What is Invalid User Activity (IVA)?
According to Google, Invalid User Activity occurs when a real person interacts with an ad but not out of genuine interest. These deceptive interactions can often artificially inflate an advertiser’s costs and publisher’s earnings. Some invalid activity is unintentional, such as when a user attempts to click a link but instead clicks an ad. Other invalid activity is categorically fraudulent; for example, when publishers encourage users to click their ads, whether that be through a direct request or by intentionally placing an ad unit where it will be mistaken for other site content.
Deceptive tactics that encourage invalid user activity are detrimental to the user experience and offer no value to advertisers. Because of this, Google keeps a close eye on any invalid activity and is quick to notify publishers of any violations which can result in disabled ad serving or account termination. Examples of invalid user activity include:
- Publishers self-clicking their own live ads
- Numerous ad clicks or impressions generated by the same user, also known as ‘click-bombing’
- Improper ad placement which leads to a high number of accidental clicks
- Automated clicking tools or traffic sources, robots, or other deceptive software
What is Invalid Traffic (IVT)?
Invalid traffic is traffic that comes from bot activity on a website, rather than traffic created by real humans. Google refers to Invalid Traffic as any clicks or impressions that may artificially inflate an advertiser’s costs or a publisher’s earnings. This term encompasses incentivised traffic, as well as unintentional traffic. There are two types of invalid traffic:
General Invalid Traffic (GIVT) – refers to non-human traffic that is generally non-malicious and can be caught through routine means of filtration. General invalid traffic does not engage with ads on site and can serve various purposes, such as measuring or improving the ecosystem. Some examples of GIVT include:
- Non-human traffic, such as self-identifying bots, spiders, search engine crawlers.
- Traffic from known data centre IP addresses that generate non-human traffic.
- Traffic from unknown, but legitimate, browsers.
Sophisticated Invalid Traffic (SIVT) – refers to fraudulent non-human traffic which is designed to commit types of illegal activity. Detection of SIVT requires advanced analytics and significant human intervention since fraudsters are trying to mask their behaviour as legitimate. Some examples of SIVT include:
- Incentivised traffic (i.e. offering users something of value in reward for surfing your website)
- Hijacked devices and/or hijacked sessions that engage with ads
- Malware or adware
- Manipulation of analytics via bots
- Cookie stuffing
If Google observes a high level of invalid traffic on a publisher’s account, they may suspend or disable the account.
Both invalid traffic and invalid user activity can be accidental or deliberate. If deliberately generated, this can be either paid for or committed out of spite to sabotage a publisher.
How does Google prevent invalid activity?
Google cannot prevent IVT and IVA from happening altogether, they can only detect when it’s happening through the use of sophisticated technology and manual detection. When Google detects IVT or IVA, they filter it out using complex algorithms which are designed to analyse patterns and identify bad traffic in real time, so that advertisers do not pay. If IVT or IVA is detected but cannot be filtered out, Google refunds advertisers. Publishers who are found to be associated with invalid activity or sophisticated invalid traffic risk their payments being withheld and their account being suspended or terminated.
How can a publisher prevent invalid activity?
As publishers are responsible for the traffic on their sites, they are therefore required to monitor their traffic to ensure compliance with Google’s policies.
Use Google Analytics to understand your ad traffic and site visitors
Traffic should be broken down into meaningful segments using URL channels, custom channels or even Google Ad Manager ad units. This will enable you to understand how changes to traffic sources or implementation can affect your ad traffic. Google Analytics can be used to get further information about site visitors and to identify any anomalies with regards to user behaviour.
Don’t click on your own ads!
Google Publisher policy stipulates that publishers are prohibited from clicking their own ads, regardless of the reason for doing so. If you really must click your own ads, whether that be because your genuinely interested in the destination URL or perhaps you are trying to diagnose delivery issues, use the Google Publisher Console. We have written a complete guide to installing and using the Google Publisher Console which you can view here. In a nutshell, the Google Publisher Console enables publishers to “test click” their own live ads without those clicks being counted towards ad spam.
Blocking bot activity
Unwanted bot activity can cause problems with both Invalid traffic and invalid clicks. There are commercial services that specialise in filtering out non-human traffic, and are able to tackle it in a number of ways. A simpler way to at least reduce bad bot activity is to block known bots either through robots.txt or restricting problematic IPs. CDN services like Cloudflare also provide some affordable protection against this
Steer clear of untrusted or low-quality partners
Partnering with low-quality ad networks, search engines or directory sites puts your site at risk of accumulating invalid traffic. When purchasing site traffic, ensure that you do so in a manner that complies with AdSense policies and monitor your reports closely to gauge the impact that each source has on your ad traffic. Review the traffic provider checklist to guide your discussions with any traffic provider you are considering
Be knowledgeable on Google’s ad placement policies
When implementing ads, ensure that your placement adheres to Google’s ad placement policies and be sure to test this on multiple devices. Google states that ads should not be implemented in a way that they might be mistaken for other site content, such as a menu, navigation, or download links.
If you are a publisher and suspect suspicious activity, you should notify Google immediately.