VelisAds Network

Anti-Fraud and Invalid Traffic Policy

Effective date: February 27, 2026 | Version: 2026.03-global

This policy defines how VelisAds detects, blocks, investigates, and remediates invalid traffic, impression inflation, click fraud, and payment abuse across advertiser and publisher workflows.

All ad-serving participants must comply with this policy as a condition of platform access.

Scope

  1. Applies to impression requests, click redirects, campaign billing, and payout eligibility.
  2. Applies to web, app, API, script-based, and embedded ad delivery channels.
  3. Applies to human traffic quality, automation controls, and anomaly monitoring.
  4. Applies to advertiser, publisher, agency, and API-integrated partner accounts.

Required Controls

Traffic Validation

  • Ad requests are screened for bot signatures, automation indicators, and suspicious header patterns.
  • Rate limits are enforced by IP, ad unit, campaign, and click frequency windows.
  • Known bad IP ranges and abuse sources are denied with fail-closed controls where configured.
  • Risky request contexts may return no-ad responses without exposing fraud logic.

Billing Integrity

  • Billing events are tied to accepted impression records and campaign budget constraints.
  • Campaign spend cannot exceed approved budget limits.
  • Suspicious clicks are excluded from optimization and trust scoring.
  • Settlement and payout decisions may exclude traffic under active investigation.

Monitoring and Escalation

  • Alerts monitor spikes in CTR, request volume, IP reuse, and impossible interaction patterns.
  • High-severity events are escalated to risk, security, and payments owners.
  • Investigations must produce auditable case notes, timeline, and final disposition.
  • Confirmed abuse triggers account restrictions and policy enforcement actions.

Prohibited Behavior

  1. Generating impressions or clicks using bots, scripts, emulators, or hidden iframes.
  2. Click farms, incentivized fraud, traffic laundering, or source obfuscation.
  3. Automated browser frameworks configured to mimic user engagement.
  4. Repeated self-clicking or coordinated click abuse from controlled devices.
  5. Any attempt to bypass traffic quality, budget, or anti-fraud enforcement controls.

Enforcement Actions

  1. Invalid traffic may be filtered from reports, billing, or payout calculations.
  2. Campaign delivery can be paused automatically when risk exceeds thresholds.
  3. Balances may be held while fraud review is in progress.
  4. Accounts can be limited, suspended, or permanently terminated for confirmed abuse.
  5. Severe cases may be escalated to legal and regulatory authorities when required.

Global References

  1. IAB Invalid Traffic Detection and Filtration Guidelines
  2. Media Rating Council (MRC)
  3. NIST Cybersecurity Framework
  4. OWASP Security Guidance

Operational Interpretation and Regional Mapping

These requirements should be interpreted as global baseline controls for a live ad operations platform. Teams must map each requirement to local legal obligations, contractual duties, and traffic-source constraints before enabling production delivery at scale.

When regional regulations impose stricter standards, the stricter standard applies. Where legal ambiguity exists, operations should default to least-risk handling and documented escalation to legal or compliance owners.

Policy-to-Workflow Mapping

  • Map each policy control to one concrete workflow checkpoint.
  • Define accountable owner, review cadence, and evidence source.
  • Link policy failures to clear remediation and rollback actions.
  • Track policy exceptions with expiry and approval metadata.

Evidence and Audit Quality

  • Keep verifiable logs for approvals, enforcement, and account state changes.
  • Maintain immutable records for policy acceptance and version changes.
  • Preserve incident evidence with timestamp accuracy and actor context.
  • Support regulator and partner audits with structured evidence retrieval.

Release and Change Governance

  • Run policy impact review before major workflow or billing changes.
  • Gate high-risk releases behind compliance and security readiness checks.
  • Document rollback criteria for policy or abuse regressions.
  • Communicate material policy updates with effective-date clarity.

Extended Compliance Checklist

  1. Confirm access controls for admin, publisher, advertiser, and support roles.
  2. Verify domain ownership, sitemap coverage, and install-code integrity before launch.
  3. Validate ad creatives, landing behavior, and category eligibility rules.
  4. Ensure budget, spend, and settlement paths align with billing model selection.
  5. Run fraud and abuse controls for both ad-serving and click attribution pathways.
  6. Confirm user data handling for consent, retention, and rights-response timelines.
  7. Check payout safeguards, webhook integrity, and transaction audit visibility.
  8. Review security events, incident triage flow, and postmortem documentation quality.
  9. Ensure policy pages remain reachable, indexable, and version-consistent in sitemap.
  10. Require periodic policy refresh training for operational and support teams.

Policy FAQ for Operations Teams

How often should this policy be reviewed?

Review before each major release and at recurring governance intervals, especially when billing logic, targeting controls, or verification workflows change.

What happens if live behavior conflicts with policy text?

Live enforcement should default to safer behavior immediately, then trigger incident review and documented correction to either implementation or policy wording.

How should teams handle partner-specific requirements?

Apply partner requirements as stricter overlays where needed, while preserving baseline platform controls and maintaining auditable policy-to-process mapping.