Internet advertising is booming. Industry revenue in 2004 reached a record $9.6 billion, almost 33% higher than in 2003, according to a report issued last week by the Interactive Advertising Bureau and PricewaterhouseCoopers.

But even as more and more companies buy online ads, the prospect of click fraud threatens future growth. A class-action lawsuit filed in Arkansas in February claims that search engines, including America Online, Google, and Yahoo, are billing advertisers for fraudulent clicks. The plaintiffs are online gift company Lane's Gifts & Collectibles and Caulfield Investigations, a private investigation firm.

"We're seeking to bring some certainty and integrity into the system," says attorney Joel Fineberg, whose firm is representing the plaintiffs. "We believe it is inherently unfair to charge customers for services which aren't being provided."

If the plaintiffs prevail, the rosy revenue figures search engines have been reporting may wither.

The extent of click fraud varies. Estimates range from next to nothing in certain markets to 20% of all clicks. In his Weblog, Joe Holcomb, senior VP of marketing at search engine BlowSearch.com, estimates it reaches 35%.

"It's pretty clear click fraud is something advertisers should be and are concerned about," says Jessie Stricchiola, president of Alchemist Media Inc., a search-engine marketing company that specializes in click-fraud auditing. "In the past year, as advertisers have become more tech-savvy and proactive in looking at their data, there's been a significant increase in the demand for our services."

Those services include negotiating with search engines for refunds, which Stricchiola says has increased tenfold in the past year. Did-It.com LLC, another search-engine marketing company, offers a click-fraud protection service called ClickGuard. Other companies that offer click-fraud protection include Tracking ROI Inc. and Clicklab LLC.

Click fraud comes in two major forms: competitive click fraud and network click fraud.

Competitive click fraud arises when a competitor clicks on a business' online ad, which the advertiser then has to pay for, with the intent of imposing a cost rather than obtaining information about the advertised product or service.

"That tends to be a potential problem among small business, where the competitors actually know each other and the click prices are high enough that you could actually make an impact just with yourself and a bunch of buddies or family members," explains Kevin Lee, CEO of Did-It.

"Cost-per-click advertisers who are advertising within highly competitive niche markets, in which a high per-click cost is justified by a very high return on investment, can often be the most vulnerable to click-fraud activity--both competitor and network partner click fraud," Stricchiola writes via E-mail.

She says examples of such markets include the legal industry (where in many cases a $50 click can result in a $500,000 retainer), and the medical industry.

Search experts, however, say competitive click fraud is relatively rare compared with network click fraud.

Network click fraud occurs when an ad syndication partner--a site owner hosting ads served by Google, for example, through Google's AdSense program--manufactures phony click traffic to generate a revenue-sharing payment from the syndicating search engine rather than to view the content behind the ad.

Sometimes such traffic is generated manually. Click2FreeMoney.com says, "We pay to our members for visiting our advertisers' Web sites. Our members earn for free simply visiting Web sites." The company says it pays between 0.9 cents and 4 cents to members who click on the site's ads and paid E-mail messages, though cached posts from CalcuttaWeb.com, an online forum, suggest a less-than-exemplary payment record.

But more often, traffic is generated automatically. Just as hacking toolkits have made it easier to tinker with viruses and launch denial-of-service attacks, "hitbot" software, which promises the ability to spoof multiple referring URLs--so clicks appear to come from different sources and thus don't appear to be fraudulent--is widely available online.

In its February report, the Search Engine Marketing Professional Organization noted that 70% of advertisers expressed some concern about click fraud, more than a third of those rating it a moderate or significant problem.

In its Form 10-K filing for fiscal 2004, Google cautions, "We are exposed to the risk of fraudulent clicks on our ads by persons seeking to increase the advertising fees paid to our Google Network members. We have regularly refunded revenue that our advertisers have paid to us and that was later attributed to click-through fraud, and we expect to do so in the future."

The refunds paid fail to adequately address the problem, attorney Fineberg says. "Anecdotally, from the individuals who have contacted us," he says, "the amount of refunds after much wrangling and hassle in communicating with the search engines has been miniscule in comparison with the amount of perceived overcharges."

Despite raising a red flag in its financial filings, Google denies click fraud is a significant issue. "Click fraud has not been a material issue for Google, and we are managing it well," the company said in a statement. "Google employs sophisticated technology that examines the data in a number of different ways to identify and screen invalid clicks. When appropriate, we will also work with law enforcement to prosecute fraud and take legal action ourselves against fraud."

A Yahoo spokesperson was not immediately available, but the company did offer this statement: "Click-through protection has been a top priority for Overture since we pioneered the space in 1998. We've continually refined our systems and have built up numerous layers of defense against unwanted clicks."

Yahoo says it checks every click for validity using a combination of proprietary technology and human intervention. It also says it solicits input from advertisers to identify suspect traffic and offers tools to help advertisers spot such activity.

But given that spammers are able to bypass filters, it seems safe to assume that those perpetrating click fraud are actively trying to do the same. As Did-It's Lee points out, "It's hard to tell the difference between crappy traffic and fraudulent traffic because it looks the same--it's traffic that doesn't convert."

One answer for advertisers might be to pay for actions, such as the sale of an item, rather than clicks, which may not generate revenue. A search engine called Snap.com already offers this option.

But both Lee and Stricchiola express skepticism that cost-per-action advertising will replace cost-per-click. Lee suggests that CPA advertising isn't appealing to search engines or to the publishers that host the ads served by search engines because it makes them bear the cost of underperforming or badly executed marketing.