Consider this hypothetical scenario. Your head of manufacturing presents the quarterly numbers: inputs are fully accounted for, the bill of materials checks out and expenditure is on budget. But the production yield is running at half of what those inputs should have delivered.
The finished output simply cannot be reconciled with what went in. No one is suggesting the materials were stolen; the systems all show green, and yet half the expected output has never materialised. You would demand an immediate investigation because, in any other discipline, a yield variance of that magnitude is not a rounding error. It is a fundamental breakdown in the process.
This is precisely the situation in digital advertising. The budget is spent. The campaign reports show delivery. The impression counts come back looking healthy. But the standard metrics (impressions recorded, clicks logged, views counted) do not confirm the presence of a real human.
Marketers are measuring their yield not against what was supposed to be produced, but against what the critically flawed production line reported. Where the gap shows up at all, it is buried in a ‘black box’ line item called ‘unattributable spend’ and quietly accepted as the cost of doing business.
It need not be.
Industry-wide investigations have now put hard numbers on the haemorrhage, and new corporate liability laws in the UK, the US, and South Africa mean the consequences of continued inaction extend well beyond wasted budget.
The missing millions
In 2020, ISBA, working with PwC, published the first end-to-end audit of the programmatic supply chain. The finding: only 49 per cent of advertiser spend reached publishers, and 15 per cent vanished entirely. A 2023 follow-up cut the unknown delta to 3%.
Progress, but the architecture of opaque intermediaries remains intact. The ANA’s 2025 benchmark found only 41% of programmatic impressions met basic quality standards, across an average of 44 000 websites and apps per campaign.
A legal wake-up call
In the UK, the US and South Africa, new legislation holds organisations criminally liable not only for committing fraud but also for failing to prevent it. Application to advertising fraud specifically is largely untested in case law, but the legal architecture now exists, and the cost of being the test case is considerable.
In the UK, the Economic Crime and Corporate Transparency Act 2023 (in force September 2025) is the most purpose-built framework for supply-chain liability. Large organisations face criminal exposure if an ‘associated person’, which includes agencies, verification vendors, and ad-tech intermediaries, commits fraud on their behalf without adequate prevention procedures in place.
In the US, the FTC treats fraudulent metrics reported as campaign performance as a deceptive trade practice under Section 5 of the FTC Act, with penalties of $53,088 per instance. The FTC’s 2023 mass warning letters to nearly 700 companies served formal notice that the ignorance defence no longer holds.
In South Africa, a 2024 amendment to PRECCA introduced a Section 34A “failure to prevent” offence mirroring the UK model. PRECCA’s extraterritorial reach means international companies with South African operations are equally exposed.
Passive ignorance of supply-chain fraud is no longer a defensible position, legally or commercially.
A taxonomy of theft
How do fraudsters operate? Commonly used tactics include:
Click fraud
The broadest category. Automated bots or paid human “click farms” repeatedly click pay-per-click ads to drain a competitor’s budget or generate fraudulent revenue for the hosting site. Beyond the direct waste, inflated click signals corrupt bidding algorithms, quietly pushing future spend towards lower-quality placements.
Affiliate fraud and cookie stuffing
Fraudsters secretly drop tracking cookies onto users’ browsers so that when a purchase is made later (through an entirely unrelated route), they claim the commission. A related tactic, ad hijacking, redirects a brand’s own paid search traffic through fraudulent affiliate links, charging the advertiser to acquire its own customers.
Made-for-advertising (MFA) sites
Sites built not to serve readers but to host ads: AI-generated content stuffed with ad units, monetised by buying cheap traffic and reselling it as premium inventory. MFA sites now represent around 21 per cent of all programmatic impressions, delivering far less genuine human attention than they bill for.
SDK spoofing
Prevalent in mobile advertising. Fraudsters exploit the software development kits embedded in apps to generate fake signals mimicking real installs, clicks, and in-app events without any genuine user interaction. A single infected device can simulate thousands of installs per day.
Pixel stuffing
An ad served in a 1×1-pixel frame is invisible to the human eye, but the ad server records an “ad served”, and you receive the bill.
Ad stacking
Dozens of ads are layered in a single slot. Only the top creative is seen, but every advertiser in the stack is charged for the impression.
Domain spoofing
Low-quality, largely unvisited sites masquerade as premium publishers (such as the BBC, the Financial Times, or the Guardian) within automated buying systems. This means brands pay premium prices to reach audiences that do not exist.
Click injection
Malicious apps (particularly prevalent on Android devices) fire fake clicks in the milliseconds before an app installation completes, stealing attribution credit for customers the advertiser was about to acquire. Industry data suggests this accounts for a significant share of global invalid traffic.
Hidden ads
Ads served as impressions never intended to be viewed by humans, especially when apps load web pages.
The scale of the problem in 2025
According to Spider Labs, global ad fraud will cost $41.4 billion this year. Fraudlogix, analysing 105.7 billion impressions, found a global invalid traffic rate of 20.64 per cent. For a mid-sized advertiser with a £500 000 digital budget, as much as £150 000 may be flowing to bots and spoofed inventory, year after year, entirely undetected.
Why the ‘safety nets’ are tearing
Most marketing departments find solace in having purchased ‘ad verification’ or ‘brand safety’ tools. Most of these tools operate on a negative model, blocking known bad actors from a list. But fraudsters innovate faster than lists can be updated.
Ads.txt bloat compounds the problem: publisher authorisation files have swollen to thousands of approved ‘resellers’, creating a sprawling marketplace of intermediaries where fraud can go undetected.
A new measurement: Human attentiveness
The solution is to shift from counting volume to measuring verified human attentiveness. While bots are very skilled at clicking and mimicking more complex human behaviours, such as scrolling and mouse movements, it is easy to identify which actions are performed by humans rather than bots.
Optimising campaigns for attentiveness is an advanced yet essential step. A positive outcome of this approach is that fraud is instantly detected and mitigated through channel optimisation linked to business results.
A campaign with 10 000 clicks and no landing-page interaction does not indicate a high-performing channel; it indicates a botnet.
What leaders must do now
The online advertising supply chain should be subjected to the same rigour as any other high-risk vendor relationship.
That means three things:
Demand parsed log-level data. Summaries hide the details. Impression-level logs, as long as they’re complete, show exactly where every penny went, and any partner unwilling to provide them is a red flag.
Shorten the supply chain. The ANA recommends 75 to 100 trusted publisher partners, thus avoiding campaigns being spread across 44 000 publishers. Every extra intermediary presents another chance for spend to disappear.
Prioritise quality over volume. One hundred verified human views on a reputable site outperform 10,000 bot impressions in brand, conversion, and legal terms. Allocate budgets accordingly.
Programmatic campaigns. Use inclusion lists whilst maintaining blocklists. Turn off all audience extension networks.
The bottom line? Ad fraud is a governance failure. The brands that move first to demand transparency will recoup the wasted spend and maximise their online ad budgets. And they will be best prepared when regulators come knocking.
Stop paying for ghosts. Start demanding proof of real people.
Let’s stop the ad fraud together. Please InMail me if you would like a demo of our platform or proprietary systems that will help you get your marketing budget back. Join us for our free webinar with The Titan of Transparency, Dr Augustine Fou, to find out how to get your digital adspend under control.
To ensure brands get value from every rand spent online, the Association for Communication and Advertising has joined forces with truthsets.online to present a webinar featuring Dr Augustine Fou. Famously dubbed the ‘Titan of Transparency’, Dr Fou is an independent cybersecurity investigator.
The webinar is free, and brand owners and their agencies are invited to join.
- Date: Wednesday, 18 March 2026
- Time: 15h00 SAST
- Who should attend? CMOs, brand owners, CFOs, media strategists and buyers, and anyone with a vested interest in maximising digital ad spend.
- Registration: Book your seat here.
Marc Dhalluin is the founder of truthsets.online.
————-
