time to do this. Is there anything that I haven’t asked you that you think might benefit the audience?

Rich:

Nothing I can think of off the top of my head. The one thing I will say is I mentioned the Forbes article coming out soon. It’s something I would definitely have the readers look for when it’s out, because it does go into, you know, a whole other area, like how you can get sued based on organic traffic. So, there’s some tidbits in there. But for the most part, like I said, fraud solutions are out there. If you think you have fraud, you know, there are things you can do to protect yourself, but let’s face it, sophisticated levels of fraud are going to take a sophisticated system to help solve that problem. And most of us out in the marketplace offer some type of free trial. So, you can actually benchmark the type of fraud you’re having for free. So, you can actually find out, do you really have a problem? And how big of a problem is it? That’s what the benchmark trial is all about. So, you know, look around, if you’re looking for a fraud solution, look around, put a bunch of them to the test, take the free trial and find out which one works best for you.

Tanner:

Awesome. So, yeah, we’ll for sure link up that Forbes article in the show notes. Along those lines, what’s a good way for anyone to get in contact with you?

Rich:

Best way to get into contact with me is at Anura.io. We have our contact information up there, phone numbers, emails, you know, contact us forms. You know, there’s probably a couple hundred blogs up there about ad fraud if they’re interested in learning more about ad fraud without getting a call from somebody at our company. If that that’s what they’re looking for. Plenty of resources, a ton of eBooks up there. So, it’s a great resource overall about fraud that they can learn about, you know, as they’re starting their journey, learning about fraud.

Tanner:

Awesome. Well, everyone go check out and Nora and thanks again, rich. Appreciate the time. Thanks.