What Antifraud Services Actually Detect (And What They Can't)
Antifraud services are essential tools in digital advertising. But the marketing around them often oversells capabilities while hiding limitations. Lets look honestly at what these services actually do - and what remains beyond their reach.
What Antifraud Services Can Detect
Known Bot Signatures
The easiest fraud to catch:
- WebDriver flags - Selenium, Puppeteer, automation tools
- Headless browser markers - PhantomJS, HeadlessChrome
- Known bot user agents - Scrapers, crawlers, monitoring tools
- Automation framework artifacts - window._phantom, callPhantom
Detection rate: Very high for known signatures. But sophisticated fraudsters avoid these obvious markers.
Datacenter and Proxy Traffic
IP-based detection catches:
- Datacenter IPs - AWS, Google Cloud, DigitalOcean ranges
- Known VPN providers - NordVPN, ExpressVPN exit nodes
- Public proxy lists - Regularly updated blacklists
- TOR exit nodes - Published and trackable
Detection rate: Good for commercial services. Residential proxies are much harder.
Behavioral Anomalies
Pattern analysis catches:
- Impossible speeds - Clicks faster than human reaction time
- No mouse movement - Real users move mice; bots often dont
- Linear patterns - Robotic, predictable behavior
- Session anomalies - No scroll, no interaction, instant bounce
Detection rate: Moderate. Sophisticated bots simulate human behavior.
Device Fingerprint Inconsistencies
Technical checks catch:
- Mismatched data - User agent says iPhone but screen size is desktop
- Impossible configurations - Hardware combinations that dont exist
- Spoofing artifacts - Signs of fingerprint manipulation
Detection rate: Good for lazy spoofing. Better tools produce consistent fingerprints.
What Antifraud Services Cannot Detect
Residential Proxy Traffic
The hardest problem in fraud detection:
- Traffic routed through real residential IPs
- Appears identical to legitimate home users
- IP reputation services have limited coverage
- New residential IPs constantly entering rotation
This is how sophisticated fraud operations evade IP-based detection entirely.
Human Click Farms
Real humans doing fake actions:
- Actual people clicking ads for payment
- Real devices, real behavior patterns
- Indistinguishable from legitimate users technically
- Only detectable through conversion quality analysis
No antifraud technology can detect a real human doing real clicks. Only post-conversion analysis reveals the fraud.
Sophisticated Bot Networks
Advanced bots that:
- Run on compromised residential devices
- Simulate realistic human behavior patterns
- Vary timing, movement, and interaction naturally
- Use real browser instances with real fingerprints
When bots use real devices with real browsers, the technical signals are legitimate.
Incentivized Traffic
Users completing actions for rewards:
- Real users, real devices, real intent to complete action
- Technically indistinguishable from organic users
- Intent is wrong, but signals are legitimate
- Only conversion quality reveals the problem
Attribution Fraud
Claiming credit for organic conversions:
- Click injection on mobile
- Cookie stuffing on web
- Last-click theft
The user and conversion are real - only the attribution is fraudulent. Requires different detection methods.
The Detection Gap
Heres the uncomfortable reality:
| Fraud Type | Detection Capability |
|---|---|
| Basic bots | 90%+ detectable |
| Datacenter traffic | 80%+ detectable |
| Commercial VPNs | 70%+ detectable |
| Behavioral anomalies | 50-70% detectable |
| Residential proxies | 20-40% detectable |
| Sophisticated bots | 10-30% detectable |
| Human click farms | <10% detectable |
Antifraud services are excellent at catching lazy fraud. Theyre limited against motivated, well-resourced attackers.
What This Means Practically
Antifraud Is Necessary But Not Sufficient
You need antifraud tools, but dont expect them to catch everything. Layer them with:
- Conversion quality monitoring
- Source-level performance analysis
- Post-conversion verification
Claims of 99% Detection Are Marketing
When a vendor claims near-perfect detection, theyre either:
- Only counting easily detectable fraud
- Not facing sophisticated attackers
- Exaggerating for sales purposes
Multiple Providers Catch More
Different services have different strengths:
- IP reputation specialists
- Behavioral analysis experts
- Device fingerprinting focus
Layering catches what individual providers miss.
Your Own Data Is Essential
No external service knows your business like you do:
- Track conversion quality by source
- Monitor downstream metrics (LTV, chargebacks)
- Build your own fraud indicators
The Honest Expectation
Good antifraud services catch 60-80% of fraud in typical traffic. Thats valuable - its the difference between losing 20% to fraud versus losing 5-8%.
But if someone promises to eliminate fraud entirely, theyre selling fantasy. The goal is reducing fraud to manageable levels, not achieving perfection that doesnt exist.
Use antifraud tools. Just understand what theyre actually doing - and plan for what they cant catch.