Formulating a Programmatic Buying Policy: Ad Security

First of 4 steps in building a comprehensive policy

Programmatic buying is proven to provide a lift in CPMs. The overall benefit of programmatic buying far outweighs the energy and expense required to manage ad quality and data leakage. When diving in, it is important to remind yourself that programmatic buying requirements are no different than the fundamental operational requirements utilized every day in your direct business. 

We at The Media Trust (TMT) are hearing that the AdMonsters community is seeking help in establishing guidelines for working with their demand partners. In response, this discussion is directed primarily towards policy guidelines leaving specific enforcement mechanisms for a future conversation. 

Many publishers mistakenly perceive that when they open up the gates for programmatic buying that a deluge of ads and pixels from hundreds of DSPs and networks will start pouring in all at once, creating a situation where any policies have to cover every possible situation. Step one – reverse this thought process. 

Instead, write your initial policies as closed as possible, and open them slowly as you gain confidence in ad quality and your ability to track and enforce your policies. Most SSPs, exchanges and networks provide you with the ability to start small with low variability in ads and upstream partners that flow through to your site. 

Start there and work your way up. You will find that organizing and enforcing policies from a safe standpoint is much simpler than you think. 

Policy First

With all ad quality issues, we have to start with a policy, or in the case of online and mobile advertising,  four policies. It is amazing how many publishers we speak with freeze at this initial step. Removing this barrier by starting with quick, thematic policies that mimic your direct business can quickly move you past this problem. Most publishers already have policies either written or implicit for their direct business – use what you have.

The following is an amalgam of how aggressive Media Trust clients in particular address ad quality and data leakage issues, split into four quality segments. 

  1. Ad Security
  2. Data Security
  3. Ad Quality – Brand safety and channel conflict management
  4. Traditional QA – Ad types, technical specification rules, site performance

Ad Security

Ad security policy is an oxymoron but a mandatory practice – any programmatic buying partner that does not meet basic safety requirement is a non-starter (and for this reason first on the list). 

Before we dive in remember two things: first, most partners do meet some standard of care in policing ads from malware, automated click and impression fraud, fake or hijacked ads, and other nefarious activities. Your partners care about security and don’t want to serve you bad ads. 

Second, the existence of malware on websites from content, direct ads, and indirect ads is an unfortunate reality. You can’t choose to be safe by not turning on RTB. If you don’t have a policy and don’t enforce it across all activity, then you are exposed and it will catch up to you. 

This policy is easy – you wouldn’t run a direct placement that contained malware, and you don’t want one coming in via programmatic channels. The policy is zero tolerance for malware, while admitting to the fact that malware exists in both direct and non-direct channels. 

For most of our publisher clients, a single malware event is not enough to end a relationship with an SSP or exchange, and we agree. A suggested enforcement policy that is commonly used follows a threshold over time philosophy. For example, if malware runs three times in a three-month span, then the channel is shut off for some amount of time. By channel we do not necessarily mean the exchange or SSP, your policy can point upstream to the agency or network driving demand through your partner. 

It may surprise some publishers that the prevalence of malware activity is fairly evenly split between direct and non-direct business with the primary difference being that exchange platforms spend significant resources combating malware while many publishers simply close their eyes and hope for the best. Publishers are on the hook for ad security and have to keep the ecosystem honest by enforcing policy – this is equally true for each of the four quality segments. 

Ad security policy starts at home. Your malware security policy and enforcement mechanisms should be consistent across both direct and indirect channels. Your last job on ad security is to make sure that both your team and your buy-side partners have methods to quickly remove bad ads from ad serving channels up to the source of the bad ad. Fast is somewhere between real time and a few minutes – hours or days are not acceptable. 

Total time to write policy: 15 minutes.

Total time discussing policy with partner(s): 15 minutes per. 

Total time per week enforcing policy: If systematized less than 15 minutes per week. 

Read Part 2, Data Security, and Part 3, Ad Quality and Traditional QA.

OPS Macro-level changes are coming, and you can sieze the opportunities that follow at OPS NY. This event will bring together digital advertising leaders and ops professionals to discuss a rapidly evolving landscape and develop strategies for monetization. Register today for OPS NY which will be held Oct. 4, 2012.