An NYU professor conducted an independent analysis of Google’s efforts to combat click fraud and found that, while Googe’s efforts are “reasonable,” pay-per-click advertising “does not offer any ‘built-in’ fundamental protection mechanisms against the click fraud since it is very hard to specify which clicks are valid vs. invalid in general” and that any particular advertiser can be “hurt badly by fraudulent attacks.”

According to the official Google blog:

As part of the settlement in the click-fraud case Lane’s Gifts v. Google, we agreed with the plaintiffs to have an independent expert examine our detection methods, policies, practices, and procedures and make a determination of whether or not we had implemented reasonable measures to protect all of our advertisers.

What’s fascinating is that the Google blog crows about the report’s findings because Google’s efforts to combat click fraud were deemed “reasonable,” which probably has positive legal ramifications for Google — but the report (available here) is at the same time a damning indictment of pay-per-click advertising.

The report’s author, Dr. Alexander Tuzhilin, a professor of information systems at NYU (my alma mater), offers two possible solutions to what he calls “the fundamental problem of invalid (fraudlent) clicks”:

• The “trust us” approach of the search engines. The search engines can assure advertisers that they are doing everything possible to protect them against the click fraud. This is not easy because of the inherent conflict of interest between the two parties: the money from invalid clicks directly contribute to the bottom lines of the search engines. Nevertheless, it may be possible for the search engines to solve this trust problem by developing lasting relationships with the advertisers. However, the discussion of how this can be done lies outside of the scope of this report.

• Third-party auditors. Independent third-party vendors, who have no financial conflicts of interest, can work with advertisers and audit their clickstream files to detect invalid clicks.

These two approaches would still constitute only a partial solution to the Fundamental Problem because there is no conceptual definition of invalid clicks that can be operationalized.

Will Google invite independent auditors under their tent? Ha! They’d sooner put pop-up ads on Google.com, so it looks like the only alternative is the “trust us” method, rife as it is with conflicts of interest.

But the real indictment of pay-per-click and Google, which Tuzhilin ties to an inability to “operationalize a conceptual definition of invalid clicks,” lies in this Catch 22:

An operational definition cannot be fully disclosed to the general public because of the concerns that unethical users will take advantage of it, which may lead to a massive click fraud. However, if it is not disclosed, advertisers cannot verify or even dispute why they have been charged for certain clicks.

That plus the following are the coup de grace:

Finally, the measures (1) – (6) above are only statistical measures providing some evidence that Google’s filters work reasonably well. This does not mean, however, that any particular advertiser cannot be hurt badly by fraudulent attacks, given the evidence that Google filters “work.” Since Google has a very large number of advertisers, one particular bad incident will be lost in the overall statistics. Good performance measures indicative that filters work well only mean that there will be “relatively few” such bad cases. Therefore, any reports published in the business press about particular advertisers being hurt by particular fraudulent attacks do not mean that the phenomenon is widespread. One simply should not generalize such incidents to other cases and draw premature conclusions – we simply do not have evidence for or against this.

Translation — while it is not likely that a significant percentage of advertisers are being harmed by click fraud, it is entirely possible that some number of advertisers are being massively harmed. The lack of evidence cuts both ways — so advertiser beware!

This report should dispel any doubt that cost-per-click needs to transition to cost-per-conversion. The real question is whether Google can leverage its scale to pull it off — or whether $6 billion+ in cost-per-click revenue will prove to be too great a liability — especially with Wall Street’s stratospheric expectations for the continued doubling of profits.