Google says they don't let click-fraud happen
The fact is that Google strives to detect every invalid click that passes through its system, and to prevent those clicks from ever reaching an advertiser's account. And Eric and many others at Google have discussed the problem of invalid clicks publicly many times -- on our quarterly earnings calls, at our Press Day, and in other places, such as blogs. Anyone who has followed Google knows that Eric, and others at Google, have stated several times that Google fights invalid clicks, that we've devoted significant resources to manage it, and that we take it very seriously.
I have no doubt that Google, Yahoo!, and MSN go to great lengths to detect click-fraud and deny the click pirates their plunder. But clickage is easily simulated by a variety of means and there are a fair number of people who openly claim to make money through click-fraud. I mean, there are forums out there were click-pirates exchange ideas and talk about how they create SpamAd pages (often referred to in SEO circles as MFAs -- made-for-ads) and how they have software click on the ads.
Click-fraud has been around for much longer than Google and Goto (now Yahoo!'s Internet Advertising service) have been selling pay-per-click ads. The earliest click-fraud I ever saw was conducted by people trying to hit the top 100 list on HitCounter's Web site. Those top 100 sites supposedly earned a lot more traffic from curious people who browsed the list.
Other early click pirates concentrated on boosting their banner ad revenues by generating massive numbers of fraudulent click-throughs to their banner farms. Some of them set up 2 or 3 pages that bounced visitors back and forth. Others simply wrote script that hammered the banner servers from multiple IP addresses (yes, if you control the server, this is possible).
Affiliate link farmers sometimes did this, too. Affiliate link programs usually include language in their terms of service forbidding such activity.
Click-fraud has evolved to a much more sophisticated phenomenon these days. While I am sure Google places an impressive array of resources in their battle against click pirates, they really are outnumbered and, in my opinion, they are being constantly outmaneuvered.
The old DirectHit search engine ranked Web sites on the basis of who clicked through their listings. Some people actually set up networks of servers, where the machines were in separate locations -- to mask their connectivity for traceroute requests, which ran software that simulated click-throughs on multiple listings. They selectively targeted both client listings and less relevant listings in order to bury competitor sites.
Click-fraud may still be used against Yahoo!, which tracks click-throughs in its search results. Click-tracking is not an efficient way of tracking user activity because it's so easy to create fraudulent clicks.
There have been calls for a pay-per-action advertising model, but it's not clear to me that such a model would long survive the determined efforts of click pirates to generate revenues. After all, it's relatively easy to write software that fills out forms. Link spammers have done that for years.
Pay-per-action advertising may have to incorporate captchas and other anti-spam techniques in order to be reliable -- but then, will users really want to do business with sites that migrate away from simple action selling?
Google didn't create the problem with click-fraud, but they certainly have accelerated the issue by making it easier for click pirates to steal money. It's going to take more from Google than simple assurances that they are doing something about click-fraud.