By 
Ad fraud is still running rampant on connected TV. When fraudsters impersonate publishers and spoof their sites or apps, reputable publishers lose out on ad revenue.
As a result, TV distributors are trying to get the problem under control.
On Thursday, Roku announced its new and improved fraud detection tech, Watermark 2.0. Now, Roku can detect fake impressions on the app level in addition to the device level. Clients can also pass this watermark through the programmatic bidstream, which they weren’t able to do before.
Roku launched its original ad-spoofing product last year, Watermark 1.0, to validate that bid requests were coming from Roku devices, not bots generating fake device IDs. But that was the only information Watermark 1.0 included, Adam Markey, director of product management of Roku’s ad platform, told AdExchanger.
While the first watermark generated interest among publisher clients that could use it to filter out spoofed inventory, “it didn’t solve every problem,” Markey said, including app spoofing.
Getting started
Roku started working on its original watermark in 2020, just before DoubleVerify released its SmokeScreen investigation into a form of user spoofing that generates fake impressions while a TV screen is off.
Since then, Roku has been working with DoubleVerify to develop watermarking technology for more use cases, starting with user spoofing that creates fake impressions.
When a Roku device sends out an ad call, its operating system adds an encrypted signature, or watermark, that servers and supply-side platforms (SSPs) can use to verify that the request is really coming from a Roku device, not some fraudster. The same piece of code then also validates that the ad was delivered to a Roku device.
This pre- and post-bid verification still exists in Watermark 2.0, but the updated product expands beyond verifying a Roku device to also validating specific streaming apps.
App-athetic
With spoofing, impressions on app B are presented to buyers as coming from app A – which is usually a desirable, brand-safe environment. When CTV apps pretend to be other apps, they can hike up their ad inventory pricing.
For Roku, this app spoofing is a bigger problem than user spoofing, Markey said.
So much for playing nice in the streaming wars.
To handle app spoofing, Roku added a piece of code to its watermark encryption that allows programmatic partners to validate the channel ID in addition to just the device ID. In other words, intermediaries can make sure they’re delivering impressions only within the apps they paid to deliver against.
Roku validates channel IDs with a “one-way hash” that supports anonymous inventory because many publishers limit the amount of information they disclose about their inventory in a programmatic bidstream to prevent data leakage. Sellers can now validate the streaming app they’re delivering ads against without seeing any specifics about that app’s inventory.
Protecting against app spoofing also requires validating what version of an app is running an ad, which calls for an IP address – another data point that’s sensitive, but for user privacy reasons.
Which is why Watermark 2.0 includes IP addresses from apps with the last few digits removed.
Watermark 1.0 had some signals for ad verification, but the new version “expanded to include many more signals that are essential for validating media quality,” said Roy Rosenfeld, SVP of product management at DoubleVerify.
Share or despair
Data sensitivity is why Roku originally couldn’t allow partners to share the watermark through the bidstream with Watermark 1.0.
One of the biggest challenges of upgrading its watermark was “figuring out how to exchange this information in a secure way,” Markey said.
Programmatic platforms still need to know where an ad request is being processed, and DSPs need to know which SSP an ad request is coming from.
Watermark 2.0 includes a new encryption to validate the target domain of an ad request as an additional guardrail to protect against any possibility of fake watermarks. For example, if PubMatic is processing a Roku bid request, it can prove to its buy-side clients that the ad request is actually coming from PubMatic.
“Using Watermark 2.0, PubMatic can monitor the rate of authenticated Roku impressions by publisher, app and even individual buyers,” said Nicole Scaglione, global VP of PubMatic’s CTV and OTT business. Roku’s latest watermark “enhances the tools PubMatic uses to prevent fraud on behalf of our customers.”
Looking ahead
Despite these major upgrades, the work doesn’t stop here.
One of the biggest gaps in ad verification that Roku is still working on involves preventing fraud in server-side ad insertion (SSAI) inventory, Markey said. SSAI is a challenge because it refers to ads that are already stitched into a video stream before they are consumed by a viewer.
So far, though, the improvements Roku has made to its watermark are resulting in more companies using it for traffic validation. Last year, Roku had four or five ad verification and programmatic partners. With Watermark 2.0 on the market, that number is up to 11 partners, including DoubleVerify, Human and PubMatic.
Roku’s biggest goal is promoting the TV industry’s transition from linear TV to streaming, Markey said, which requires helping programmers “win back” lost profits by cutting through the noise of fake impressions.
