The home improvement chain also said the malware responsible for the breach has been removed from all stores.
While critics say Yahoo and other search engines don’t do enough to prevent click fraud, Yahoo gives away free clicks if there is even a hint of click fraud, the company says.
Yahoo Inc. has not charged retailers for billions of clicks that were fraudulent or suspected to be fraudulent, says John Slade Sr., director of global product management.
Although critics say Yahoo and other search engines don’t do enough to prevent click fraud, Slade says it is Yahoo’s policy to give away free clicks if there is even a hint of click fraud. “It’s very difficult, if not impossible, for any search engine to be able to make a definitive declaration as to whether a click is click fraud or not,” he says. “Sometimes our system of filters makes determinations that we think look problematic but we can’t know for sure, so we decide to give that click to an advertiser for free.”
Yahoo has three layers of protection against click fraud, including filters that look for suspicious activity, Slade says. The filters collect data on such things as the IP address of the computer generating the click, the browser used, what time the click occurred, and how long after a search it occurred.
The second layer of defense is a team of data analysts and statisticians who monitor the clickstream looking for suspicious patterns, Slade says. “If they see in that pattern analysis things that are causing problems, they’ll go in and make a recommendation and issue a credit to the advertiser for any clicks that may have gotten through the filters,” he says.
Yahoo also uses the recommendations of those analysts to refine the filters to look for those new patterns, he says.
The third layer of protection Yahoo uses to prevent click fraud is to marry data it collects with information gathered at the retailer’s site. A retailer’s web log captures information, such as how long a visitor spends at a site, that can be crucial in identifying click fraud, Slade says. For example, a visitor that clicks through to web site but leaves before a page is fully loaded could actually be a robot, he says.
“Click fraud is a serious but manageable challenge,” Slate says. “It’s very important that the entire industry-search providers, advertisers, search engine marketers, software providers-all work together.”