Click fraud is all over the news these days. You know the little ads that show up on the right side of search results in Yahoo and Google? Companies pay Yahoo for clicks on those ads. It's called Pay-Per-Click. (See?)
The old story was that people hired companies in India to have armies of people click on competitors' keywords and drive them out of business or at least make them waste tons of money. Yahoo claims to have fixed this with a series of security improvements, such as tracking the IP addresses and click patterns on the ads.
But sometimes companies want to bid on words that people don't search for all that often. Yahoo can't show the ads often enough to get the company as many clicks as it wants. So Yahoo contracts with other websites to host ads there and share revenue with the partner site.
Yahoo -- $.40 per click from Company
Official Partner Site -- $.15 per click from Yahoo
As long as Yahoo is careful about which companies it partners with, all is well. But it turns out, Yahoo has not been careful enough in choosing partners. Some of their partners are setting up unauthorized, third-tier ad serving relationships. People who Yahoo would never approve contract with Official Partners and set up an arrangement where they get the ads from the Official Partner and send clicks back to that Official Partner. The Official Partner sets up unique tracking code on those ads, so it can credit the Unauthorized Site. Then the Official Partner reencodes the link and simulates clicking on its own ad.
Yahoo -- $.40 from Company
Official Partner -- $.15 from Yahoo
Unauthorized Partner -- $.05 from Official Partner
And the coup de grace: the unofficial partner could be using adware, generating popups or even entirely artificial clicks. The Official Partner has no incentive to monitor the validity of the clicks. And Yahoo can't trace the clicks back all the way through to the Unauthorized Partner.
This is what I call "click laundering."
Some researchers have stumbled across instances of adware that used Yahoo-generated ads. This highlights the problem, but it does not suggest a wholesale way to fix it, or even detect all of it.
A properly managed PPC program will be profitable, no matter the extent of invalid clicks, because it is an auction-based system and people can just lower their bids. Unlike the old, targetted attack rumored to be conducted by Indian (or other countries) firms, this type of fraud is broad and affects all the companies bidding in a given keyword space.
So it that the answer? Until Yahoo starts a much more thorough vetting of their programs, or develops a novel use of reverse-proxies, or finds a way to actually enforce serious penalties for violators... Yes.
This is just one more reason you should have professionals (in-house or outsourced, whatever) running your PPC program.