Re: SOX Requirements RE: ACTION-216 - Financial Reporting "Exceptions"

Tamir,

The Media Rating Council (mediaratingcouncil.org), a body created by an
Act of Congress in the 1960s that still reports to Congress, is
responsible for ensuring stringent audits of companies against their
counting methods.  The MRC and IAB have published guidelines for
impression and click measurement, and companies regularly (annually)
voluntarily subject themselves to comprehensive audit by independent
third-party auditors-- such audits are verified by the MRC to be compliant
with the industry guidelines.  These audits include a very thorough review
of the fraud prevention tactics employed by the companies (this is
required).  I sit on the MRC Internet/Digital Audit Committee, so I review
all such publisher and technology vendor audits.  For the security reason
I have already provided, only the auditor and MRC (under strict NDA) get
to inspect the "secret sauce" of fraud prevention (the methods and
algorithms)-- testing is conducted to ensure that these methods are
effective.  If you'd like to better understand the MRC's roll, their
integrity in conducting audits and their liability (to Congress) related
to such, I'd be happy to broker an introduction.

Chris Mejia | Digital Supply Chain Solutions | Ad Technology Group |
Interactive Advertising Bureau - IAB



On 8/21/12 5:40 PM, "Tamir Israel" <tisrael@cippic.ca> wrote:

>Shane,
>
>OK. Maybe on the fraud detection (as opposed to SOX) it's too detailed a
>discussion. It'll come down to the added utility of each, but to assess
>that, you'd need to have Brooks' special sauce recipe....
>
>Best,
>Tamir
>
>On 8/21/2012 5:16 PM, Shane Wiley wrote:
>> Tamir,
>>
>> I don't want to say too much here but please understand inconsistency
>>in standard signals such as UID/IP address and other factors in
>>themselves can help distinguish fraudulent activity.
>>
>> - Shane
>>
>> -----Original Message-----
>> From: Tamir Israel [mailto:tisrael@cippic.ca]
>> Sent: Tuesday, August 21, 2012 2:12 PM
>> To: Dobbs, Brooks
>> Cc: Shane Wiley; Lee Tien; Craig Spiezle; 'Chris Mejia'; 'David
>>Wainberg'; 'Jonathan Mayer'; public-tracking@w3.org; 'Nicholas Doty'
>> Subject: Re: SOX Requirements RE: ACTION-216 - Financial Reporting
>>"Exceptions"
>>
>> OK, thanks again, Brooks (and Chris). And I understand why perhaps it
>>isn't wise to discuss in too great details on a public forum.
>>
>> I'll just ask that you folks think about the added utility of UID/IP
>>addresses, given that a determined fraudster can delete the first and
>>proxy the 2nd.
>>
>> And with respect to IP addresses, I think this is one that remains in
>>the 'to be decided' pile of the DNT definition .....
>>
>> On 8/21/2012 5:01 PM, Dobbs, Brooks wrote:
>>> Tamir,
>>>
>>> So to be clear people don't publish there "secret sauce" on how they
>>> identify and remove click fraud, or to be more politically correct
>>> "low quality" clicks.  So your question is - do UIDs fix his problem.
>>> Obviously not knowing the secret sauce I can't specifically answer HOW
>>> they help, but I can say they are part of the solution.  With clicks
>>> selling for real values in whole dollars and even upwards of tens of
>>> dollars, you need to make sure that, for instance, the same user can't
>>> create a charge for more than one click.  This presupposes that you
>>> can identify "same user".  You may also need to know who someone
>>> isn't, as you wouldn't want someone who financially benefits from the
>>> click to do the clicking.  The more data you have, the better job of
>>> determining the quality of the click.  Now I use click here as an
>>> example, but the same really holds true for ad views as well; it is
>>>just a question of scale.
>>> So yes cookies are deleted and some folks have no cookies, but all
>>> this can be used to create heuristics that build confidence.  If you
>>> don't log IP and you don't log cookies this confidence is pretty hard
>>>to come by.
>>>
>>> -Brooks
>>>
>>>
>>>

Received on Wednesday, 22 August 2012 13:38:44 UTC