Why can't I set my own rules in Lunio?

WARNING: If you are using custom rules to detect click fraud at the moment, please take some time to very carefully analyse your data. You will be blocking legitimate customers with this method and killing your ROI!

At Lunio, we want our clients to be protected from as much click fraud & invalid activity as possible. That's why we let our automated systems do all the heavy lifting - because setting your own rules is a recipe for disaster.

Why is setting your own rules bad?

To put it simply, servers and algorithms are much more accurate at detecting patterns, trends and ultimately fraud than humans are.

If you are using your own set rules, then the following will happen:

• You are blocking legitimate traffic & customers that take more than your set click limit to convert, but would still be profitable
• You are not blocking genuine fraudulent traffic when it mimics human behaviour
• You are blocking legitimate traffic that is using VPNs, for example in a B2B environment
• You are losing potential customers & blocking legitimate users

Every click we receive from your Google Ads account undergoes a two-stage process.

• The click data is compared to internal & industry-leading blacklist databases for a past history of fraud and abuse.
• A heuristic analysis is performed to determine the probability of fraudulent activity, based on over 120 unique metrics. This works in a similar way to an anti-virus program on your PC, analysing key signatures from the data and seeing if it presents a risk

All this analysis happens faster than the blink of an eye. Our systems also continuously learn from your data, meaning we become even more accurate over time.

This means that Lunio can be much more nuanced and accurate when determining fraud.

Example 1 - VPN Users:

A user in the B2B space is using a VPN to connect to their corporate network. In your rules-based system, you have chosen to block VPN activity.

Under a rules based system:

This user is now blocked from seeing your ads, because they used a VPN. But the VPN usage was completely legitimate, and they had no data signature that indicated fraudulent activity. You have lost a genuine customer.

Under Lunio:

We have seen the user is using a VPN, but we have also seen they are in a space in which this is fairly common. Our heuristic analysis has then determined there is no threat profile here. The user is not blocked, and you gained a new customer.

Example 2 - Product Researchers:

You sell a product (let's say cars at a dealership) and have set a 3 click limit in your rules based system. The user is currently in the research phase of buying and is checking out various car models.

Under a rules based system:

This user is blocked on the third click without exception. This means your brand no longer appears during their research phase, and they won't buy a product from you. You just lost a $30,000+ car sale!

Under Lunio:

Lunio realises that research behaviour is common in your industry, and knows from analysing your past activity that your potential conversion value is very high. The system recognises that this user is just browsing, and isn't committing any fraud. They keep being able to see your ads, and they convert. You made a successful $30,000+ car sale!

Example 3 - A Fraudulent User:

A user is trying to drain your ad budgets. Your existing platform claims to have Device ID detection, but it is cookie based - so the user keeps creating a new private browsing session to clear all their cookies.

Under a rules based system:

As the device ID detection is cookie based, every time the user clears their browser (or starts a new private session) they have a new device ID. This means they can change IP and click over and over again. The fraud is not blocked, and you are losing a lot of money.

Under Lunio:

Lunio uses the Canvas Fingerprinting API for device ID detection, alongside cookie based detection. This means that when the user clears their cookies (or uses a new private session), we can instantly see that they have done so and still identify this user, whilst also knowing they're more likely to be fraudulent since they keep clearing those cookies. As soon as that user returns, even on a different IP, they are blocked from seeing your ads. The fraud is successfully blocked!