When you’re playing games or using an application on your mobile phone device, it doesn’t just run smoothly but also show you products or services you might be interested in, these are called mobile ads (advertisements). Now-a-days, this is so common that application developers are getting more creative about accommodating them, because they have proven to be a huge industry in themselves. According to Zenith Media, Media Company, out of the global ad market, one third the size accounts for the mobile ad market, which is a multi-billion dollar industry, estimated at about 187 billion USD. But like every other industry, it has threats which tend to steal and leak money out of it, this is called Mobile Ad-fraud. It impacts and undermines the entire ecosystem of App markets and victimises not only the users but also the publishers of the apps. This mobile ad fraud leads to loss of revenue to the marketers. According to the Google Ads website, mobile ad fraud can lead to a loss of revenue in tune of 9-20% of the annual market budget for global mobile advertising. In the proceedings of the ACM conference on Computer and Communications security, it was revealed that the world’s largest botnet which is operated by ZeroAccess makes a hundred thousand US Dollars every day via ad fraud. To prevent this apps with abusive behaviours resulting in mobile ad fraud are actively identified by Google Android Security to protect users. Additionally, to protect its users from ad fraud, a developer policy denouncing abusive ad libraries for their excessive monetisation regarding mobile ads has been published by Google Play Store By now, it is pretty evident how big the mobile ad industry is and with it another multi-billion ad fraud industry is also emerging. To understand the concept of mobile ad-fraud let us first understand the mobile ad ecosystem and then delve deeper into mobile ad-fraud. Mobile Ad-ecosystem One of the most popular way of monetising mobile applications is by serving ads. A hosting app displays ads which are embedded in a library which in turn is integrated by the app developer in the mobile app. AdMob, an ad library managed by Google, is used by an estimated 56% of Android applications in Google Play Store. Hence, it is safe to say that usage of mobile ad libraries is quite common. Let’s now look at the major parties who make up this ecosystem, they include: an ad service provider, an advertiser and a publisher. An ad service provider bridges the gap between the publishers’ need to offer ads and the advertisers’ need to showcase their ads to a bigger audience, which provides great exposure to the advertisers. The services of an ad service provider also offers an ad library for publishers to include. After a library is embedded by the service provider, it goes and fetches ads from the service provider which are eventually displayed at the user’s screen. An impression constitutes each ad rendered, which usually means each video or an image displayed/rendered one time. The advertiser or agency designs the ad which is to be displayed for the target audience. They request the ad service provider for launching their ad campaigns. A publisher is the app developer who integrates an ad library, which is managed by an ad service provider, for monetising their app. Ad service providers charges advertisers on various ways, the three representative ways of billing are (1) Cost-Per-Mile (CPM) which is charged for ad-impression (2) Cost-Per-Click (CPC), for user clicks (3) Cost-Per-Install (CPI), for app installs. Mobile Ad Fraud Mobile ad fraud refers to generation of fraudulent revenues by operations that generate unwanted ad traffic by the means of clicks, conversions and ad impressions. This article will now talk about how mobile ad fraud can hurt advertisers and app publishers. Types of ad fraud that typically affect advertisers and ad publishers are as follows: 1. Invalid traffic : This is the most common form of fraud. In this type of fraud, scammers tend to mimic genuine traffic to earn money illegitimately instead of ads reaching the data-rich traffic of high quality. Several tactics are used at once to make the traffic appear as genuine as possible. 2. Ad Stacking : A user might only see one ad but the predator stacks multiple ads one below the other. But, regardless of the position of the ad in the stack, all of them are paid for by the advertisers. 3. Bots : Some bots are malicious that range from simple to sophisticated and some aren’t necessarily fraud, which act as general invalid traffic. But these can be used for creating fake installs, traffic or clicks. 4. App Spoofing: In this type of fraud, the ad might end up appearing on apps which might not be deemed brand safe i.e. the ad appears on a different app than what the advertisers paid for. This is done when a fraudster app sends a fake bundled ID to display itself as a premium app to the advertiser. 5. Click fraud : Fraudulent operations generating illegitimate clicks which consume the marketing budget of an advertiser are called click fraud, the advertiser is exploited. The main objective of the publisher and service provider for doing such a fraud is that it helps in manipulating and inflating their cost-per-click (CPC) prices by promoting a misleading cost per click. The adversary could be an ad service provider, or a competitor of a targeted advertiser, or an abusive publisher. This adversary depleted the ad budget by recruiting a botnet network to click ad impressions of a targeted advertiser. The success of a click fraud is dependent on generating click URL requests, which should target an ad service provider which accepts and counts the clicks towards the billing of a target advertiser. 6. Impression fraud : Before understanding this type of fraud it should be known to the reader that the key requirement of mobile ads for charging advertisers is to render ad impressions. The advertisers are charged usually by the number of impressions rendered. This fraud is said to have been committed when a predator creates invisible ads by making them tiny or hides ads under visible elements on the screen. These are very sneaky ads placed on the screen which send ad impression requests, that lead to advertisers being charged and no ad impressions are exposed to users. This method is kind of similar to ad stacking. Thus, it can be concluded that there are many ways of implementing ad fraud: (a) when there is no understanding but necessary deception, a large number of users are lured into clicking and interacting with unwanted ad impressions, this is usually done when the predator dupes users into genuinely clicking ad impressions, thus generating admissible click URL requests from users’ devices (b) when there is an understanding of how the ad service provider generates an admissible click URL request, the attacker sends a vast volume of click URL requests that a target ad service provider accepts by leveraging his own botnet networks.

If you are a bar owner and alcohol is in the news a lot, you might want your digital ad placed next to the news because it is getting a lot of traffic but you do not want your ads to be displayed next to a news article reporting a deadly accident involving drunk people or your ads popping up on a blog post which explains why you should cut down your drinking for a healthier body/mind. You might have an amazing scheme in head and on display that will drive up your sales but it will reflect poorly on your brand if it comes in the situations stated above. In this case, blacklisting some words/terms seems beneficial towards the image of the company. To understand this, let’s take another example, imagine you are a car dealership owner and you are promoting your new batch of fossil-fuel high- powered cars but your ad starts displaying on a website which is explaining how the population of polar bears and penguins among other Arctic and Antarctic animals has significantly plummeted because of increasing Green House Gasses (GHGs) and emissions. Most people will take that ad in a poor taste and question why people, industrialists in particular like you are being ignorant. It is often said that first impression is the last impression, if someone comes across your ad in this situation for the first time, they have full reason to believe that your brand is threatening the environment, even though it might not be completely true. But ads being displayed in the wrong parts of the internet is not the only brand safety concern for companies these days. With the internet progressing and bettering itself every day, the problems are getting more complex day-by-day too. Other potential risks to name a few involve invalid traffic, fraudulent e-commerce ads, domain spoofing, extremism, inappropriate content and illegal download ads. Advertisers should be vigilant of these tricks to avoid having monetary and reputational losses. Every product or service is designed keeping in mind a segment of people who are designated as the target audience for that service or product and if people from the targeted audience are not able to view the things on the market or if they are being seen by bots or people who accidentally clicked on the ads. It defeats the purpose of online advertising. Legitimate ad traffic is important for an online advertising campaign to be successful, only then does the brand truly realise its goal of serving the rightful customer. Otherwise, it is just efforts being wasted and so much time and energy spent in vain. Interaction with a genuinely interested user is how the brand can assure itself some growth, any other exchange will just be stagnating and not so useful. If we look at fraudulent e-commerce ads, it basically includes numerous tricks used by fraudsters to not only harm the safety of the brand (i.e. reputation) but also steal money. One common way is search ad fraud. In this type of fraud, expensive words are targeted by developing fake websites by fraudsters. Using bots, they drive up the clicks and then sell that ad space to unsuspecting advertisers. They bring in illegitimate clicks along with questionable content which may conflict with brand image and safety. Another, way of tarnishing a brand image/safety is an ad injection. Imagine you displayed you ad on a legitimate, well- known website. Since you thought that it is a safe website because it is reputable and popular, it does not mean that there is no scope for fraud there. Thing being said, it is safe to say that every website is vulnerable, some more than others. Now, these ad injections are ads slipped onto a website without permission of the publisher. This ad is just sneakily injected which has nothing to do with the website or your ad. But, it could be a bad look not only for your ad but also the website. The ad is generally pornographic content. In the examples above we have seen how a particular company/brand may be affected because of particular placement of ads in certain areas of the internet However, brand safety means much more than mere placement of ads on websites or a few random useless clicks, it is practically saving money which is lying on the table. It includes the image of a brand and what it associates with completely. It takes years to build a reputation and one wrong move can destroy it and cause monumental damages, especially in today’s world where we have the internet, though which information flows very quickly so does misinformation. Also, nothing ever truly goes away, in the sense that it is permanent, once information is on the internet, no Public Relations team can truly ever get rid of it, they can twist facts and present it another way but, never get rid of it.

Was the call you received from your boss asking you to do something unusual, really your boss? Is the person in the questionable picture/video of an acquaintance being circulated really them? It is fun to use an app to sound like a famous artist and see your favourite actor do stunts that do not seem physically possible. But the former situations can put one in a risky position. The internet and Artificial Intelligence have made our lives easier but they also bring with them the risks, which include fraud and deception. Spreading misinformation is as far as a click away. The infamous Public Service Announcement by Barack Obama in 2018, which was created using Deep Fake tools took the internet by storm and created a buzz around the concept. The reason this buzz should be created again is because we as a community are spending more time on the internet, more than ever. With the pandemic in full swing and most organisations planning to shift to a permanent work from home structure for most positions opens up opportunities for people to work remotely and breaks down geographical barriers. But it also increases the risk of fraud, especially with technology advancing at such a fast pace and false information getting harder to verify. The scope of AI-generated deep Fakes has also expanded in various aspects which now include not only sophisticated visuals/ videos but also audios. Deep Fake phishing differs from email phishing and looks more authentic and is harder to catch. To understand and defeat the purpose of a deep Fake it is important to learn how it works. Basically, a programmer uses an AI tool which understands and solves complex problems of datasets. It is trained to study the behaviour of a photo/person and learns to paste it on existing content by carefully learning the angels and reactions which eventually produces synthetic media. Although there are many ways off creating fake media the most common way includes using auto encoders on the deep neural networks. Let’s understand this step-wise: Finding the content which has to be over-written. Gathering enough media of the person to be duped. Using an auto-encoder which employs a face-swapping technology. The auto-encoder will learn and study the person from various angles and environments which will eventually map the features and paste the video/ over-write the content. After this, a Generative Adversarial Network (GAN) is added to the mix, this is a machine learning tool. It improves the quality of the media by detecting any flaws, within multiple rounds. Apart from these sophisticated technologies, there is a wide presence of apps which make it easier for a common man to create such synthetic media. Most common apps include FaceApp, Zao, DeepFace App. Also, as the software development community is becoming more open day –by-day, Github which is an open source community provides deep fakes. Increased accessibility to such tools can prove to be dangerous to teenagers and their mental health with increased cyber crimes. Talking of audio Deep fakes, they can be used to make fake calls and transfer money. There is a threat of stolen identity in which the user can either create new accounts and commit fraud or can access an already existing account and transfer funds and steal. How to save yourself? As of now, India does not have any regulations explicitly for deep fakes, so the most plausible way to save yourself from such a threat is to be aware and keep an eye out for anything that looks suspicious. Some synthetic media can easily be detected because of its poor quality, like automated calls, which could sound computerised and mechanical. Similarly, biometrics can be used in combination with a two-factor authentication which includes One Time Passwords, etc.. Also, for videos, one can look out for movements like facial expressions, hair movement, the smoothness of skin, the sync of audio and video and most importantly teeth. A mediocre deep fake might not focus on such aspects and this is where attentiveness can fill the gap. But with more sophisticated and smarter technology being deployed, these things can easily be corrected and a so-called flawless impersonation might not be that difficult to achieve. The need of the hour will be to cross-check unusual things until an anti-deep fake or a detection technology is widely available.

28th June 2021 : Com Olho filed digital governance technology patent for rolling back affiliate fraud, homograph attacks, fake news and pirated content. Internet based fraudsters use all kinds of tools to gain into customer data, monetise over affiliate marketing and spread fake news and pirated content over the internet. Understanding Fraudsters Mindset : Register a fake domain to side-run fake news, pirated content and misinformation. To drive revenue from this, enable google, facebook and programmatic ads. Register a fake domain and enable email servers. Use smtp to programmatically send brand impersonated emails to large email databases, getting fake impressions and click to boost advertising matrices. Create fake apps and incentivise users to download it, once downloaded scrap all the contact data and start surveillance marketing over the devices for delivering CPCU conversions. How does Com Olho Digital Governance Technology work? Step 1 : The technology helps digital assets owner create encrypted codes through regulatory body. This happens real time, when the user enters Aadhar Number ( For individual developers and content creators) CIN Number ( For enterprises that own digital asset) FIN Number ( For foreign enterprises) Step 2 : The encrypted codes are then uploaded on the DNS TXT records by the owner of the digital asset. Step 3 : The Telecom Regulatory on a user request to access the digital asset, verifies the encrypted keys in the DNS records to real time validate against true ownership and blocking all the fraudulent digital assets. Benefits : No need to maintain blacklist by telecom or ISP's. The owner ship of the digital asset is bind to either individual, incorporated legal entity or verified by FIN. In case of digital wrongdoing, the technology would help backtrack fraudsters organised crime. Prevent advertisers from monetising fake websites, apps and ad networks. Prevent consumers from data theft, account takeover and financial theft. We at Com Olho are developers of data-led exponential technology and have been recognized by the Department for Promotion of Industry and Internal Trade, Government of India as in the category of ML based cyber security. We pride ourselves with our success over the last 2+ years, and continuously strive to reach greater heights. We are incubated at NASSCOM 10000 Startups at the Gurugram Warehouse and also a recipient of a cash grant from Facebook. The company hold’s 3 proprietary patents for system and method for customer behaviour, anomaly detection and digital data governance.

What is money laundering? The technique of transforming huge monetary gains from illicit activity into legal assets while hiding their real origins is known as money laundering. To combat such acts, governments all over the world have been increasingly tightening AML policies. Financial institutions are now obligated to adhere to strong anti-money laundering rules and to disclose any suspicions of money laundering activities. Money laundering has a significant societal impact since it fuels terrorism, trafficking, drug dealing, and other criminal activities. The problems and challenges with money laundering starts with: Rising AML operational costs: it is pushing financial institutions to seek alternatives to their present tools and technologies in order to avoid fines and penalties. The rise in false positives: it keeps compliance personnel distracted and as a result, resources are spread thin across all phases of the AML process. The prevalence of false negatives: sophisticated criminals who are able to circumvent AML protocols in order to perpetrate crimes. Difficulty is locating money laundering practices: Every year, money launderers become more skilled, establishing an elaborate network of identities and accounts through which to channel their illicit activities which makes locating the false negatives hidden deep inside the mountain of valid transactions very difficult and time-consuming. The graph approach A graph or network is a collection of nodes and connections (also called edges). Graph analytics is a collection of analytic tools that enable the investigation of links between items of interest such as companies, individuals, and transactions. It assists data and analytics executives in analysing linkages in data and reviewing data that is difficult to evaluate using standard analytics. In the field of anti-money laundering systems, the concept of networks and connection analysis is fundamental because it helps expose hidden aspects of transactions that are not discoverable by any other means. When paired with ML algorithms, these technologies have the potential to trawl through hundreds of data sources and documents, allowing financial institutions and AML specialists to quickly uncover hidden patterns and relationships in transactions. Graph analytics is essentially a set of analytic tools that allow you to "dig down" into complicated interrelationships between businesses, individuals, and transactions. For example, a major international investment bank in the United States is utilising sophisticated graph analytics to strengthen its fraud prevention activities, especially fraud detection for debit and credit cards. The organisation is integrating graph analytics into its machine learning system to discover data links between “known fraud” credit card applications and fresh ones. As a consequence, the bank can discover more suspicious trends, reveal fraud rings, and close down fraudulent cards more quickly. The bank will save millions of dollars each year as a result. Graphs may be used to detect anomalous patterns, which can aid in the prevention of fraudulent transactions. Terrorist activity has been found in certain cases by examining the flow of money across interconnected banking networks. Fig 1 : Fraud detection with regular analytics and with advanced graph analytics can be visualised from Fig. 1. The use of graph analytics allows for the dynamic study of relationships within a huge dataset. It is possible to investigate and visualised who and what a client is linked to using data as diverse as an email, a phone number, a device, transactions, and so on. The detection of accomplices becomes very rapid A regular fraud detection case A tip or a detection system may occasionally flag a client or a transaction as suspicious. In this circumstance, it is vital to determine whether or not this particular questionable circumstance is isolated. The customer might be a member of a larger criminal ring, or the transaction might be part of a broader operation. In the absence of more information, it is critical to pursue as many leads as possible. This necessitates investigating what the customer or transaction are related to. Consider a simple payment made using a digital payment provider such as PayTM, PayPal, Google Pay, Amazon Pay, or Razor Pay to see an example of possible fraud and why it is so hard to identify using standard analytics. A user has opened a new account that is connected to their Bank X credit card. They have connected their phone number and email address to their account as part of the setup and two-factor authentication. The user uses an Apple iPhone X with the registered phone number as their device and starts a payment of Rs. 5000 to another account. Because the user is a new user with a new phone number and email address, there are no red lights or alerts in a standard financial services fraud detection solution at this stage (none of these have been associated with any fraudulent transactions in past). Regular analytics does not uncover anything strange or suspect and the payment passes through without being reported or refused. Use of Graph analytics on the case Deeper analysis with a native parallel graph analytics technology, on the other hand, offers a different image. There is a fraudulent activity related with a gadget, phone number, and stolen credit card six levels inside. Here's how it goes down: The payment's recipient account belongs to a user who authenticated the account with a Phone Number as part of the account registration procedure, and that phone number is used with a different device Apple iPhone Y. As the deep link analysis searches the history of previous fraudulent transactions for devices linked with those transactions, it discovers that this Device was used last year with a different Phone Number to set up a separate Account. This account initiated a payment that was subsequently discovered to be fraudulent since it was paid using a stolen credit card. Advanced analytics using graph analytics may go deep into the related data, in this case six links deeper, to uncover the link to earlier fraud in real time, and the payment transaction is refused as a consequence. As you can see, advanced graph analytics is required for real-time payment fraud detection — and this analytics identifies fraud three layers "deeper" than normal analytics. This disparity between normal and advanced graph analytics can result in hundreds of millions of dollars in fraud losses. Advanced graph analytics with real-time processing can process the payment transaction in under a second and then perform the multi-connections query on the related dataset. In other words, the system must check every connection along the path from the person initiating the payment to the ultimate receiver, the one involved in fraudulent Payment. Clearly, fraud detection is at the top of every financial services organisation's priority list – and this is unlikely to change. As fraudsters grow increasingly tech-savvy, it is critical for businesses to keep one step ahead of them. These deeper insights are enabled by advanced graph analytics, which complements conventional BI technologies and powers AI and machine learning. Hence, as a consequence, firms can anticipate and avoid possible fraud while also safeguarding their consumers.

The National e-Governance Plan (NeGP) is a popular initiative launched by the Government of India to make all the government services available for all the citizens of the country while making use of electronic media. NeGP was developed by the Department of Electronics and Information Technology (DeitY) and also the Department of Administrative Reforms and Public Grievances (DARPG). The government has given their permission for the National e-Governance Plan, and includes 26 mission mode projects (MMPs) and some 8 components, as of 18 May 2006. This is an enabler of the Digital India initiative, and UMANG (Unified Mobile Application for New-age Governance)is also an enabler of NeGP. What in general is meant by e-governance? Electronic governance or e-governance, that today has been adopted by innumerable countries across the world and is widely prominent. In this quickly exaggerating and demanding economy such as India, e-governance is becoming quite a necessity. With this rapid growth of digitalization, there have been many governments across the globe for the introduction and incorporation of technology into governmental procedures. Electronic governance or e-governance is best described in terms of the usability of Information and Communication Technology (ICT) as per the government for offering and facilitating the services of government, exchange of information, interaction transactions, and the amalgamation of several stand-alone systems and services. If we say in some other words, it implies the use of technology for performing government activities and for achieving the goals of governance. With the help of this policy, the government services are now easily available to all the citizens and several ventures in a very smooth, productive, and transparent way. Some of the major instances are e-governance comprises the Digital India initiative, National Portal of India, Prime Minister of India portal, Aadhar, filing and payment of taxes online, digital land management systems, Common Entrance Test, and so forth. E-governance can generally take place in some of the four major steps and types of interactions: Government to Government (G2G) Government to Citizen (G2C) Government to the Businesses (G2B) Government to the Employees (G2E) As the 11th report of the Second Administrative Reforms Commission, that is titled "Promoting e-Governance - The Smart Way Forward", has established the position of the government that an expansion in the e-government was a necessary step. The ARC report got into the hands of the government on 20th December 2008. The report has also cited some prior initiatives just like sources of inspiration, comprise the references of the Singapore ONE program. For pursuing this goal, the National e-Governance Plan was made and formulated by the Department of Information Technology (DIT) and the Department of Administrative Reforms & Public Grievances (DAR&PG). The program needs the development of an innovative application for empowering citizens to access government services by the Common Service Centers and it is also aimed at both the reduction in government costs and improvement in access to services. Criticism the e-governance policy had to face Some of the criticisms and the limitations associated with this policy were the lack of needs analysis, business process reengineering, interoperability across MMPs, and coping with new technology trends including mobile interfaces, cloud computing, and digital signatures. What are the major objectives that E-Governance policy is focusing on? Some of the major objectives of e-governance are as follows: For supporting and simplification of government for the citizens of government, citizens, and businesses. For making the government administration much more transparent and answerable while addressing the needs of the society and the expectations with the help of efficient public services and productive interaction between people, businesses, and the government. For reducing corruption in the government. For making sure about the speedy administration of services and the information. For lowering any kind of complexities for ventures, offering immediate information and will enable digital communication by ex-business. What are the problems associated with E-Governance? Just as we know that the e-governance policy is having innumerable advantages like convenience, similarly it also has some kind of hurdles associated with itself. Some of them are as follows: No management of computer literacy: India is yet known as a developing country and an enormous majority of the citizens are lacking computer literacy that is a barrier to the effectiveness of e-governance. No kind of accessibility over the internet or even over the computers in some parts of the country is a major disadvantage of e-governance. E-governance can also quite often result in a complete loss of human communication. And as the systems are turning more and more mechanized, there are fewer interactions that are taking place among people. It has also given rise to the risk associated with personal data theft or any kind of leakage. E-governance can also lead to a tax administration and the service providers can very easily make some excuses of not offering the service on technical grounds just like the way “server is down” or “the internet is not working” and a lot more! Describing the E-Governance as per the Indian Context E-governance in India is very exclusive, new and one of the recent developments! The launch of this National Satellite-Based Computer Network (NICENET) was done in 1987 and with this, the subsequent launch of the District Information System of the National Informatics Centre (DISNIC) program was set up for computerizing every district offices all around the country for which free hardware and software was given to the State Governments which were also provided with the requisite impetus for e-governance. E-governance after all of this saw a great development along with the shoot up in technology. Today, there is a great number of e-Governance initiatives that are successful both at the Union and State levels. In the year 2006, the National e-Governance Plan (NeGP) got into formulation by the Department of Electronics and Information Technology and also Department of Administrative Reforms and Public Grievances that had the major objective of making all government services reachable to every common man, that will ensure efficiency, transparency and the trustability of all these services at an affordable cost for realizing the most basic requirements of the layman. The NeGP has been successfully able to enable some of the e-commerce initiatives such as: Digital India UMANG Digital locker PayGov Computerization of records of land

When I got my summer internship in January’2021, I was hoping that the Covid-19 situation in India would subside, and I would get to go to Gurgaon and experience an in-office summer internship, since the first year of my MBA was unfortunately in online mode. But these are scary times, and now I am glad to be working safely from my home in Indore. The work keeps me busy and helps me cope better in these chaotic times. Before joining, I was excited but anxious because Com Olho being an Artificial Intelligence-based B2B company, was a completely new domain for me. However, after learning about the business of Ad fraud detection and engaging in regular conversations with the founders, I realised that Ad fraud detection, though very complex, isn’t very hard to understand plus it is more relevant than ever in the digitally driven times we’re living in. The work environment is friendly and nurturing, there’s freedom to share, ask questions & give suggestions. At Com Olho I'm made to feel more like an employee and less like an intern, because of the responsibilities I have been given and how my contributions are taken equally seriously. Apart from Marketing which is my role, I am also learning about the journey and growth of a young startup in India, which I believe is invaluable. I am also observing the importance of empathy and sensitivity, being practiced as core values at Com Olho, as India faces the worst crisis of the century. I am grateful for the learnings, and there is more to come. As a student of the PGDM batch of IMT Ghaziabad 2020-22, I want to say that we might have missed a year of “campus life” but that makes us a unique and resilient batch.

Com Olho which in 2020 became the first company in India to be granted a patent for non-rule based mobile ad fraud detection and prevention has created a single bullet solution for fighting the menace of affiliate fraud and content piracy. While working with top advertisers in India, the team realised the need for tech based digital governance to fight affiliate fraud. In India today, a lot of vendors are deploying rule based methodologies to fight the menace of affiliate fraud i.e VPN detection, disposable email and phone numbers detection, fake data fills and device farms detection. This methodology of detecting affiliate fraud is old school and leads to more affiliate fraud than it was at the first place. Addressing these problems, Com Olho has come up with proprietary system that leverages military grade encryption and serves it using real time API which has been a core research focus of the company over last few quarters. The company has beta-tested the product already and looking to bring this to market by end of this year. Affiliate fraud is not only impacting advertisers, but is also impacting consumers by stealing away sensitive data information. Over the last fews weeks of testing the technology, Com Olho has been able to detect tag-based affiliate fraud impacting leading e-commerce companies, financial institutions etc and government ministries. We have also seen a large amount of pirated content in circulation stolen from all the famous OTT players in India. Radhe, a movie recently released digitally under SKF banner has been compromised because of this menace, which has led to huge losses to the content makers. Using trademarked brand names, the fraudsters are aiming to spread mis-information, fake news and also earn advertising dollars through affiliates and google display network. Founder & CTO at Com Olho, Abhinav Bangia says, even with anti-ad fraud vendors in India, the problem remains unchecked for a simple reason, ineffective non-tech solutions. Instead of delivering tech-enabled solutions, vendors are focusing on creating blacklists and involving huge human bias for detection of ad fraud and content piracy. We are in final stages of filling the patent, and hopefully would address this unchecked problem plaguing our advertisers and content markers budgets and reputation.

The Global Pandemic due to Covid-19 around the world has set up a new level of e-commerce world for us and everything has shifted to “Digital” now. The transactions are digital to the maximum extent. Watching this dependence of the whole community over internet has also led to an extreme spike in internet frauds. One such type of fraud is called Synthetic Identity Fraud which we are going to discuss about in this topic today. For getting their hands over Synthetic Identity frauds, the fraudsters use a fusion of made up and real information of people which may include email addresses, social security numbers, their physical addresses and so on. They use this information with their made-up data for applying to loans, credit cards or to buy goods from any e-commerce website. What is a Synthetic Fraud? Unlike the bank frauds where a fraudster theft your real information so as to get financial benefits with fraudulent means, the Synthetic fraudsters not only steals your information, but also make up some fake or imaginary customer identities of people by merging their made-up data and the real data together. And, they do this for deceiving financial institutions and businesses. How does Synthetic Fraud work? As we know now, such type of frauds is performed by combining a number of fictional elements or by merging multiple identity elements of real people. For example, a combination of Social Security Number (stolen) with some real address that is generally a P.O. Box. Fraudsters steal the Social Security Number of either a child or of an elderly individual because these numbers are not taken in use as actively as other details. After this, that scammer will make their credit profile better by making small purchases over months or years. This improved credit score will now help them to make large purchases at a time. And then, they stop applying for credit or loans using this identity. Impact on the Merchants With the increasing number of such Synthetic Identity frauds, merchants get affected of course. And, all this can impact them in the following three ways: First of all, the merchants who offer credit accounts can get under a huge loss directly. Secondly, the sellers who sell high ticket products by working with third party can be obligated for such frauds depending on their agreement. Thirdly, such frauds increase the overall costing of business for anyone. And lastly, as such fraudsters steal some extent of the data for real information of individuals, so merchants or retailers should always ensure that the data of their system does not get breached. Thus, no one should disclose any kind of information about their customer to anyone asking for it or they should not let anyone sneak into their system anyhow. Combating the risk of Synthetic Identity Frauds With the continuously enhancing numbers of synthetic frauds in every type of e-commerce industry, businesses should always know that if the customers of their e-commerce business are exactly the person who they claim to be online. This becomes more important when someone is purchasing a quite large good from an e-commerce website. Howsoever, identity verification of anyone making a purchase is extremely crucial to know whether they are real person or are just claiming to be a real person. E-commerce sector should also go for Digital Verification Technology so as to know one’s authenticity as it can significantly help a business in identifying synthetic frauds. Locations, devices or individual behavioural patterns are very difficult to imitate. Hence, the key of interpreting such synthetic frauds lies in the ability to detect the digital footprints of a user and comparing these to known individuals with normal behaviours. Another protective layer for protecting the companies from frauds should include the process of sending a temporary password only on their verified mobile numbers which should be confirmed prior making a purchase. If not for every purchase, such processes should be included for risky or huge purchases or transactions. Effective models for detection of synthetic frauds include the specific analyzation of customer behaviours which can be done by uncovering the peculiarities and the questionable motif while opening accounts, or trading in all the e-commerce industries. Such suave and advanced technology is able to do the following: Detection of synthetic identities just while their origination, that is, before any lending decision. Removal of such synthetic identities from pre-qualification or prescreen programs. To decreases the amount of waste efforts regarding back-office collections, such technology can monitor the already registered accounts to disassociate the synthetic identities which already exist in your portfolio. Mollifying the effects of Synthetic identity frauds over populations which may include recent immigrants, new to credit customers or the people who have damaged credit. Tips and Learnings E-commerce frauds puts any online business into high risks which should be mollified by using and implementing an advanced system for identifying such identity frauds. Every business should find time and analyse the areas in which such identity frauds most likely occur and how they occur. Retailers should go through a detailed analyzation and testing of all the relevant transactions and also, they should monitor the controls well. A constant and timely monitoring schedule can improve a company’s hold on their customer’s authenticity and thus will decrease the frauds. This way they can immediately notice as well as fix the rules which are broken. Therefore, it is recommended that all the employees of a company should “dog-food” the system which will ultimately facilitate a better customer experience. As we already know how Covid-19 made such frauds relentless. However, the alternative approaches and changing schemes has complicated the detection of fraud even more. Considering any of the factor of this worldwide pandemic, which may include regulatory requirements, economic conditions, and IT source constraints; it becomes difficult to keep up. So, understanding all about the Synthetic Identity Fraud, you can reduce the risk by implying some prominent tactics discussed.

I had a few notions about Com Olho when I joined the startup understanding that it is a new enterprise with a small team but ever since I joined, I have no regrets. It has been a steep learning curve. Working here has been a voyage of self-discovery – a unique experience. A small team, extremely hard working people, flexible timings, multi-tasking and a vibrant work culture are some of the things that define this place. The best part here is they have a flatter, more open organisational structure, where every person is at the forefront of the business with every act of his/her making a difference to the company’s fortunes. I work as a Marketing Associate here. Before joining Com Olho, I hadn’t had any experience in marketing. I used to work as an Accounts Manager. The amount of faith put on me is unmatched. I have a large creative space – with no restrictions. I can literally come up with anything that makes sense and aligns with the business ideas. They offer an environment where every employee’s voice is heard and matters. I feel a sense of freedom and ownership working here. As if I don’t belong to Com Olho but Com Olho belongs to me. It’s something deeply personal and I will feel a special connection. And that’s what being in a start-up boils down to — more opportunity for ownership, for responsibility, and for growth. I believe there is a lot of scope within Com Olho to experiment. I am happy to be a part of a team that has a new product and the experience is teaching me to be independent, flexible, resilient and make the most out of the available resources. It is a new entity and the self-learning skills I have developed will always be valuable over the course of my career. Also the team has been really considerate in tough times like this. Ensuring colleagues' well-being and safety are their priorities. Our founder, Abhinav Bangia always says – ‘Stop watching too much Digital’ and this is something which brings a bit of sanity and comfort. A determined creator and marketer, I have a passion for crafting meaningful content. I’m always on the lookout for the next good story, idea or digital trend – meanwhile my very own story remains a perpetual work in progress. Connect with me on LinkedIn : Link

Pandemic: A new opportunity for fraudsters In the past year, the pandemic has massively changed the ways we work, bank, and shop through digitalisation. But with increasing shifts towards digitalisation during the pandemic, it has created new opportunities for the fraudsters to get sensitive and private information of users. Fraudsters are rapidly evolving and expanding their attacks, taking advantage of the panic and confusion generated by COVID-19's chaotic social and economic situation. People all over the world are becoming more reliant on the internet, which is opening up new doors for many fraudsters as companies and individuals are not keeping their cyber defences up to date. According to estimates, phishing is the most popular attack tool, accounting for 43 percent of all attacks carried out by fraudsters in the last quarter. Brand bullying accounted for 35% of their assaults, up 13% from the previous quarter. Based on these two forms of threats, it's obvious that scammers are constantly looking for new ways to infiltrate our professional and personal lives by sending carefully designed messages that seem to be from trusted brands or manipulate pandemic-themed events and needs. Types of cyber frauds: According to a report by INTERPOL, some of the key assessment of the cybercrime landscape in relation to the COVID-19 pandemic include: Disruptive Malware (Ransomware and DDoS) - Because of the opportunity for high impact and financial gain, cybercriminals are constantly using malicious malware against sensitive infrastructure and healthcare organizations. Multiple threat organizations that had been largely inactive for a few months, launched a wave of ransomware attacks in the first two weeks of April 2020. According to law enforcement investigations, the majority of criminals measured the maximum amount of ransom they could seek from targeted organizations. Misinformation - Misinformation and false news are circulating at an alarming rate among the general population. Unverified intelligence, a lack of understanding of risks, and conspiracy theories have both led to community fear and, in some situations, aided the execution of cyberattacks. Malicious Domains - Cybercriminals have been acquiring domain names containing keywords such as "coronavirus" or "COVID" to take advantage of the increased demand for medical supplies and information on COVID-19. These phony websites are used to support a wide range of malicious operations, such as C2 servers, malware distribution, and phishing. Between February and March 2020, there was a 569 percent increase in malicious registrations, such as ransomware and phishing, and a 788 percent increase in high-risk registrations. and reported to INTERPOL by a private sector partner. Data Harvesting Malware - Cybercriminals are increasingly using data mining malware such as Remote Access Trojan, knowledge stealers, ransomware, and banking Trojans. Cybercriminals penetrate systems using COVID-19-related knowledge as bait to access networks, steal data, redirect resources, and create botnets. Phishing and Online Scams: The regular web scams and phishing schemes have been modified by malicious attackers. Cybercriminals leverage COVID-19-themed phishing emails to entice victims into providing sensitive information and uploading harmful material by spoofing government and health officials. What do stats say: Statistics say that there has been a massive increase in cyber frauds in the last year. Let’s look at some of those:- According to the FBI, the number of cyberattack reports received by their Cyber Division has increased to as much as 4,000 a day. That's a 400% rise from what they were doing before the coronavirus. The annual report of the FBI's Internet Crime Complaint Center is already posted. The 2020 Internet Crime Study contains data from 791,790 alleged internet crime cases, a rise of more than 300,000 complaints from the previous year, and estimated damages of more than $4.2 billion. Phishing scams, non-payment/non-delivery scams, and extortion were the top three crimes reported by victims in 2020. Business email compromise scams, romance and confidence schemes, and investment fraud all cost victims the most money. In particular, scams based on the COVID-19 pandemic emerged in 2020. Over 28,500 complaints were filed with the IC3(Internet Crime Complaint Center) regarding COVID-19, with fraudsters targeting both businesses and individuals. Although attackers often used tried-and-true techniques like phishing and identity compromise to unleash their attacks, the total number of attacks was truly staggering, catching many people off guard, ignorant, and unprepared. In March 2020, TechRepublic recorded a 667 percent surge in spear-phishing attacks, and the FBI registered a 400 percent spike in cyber attacks by April. How to protect yourself from cyber crimes during the pandemic Be cautious while installing apps:- If you need to work from home during this period, you will find that you are missing some of the applications you use to complete your tasks. However, installing this app on your own will put you and your company at risk. Forcing users to download malware with fake software download files is a common criminal tactic. Instead, reach out to your IT department for assistance, since they may have a list of suggested download locations or ways to provide you with secure access. Any unusual email should be viewed with a fair amount of skepticism:- When you receive emails from companies you know, you will feel more comfortable opening them. However, it's important to note that cybercriminals use models from reputable outlets to trick users into clicking links to malware-delivering websites, which are intended to entice you to make a purchase or disclose login information. Protect your passwords:- When it comes to cyber-security, the value of a strong password cannot be overstated. Although using something with a capital letter, a number, and a special character is a nice way to start, it isn't enough. While it is easy to recall a single password for all, cybercriminals may take advantage of this convenience. Note- If you are fooled by a spam email that directs you to a website that asks you to create an account with your email address and password, never do that. This is a simple way of accessing your personal information. Keep your gadgets secure:- If you're using your own computer or one provided by your boss, make sure to use caution to keep it secure both physically and digitally. To guard against viruses and ransomware, make sure you have an active antivirus installed. To protect your internet behavior, use a protected Internet connection and store work laptops and phones securely while not in use.

The coming together of three big factors—the pandemic, growing privacy concerns among users and governments, and changes initiated by Big Tech giants—will change the way the marketing and advertising industry functions in the coming decade. The covid pandemic has accelerated the adoption of digital technologies and this sudden change promises to disrupt marketing as a lever of business as we know it today. Given the direct impact this has on revenues and revenue growth, this issue warrants the attention of business leaders. Consumer concerns on privacy have grown over the years. The rampant use of user data for behaviour manipulation, including for elections, has raised hackles worldwide among businesses, governments and people at large. Consumers are getting increasingly conscious of how their data is being used. A recent update of WhatsApp’s privacy policy, allowing the service to share user data with its parent Facebook, created a furore. Together, these issues have led governments to enact privacy laws across the world. These laws have mandated businesses to collect data in a manner that is compliant with norms, and which protects the right to privacy of consumers. In India, the Personal Data Protection Bill (PDPB) is in its final stages of passage through Parliament. While laws related to information technology have been in existence since the early 2000s, these were focused on cybercrime and activity such as hacking, spam and offensive personal messaging. Privacy laws such as the EU’s General Data Protection Regulation (GDPR), and India’s PDPB have changed two things: 1) they acknowledge that devices such as smartphones are an intrinsic part of a person’s identity, and hence, any information that can be used to profile an individual comes under the ambit of laws; and 2) these laws articulate what is consent—that it should be free, informed, specific, clear, and capable of being withdrawn. This evolving landscape around privacy is what has forced tech giants Google and Apple to toughen their stance on privacy. Last year, Google had announced the blocking of third-party cookies effective January 2022. As we approach this deadline, Google has signalled that it shall not allow any form of alternative identifiers across its suite of products. Apple had taken an aggressive privacy-first stance even earlier, and upped the ante on trust. With the release of iOS 14, it has mandated privacy ‘nutrition labelling’ on its App Store and mandated consumer consent for tracking purposes. These Big Tech companies are also increasingly subject to more regulation by governments, given their ability to create monopolistic or oligopolistic markets and control the playing field. The recent Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules in India and the landmark News Media Bargaining Code in Australia are a few examples of anti-trust laws that are coming up across the world. The faster adoption of digital media driven by the pandemic means that business processes need to be digitized and delivered seamlessly as customer experiences across the internet. The onus of delivering these experiences calls for collaboration among experts of marketing, technology, design, cybersecurity and law. The emergence of privacy laws requires businesses to collect and use data in ways that are both ethical and compliant. So, while designing and delivering customer experiences, business leaders need to be on top of data protection and consent management, even as they ensure that processes are set up for ethical and sensitive use of data. A data breach has multiple costs and entails various risks, including financial risk, legal risk, compliance risk and the biggest of all, reputational risk. Privacy is being weaponized and any laxity on behalf of a business could have serious consequences. Any inadvertent data breach results in loss of reputation and the possibility of legal action. On the positive side, the evolving privacy landscape presents brands and advertisers an opportunity to educate and strengthen their relationship with customers and get to know them better. Businesses will need to invest in harnessing their own customers data across platforms, as every company now needs to behave like a tech company. Consequently, customer relationship management (CRM) modules will go mainstream and be fully integrated into marketing efforts.. Harvesting market research and aggregated anonymized data is also critical to enriching this first-party data. These strategies will help businesses bridge the gap between consumer insights and marketing implementation, which will soon be constrained by the death of third-party cookies. The end of browser-based third-party cookies also means that campaign planning, targeting, optimization and measurement are affected. The move signifies the death of re-targeting and lookalike marketing as practised today. Cost-per- impression-based buying will transition to cost-per-click/engagement-based buying. Walled gardens such as Google will only provide attribution within their publishing domain. Businesses need to evolve mechanisms to measure their marketing campaigns to be able to determine omni-channel effectiveness. With less than eight months left for the purge of third-party cookies and a rapidly evolving regulatory framework, businesses need to be ready to implement privacy-by-design in their marketing efforts. A sharp focus on first-party data and on contextual advertising is imminent. Time is running out and many businesses have yet to wake up to this reality. Co-Authored by Lloyd Mathias, Co-Founder & Angel Invester at Com Olho As published on Livemint