Fraud: Click Attack Threshold


This protective threshold protects against inhuman levels of illegitimate click activity from a single ad network.

How it works:

For ad networks with low conversion rates and inhumanly high click volumes, Branch will protect the account by blocking the ad network traffic for a period of 24 hours or more.

For this specific threshold, networks exceeding the click attack rate will have further clicks blocked for a 24-hour period and then reset. Branch will not report further excessive clicks for that period and those clicks will not be used for attribution.
The dynamic logic applied for this threshold accounts for multiple factors including conversion rate, click volume, detected fraud rate, geographic and industry benchmarks.


Why not block only a portion of the traffic?

There are several upstream measures to limit blocking to a limited set of devices and sub-sources from the network. This additional network-level measure only activates following cases where several upstream measures have been exceeded. This level of blocking is extremely rare and only occurs when a network is rotating several sources in high frequency, or not specifying sub-sources, and the vast majority are determined to be inhuman with excessive volume.

How is the threshold determined?

The threshold is dynamic and accounts for several factors including conversion rate, excessively high click volumes, and geographic and industry benchmarks. In general, this threshold is exceeded only rarely, and only under inhuman click attack volume. It applies to a minute fraction of activity system-wide. We do not disclose further specifics on the logic to protect customers from attempted manipulation.

How often will the temporary blocking be lifted or reset?

The threshold is automatically reassessed every 48 hours. It is imperative that the click attack subsides prior or it is possible that the block may be continued for another period. Once the temporary block is applied, it cannot be reset prior to the end of the active period.

What happens if a network is flagged multiple times for abuse?

Subsequent violations will be reviewed for potential removal and longer-term banning of the source.

What if the click traffic is not considered as fraud by the client app?

Media sources triggering this threshold violate Branch terms of system abuse. This attack protection is an additional layer above and beyond other client fraud protections. For questions and concerns about this protective threshold, please contact your Branch Client Success Manager.

What if the customer wishes for this traffic not to be blocked?

Clients have direct control over fraud protection settings. This attack protection helps ensure reliability of the API and protects customers from heavy attack. It cannot be bypassed.

What is the reason for this additional approach when there are more granular approaches?

While there are several layers of fraud protection with fine-tuning, this is a broader “safety net” to protect from gross, extreme abuse of the system. In most cases, fraud is blocked at more granular levels, and in the case of an excessive attack volume, this threshold protects the customer account.

How can networks ensure not to be blocked during campaign launch & optimization?

Ensure that all click activity is legitimate and is driving a conversion rate within normal expected tolerance. Conversion rates should be representative of what is typical for the app, given a genuine legitimate user-initiated click of interest. If sending ad views as clicks, or if the audience conversion rate is several deviations outside of the normal range, this will fail the conversion rate criteria. If the campaign is also sending multiple millions of clicks daily, that is additionally figured as part of the criteria. The campaign should have normal tolerance rates for the geographic and industry benchmarks or may be temporarily blocked for excessive volume.

How can networks check for problematic traffic and sub-sources?

Using reporting, networks can monitor click volumes and conversion rates by secondary_publisher source. Networks are encouraged to optimize away from sources that have excessively high click volumes with uncommonly low conversion rates. If using sources with lower conversion rates, the activity must be within a reasonable tolerance. It is a violation of Branch terms to send attack level volume.

Did this page help you?