April 2025

• NCMEC's CSAM Briefing
• Ad Leaders Respond to Adalytics Bot Report
• On the Road
• Where in the World is TAG
• One More Thing

NCMEC Conducts CSAM Briefing for TAG Threat Exchange

Earlier this month, Hannah Wilk from the National Center for Missing and Exploited Children (NCMEC) conducted a briefing for the companies within the TAG's Malvertising Threat Exchange (MTX) on NCMEC's mission to ensure those organizations are well-prepared to combat Child Sexual Abuse Material (CSAM) in the digital advertising ecosystem. During the briefing, Wilkes discussed the importance of ongoing collaboration with industry groups like TAG and shared best practices for the reporting of CSAM materials, if discovered.

NCMEC works with families, victims, private industry, law enforcement, and the public to assist with preventing child abductions, recovering missing children, and providing services to deter and combat child sexual exploitation. NCMEC’s CyberTipline is the nation's centralized reporting system for suspected CSAM and other reports of child sexual exploitation online. 

Since 2017, TAG has held the US Department of Homeland Security designation as the digital advertising industry’s first and only Information Sharing and Analysis Organization (ISAO). TAG’s AdSec Threat Exchange includes intel-sharing operations focused on malvertising and piracy threats and brings together leading adtech companies with the capabilities to both share threat intelligence and employ intelligence to shut down criminal threats.  Members of the MTX may come across CSAM content in ads, via ads redirecting to such content, or through the course of their malvertising research in their monitoring and threat-sharing efforts.

Among other topics, the briefing covered new requirements from the REPORT Act that was passed and signed last year, including statutory changes requiring Electronic Service Providers (ESP) to retain data from CyberTipline reports for a full year and expanded reporting requirements for providers.

According to Wilk, the CyberTipline currently receives more than 800 reports per week, and NCMEC is seeing an increasing volume and complexity of reports, as well as different platforms and technologies being used. One disturbing trend seen by NCMEC has been an increase in the use of such technologies, including Artificial Intelligence, to create content for the purposes of financial and other extortion.

What should TAG members do if they discover or suspect CSAM?

If a TAG member discovers or receives a report of CSAM, such content should be reported immediately and directly to NCMEC via its ESP portal. Companies must register with NCMEC in order to make such reports and can do so any time by visiting https://esp.ncmec.org/registration. 

Such reports should not be referred to TAG, as NCMEC is the legally-authorized entity responsible for investigating and acting on such information. NCMEC has also released guidelines on how to spot CSAM indicators. If TAG members have any questions or issues regarding that process, they can reach out to Wilk or NCMEC directly at hiwilk@ncmec.org or espteam@ncmec.org.

Further resources on CSAM and NCMEC:

• Trends in Financial Sextortion: An investigation of sextortion reports in NCMEC CyberTipline data: A NCMEC Report in partnership with Thorn
• CyberTipline 2023 data

No Escape Room: An interactive movie that helps kids and their parents understand the process from a first perspective, so they can be alert to it.

Ad Industry Leaders Respond to Adalytics’ Claims in Recent Bot Report 

In March, a small digital advertising consultancy called Adalytics made some broad allegations that major anti-fraud vendors failed to prevent ads from major brands from being served to non-human bots. 

In response, the Media Rating Council (MRC), one of the industry’s most prominent and respected self-regulatory bodies, took the unusual step of releasing a detailed 10-page response challenging Adalytics’ allegations in April.

Excerpts from a MediaPost article on that response follow:

Media Rating Council (MRC) this morning released a rebuttal asserting the researcher that conducted the study -- Adalytics -- failed to understand the actual business dynamics the ad industry uses to filter such “invalid traffic,” implying that industry systems failed and advertisers were paying for fraudulent traffic.

The problem, the MRC says, is that Adalytics' analysis focused entirely on so-called “pre-bid” detection and filtration, but the industry standard actually utilizes a “back-end” process that filters invalid traffic after ads are served -- meaning that advertisers do not pay for the non-human traffic after the fact. …

[The Adalytics report] was looking at the wrong thing and reveals that the fledgling digital advertising analytics “watchdog” is naive about how the ad industry’s business processes actually work. …

But the MRC points out that there is another important reason why its standards currently do not advocate -- and actually discourage -- pre-bid filtration of ads served to non-human traffic in the first place: Because it can give bad actors data signals they could use to reverse-engineer and thwart the actual filtration process.

“We don’t do this lightly,” MRC Executive Director and CEO George Ivie explained to MediaPost, noting: “Adalytics has issued many reports and we’ve never issued a statement. We’re issuing a statement here, because we think there are some implications that Adalytics has drawn that are incomplete or inaccurate and they cross with our standards and the application of our standards, so we felt like we needed to correct the record.”

“Adalytics never showed us their blog post in advance. They never spoke to us about that blog post and never even tried to correct or verify any facts that they were putting forward before they published their blog."

In addition, TAG member DoubleVerify also responded to the report in its own analysis and reached similar conclusions. An excerpt from a Campaign article on that response follows:

DV argues that Adalytics wrongly claimed that advertisers are billed for GIVT impressions and pre-bid verification doesn’t work. The company said it follows Media Rating Council (MRC) and Trustworthy Accountability Group (TAG) standards to filter GIVT post bid and remove SIVT pre-bid.  

As part of its response, DV’s Fraud Lab reviewed every cited impression in Adalytics’ report and validated that all eligible GIVT impressions were correctly flagged. 

Additionally, over 90% of examples [cited by Adalytics] relied on traffic from URLScan, which is a bot that doesn’t declare itself. Adalytics reportedly miscategorised that as a declared bot, despite the URLScan CEO confirming it is not. 

Adalytics also conflated GIVT with sophisticated invalid traffic (SIVT), according to DV, which misrepresented detection capabilities. 

DV also said that its post-bid systems ensure advertisers aren’t charged for invalid traffic, even when pre-bid filtering isn’t in place. It also confirmed 100% detection post-bid for all known bots and data centres cited in the report.  …

Shailin Dhar, an industry expert who was cited multiple times by Adalytics, also publicly criticised the company’s methodology and called for retractions, DV reported. He said: “[Adalytics doesn’t] really understand ‘how’ ad fraud is committed or activated by motivated parties.”

DoubleVerify said in the report, “As we’ve stated before, and evidenced in this case, these appear to be manipulated findings. Results are selectively showcased that support a premise while excluding counterexamples that would undermine it.”

Talking AI-Generated Content at Beeler.Tech

TAG's Todd Miller will be on the mic at Navigator to talk about how we all still need human-created content in a sea of AI-generated content in the 2:20PM session "Proving You’re Human May Mean Everything".

Dude, Where’s my ROAS? Team TAG Talks Finance at ANA’s AFM Conference  

Team TAG had an eye-opening, network-expanding, AB FAB time at the ANA’s Advertising Financial Management Conference connecting with brands to ensure they are getting the most out of the global 500+ member TAG Community's work to...

• Keep ad fraud below 1% when they buy through TAG Certified Channels
• Shut down criminal activity collaborating in TAG's AdSec Threat Exchange
• Ensure TAG Certifications to stay on the cutting edge of brand safety
• Provide radical transparency into where ad spend is flowing - and realize 22%+ in efficiency in future spend.

Is It POSSIBLE? Team TAG Takes to Miami to Connect with Members

Team TAG decamped to warmer climates this week to connect with members and learn about the issues and trends facing the industry at the POSSIBLE conference.

Team TAG are always looking to connect with the TAG Community wherever they are! 

In the coming months, you can find us at:

		Beeler.tech's Navigator (6th May) New York City, NY US
		IACC Annual Conference (14th - 15th May) San Diego, CA US
		International Trademark Association Annual Meeting (17th - 21st May) San Diego, CA US
		TAG's NYC Happy Hour (4th June) NYC, NY US
		EUIPO International IP Summit (12th - 13th June) Athens Greece
		Cannes Lions (16th - 20th June) Cannes France

If you're going to be there and want to connect with us over a beverage, then reach out to us below!

Keep Up-To-Date With The Working Group Brief

TAG's working groups are a crucial source point of conversation and collaboration for digital advertising. Make sure you stay up to date with the latest progress and developments with the Workin Group Brief. 

Read the latest Working Group Brief 👉 tagtoday.net/working-groups

Leverage TAG Research into Your Everyday!

From APAC Fraud Snapshot reports, to UK Brand Safety Consumer reports, to Best Practices whitepapers, TAG's research is here to support our member's day-to-day compliance as well as strategic planning. 

Visit our Data and Insight page 👉 tagtoday.net/insights

Let's Make Some Noise Together 🤝

We love it when TAG members highlight our work together to fight digital ad crime and improve transparency. Please send any TAG-related press releases, blogs, or other announcements to Andrew Weinstein at andrewwstn@gmail.com for review before release.