How Digital Media Buys Work
There are two primary ways to purchase digital advertising. Some
banks engage in manual media buys, which involves purchasing ad
space directly from the publisher or website. For example, if a bank
wanted to run banner ads on the website of its local newspaper,
the bank would probably purchase that ad space directly from the
news site. When making manual media purchases, banks have full
control over the site selected, the time of day the ad is shown, and
the platform where the ad is delivered (online, mobile, or tablet).
With this type of digital advertising the bank can consider the
coverage and reputation of the third party.
Conversely, programmatic media buying uses technology to
select sites, timing, and location of media buys. Digital publishers
send a list of their advertising inventory to an advertising network.
The advertising network aggregates publisher inventory and makes
the broad pool of inventory available to advertisers. Advertisers then
buy from the broad pool, making it more efficient than negotiating
buys directly from individual sites or publishers. Advertisers have
the ability to set criteria around how advertising space is selected.
For example, advertisers can specifically include or exclude certain websites or site categories (otherwise known as white-listing
and black-listing sites or site categories). Advertisers can also put
parameters around the time of day ad space is selected.
Programmatic media buying is generally considered higher
risk than manual media buying because the bank will not know
which websites will be used for advertising until the ads have
already run. Lack of knowledge around ad placement can increase
reputational risk from being associated with sites that may not align
with the bank’s values (political, adult entertainment, extremist
social views, etc.). Banks can potentially reduce reputational risk
by using a “blacklist” to prohibit their ads from being shown on
certain sites or site categories and banks can use a “whitelist” to
intentionally include their ads on certain sites or site categories.
When selecting sites programmatically, compliance risk increases as chosen sites could be considered a close proxy for a
prohibited basis. For example, the bank’s automated media buy
may include websites geared toward people of certain genders,
ages, marital status, or even race. Banks who use programmatic
media buying should require advertising agencies to provide
detailed reporting after the campaign completion around where
ads were placed and where ad clicks were sourced. Of course, the
campaign data must be analyzed to determine whether or not
compliance-related risks have emerged that need to be addressed.
Targeted marketing goes hand-in-hand with programmatic media
buying. Targeted marketing applies additional filters to the ad
network to allow advertisers to reach very specific audience segments. Before covering specific targeting tactics, let’s review how
online and offline consumer data influence the marketing process.
Digital marketing relies on data aggregators who use online and
offline data to build individual marketing profiles. Data is collected from a wide variety of websites, mobile applications and
offline interactions with businesses who share consumer data. The
data is matched to individual users and turned into a “cookie” or
“mobile identifier”. Advertising platforms then use the cookie or
mobile identifier from the data aggregator to conduct targeted
marketing. A cookie is a small piece of data sent from a website
(in this case an advertiser) and stored on the user’s computer by
the user’s web browser, while the user is browsing. Cookies were
designed to be a reliable mechanism for websites to remember
information or to record the user’s browsing activity. Mobile Device
Identifiers, or Mobile Device IDs are a unique identifier which
can be used to identify a mobile device. They can usually only be
accessed via an app and not from the mobile web. Advertisers use
these identifiers to determine if they have already served an ad
to a specific user and retarget or cap the ads shown to that user.
Here’s an illustration: A data aggregator purchases information
about Kevin. The data purchased includes:
■ ■ ■ Profile information from a hotel mobile application showing
Kevin travels primarily for business.
■ ■ ■ Site visits showing Kevin has logged into his account at Entrepreneur.com.
■ ■ ■ Data from Mastercard showing Kevin has a small business
Data is linked specifically to Kevin by matching his email logins
While marketing managers are eager to
pursue digital strategies, it is important for
compliance professionals to understand
the mechanics around digital marketing
and how these digital techniques may
introduce new risks to the organization.