ecause the RealVu® Platform's unique architecture, the "viewable impression" metric overcomes numerous vulnerabilities inherent in server log file impression reporting methodology. Server log impression and click methodology allows for the creation of fraud in numerous ways and is easy to implement undetectably because the "impression" resides at the beginning of the communication chain in the ad delivery and reporting process (the server log record of the request).

In contrast, RealVu®'s viewable impression methodology is based on transmissions of data from a viewer-side engine at the very end of the ad delivery process, directly to a server side reporting database confirming the event, subsequent view time and interactions with the ad. These messages are sent via a closed (encrypted) communication channel between the ad module and the reporting server. With every ad selected for delivery the RealVu® dispatcher passes to the ad a unique token in an encrypted format. This token creates a closed communication channel as it passes with every messages sent from or received by the ad module during a reporting session of an ad view (up to two minutes in view time). This assures that the tracking messages cannot be modified, broken or produced overcoming impression and click fraud methods such as mutilated http packets impression fraud. (described below)


Impression fraud may be committed by intentionally layering ads so the one on top is visible, but impressions are counted for all of the ads, including the ones underneath that are not visible. When RealVu® tags are placed overlapping each other, the first will be pushed to the top in and will load, render and may report a viewable impression. All RealVu® tags under the first are prohibited from rendering or reporting a viewable impression.

IFRAME impression fraud may be committed by intentionally placing ad tags on a page, then placing the page in a 0 x 0 pixel or 1 x 1 pixel IFRAME. Typically the ad tags will register impressions but the ads will not be visible. When a RealVu® tag is placed within an IFRAME of the same domain as the web page, content appears above the IFRAME. (see below the ad 728 x 90 px is placed inside the IFRAME 20 x 20 px.) This insures accurate viewable impression reporting regardless of the size of the IFRAME that the RealVu® tag is placed within.

This type of fraud recently became famous because of the Emily Steel article in Wall Street Journal where she explains how certain websites place ads and "...consumers who visit those sites can't see the ads because they have been placed on invisible Web pages".
If a RealVu® tag is embedded on a web-page that is set to automatically re-direct to another web-page before the ad content can load and render within the visible area of the browser window for at least one second, a viewable impression will not be reported.

1. Click Here to see "slowed down" with half a second time-out re-direct page with RealVu® tag on it. — Enough time to register impression, but not enough time to load and render an ad and have it viewed for et least one second.
2. Click Here to see re-direct in "slow motion" with few seconds time-out of the page with RealVu® tag on it. — Enough time to render an ad and start reporting view time.
   

Mutilated or Poisoned http packets Impression fraud is an attack that can be qualified as a simplified version of more general case Man-in-the-Middle(MITM) attack. It is a very effective way to create fraudulent impressions. Impression created as a result of such attack looks absolutely legitimate from reporting stand point and cannot be verified as it is one time http request with no feedback in the process. MITM attack is well described at:  http://www.owasp.org/index.php/Man-in-the-middle_attack.

The man-in-the middle attack intercepts a communication between two systems. For example, in an http transaction the target is the TCP connection between client and server. Using different techniques, the attacker splits the original TCP connection into 2 new connections, one between the client and the attacker and the other between the attacker and the server, as shown in figure 1. Once the TCP connection is intercepted, the attacker acts as a proxy, being able to read, insert and modify the data in the intercepted communication.

Man-in-the-middle technique in case when it is utilized for ad impression fraud is more simple and even doesn't have to break down original connection between a user computer and a tracking server. The attacker only intercepts http requests and stores them for a while. Due to open text nature of http protocol attacker is able to mutilate or “poison” the http request header data to make a request look like it was sent from a different machine or browser. After random time delay attacker sends the mutilated packet to the tracking server.

When “impression” measurement methodology is based on a simple log of requests sent from beacon images or Iframe SRC requests there is no way to distinguish the "original impression ” request and attackers mutilated packet clones. That makes “impression” as a measurement metrics not reliable in its nature.

The RealVu® technology and the “viewable impression” methodology itself reliably protect accuracy of the metrics from being compromised by such attacks. The RealVu® tracking architecture is based on encrypted feedback technology that creates closed channel of communications between the ad and the tracking server. If attacker modifies intercepted tracking message or repeat its request it will not affect the measurement of viewable impression but expose the attacker.