Criteo SA (NASDAQ: Cheap AdTech Champion or evil Online Stalker ?
The company:
Criteo is one of the few Non-US success stories in the Tech sector. Criteo was founded in France in 2005 and quickly became one of the leading “Adtech” companies in the world. Criteo successfully IPOed 2013 on the NAsdaq and quickly reached a market cap of more than 3 bn USD.
The business:
Criteo is an “Adtech” company. What it does is the following: It is primarily a tech version of the classical Advertising Agencies: Clients use Criteo to maximise the value of their online ad dollars spent which should turn into as many clicks and sales dollars as possible.
This puts Criteo to a certain extent in direct competition with Online Juggernauts Google and Facebook. However Criteo survived and prospered because it seems to do some things better than the giants.
One special feature of Criteo is what they call “Retargeting”: Criteo is “tracking” the user across different websites (and devices !!) and redelivering ads that might be relevant for this specific user. So whenever you have looked up a potential Hotel room on Booking.com and then you move on to a different website, this is then the mechanism why you then get serves Booking.com ads on a different website.
Criteo claims to have 1,4 bn (!!) individual user profiles that it is tracking and bale to serve directed ads to.
For advertisers, the problem is very simple: Normal online advertising has become almost prohibitive expensive. Just bidding on Google search words doesn’t make a lot of sense, especially for smaller companies. IRRs on retargeting campaigns are clearly more effective.
Valutation:
Criteo has currently a market cap of ~1,6 bn USD (USD 24 pers share). Criteo had net income of around 80 mn in 2017 which is a trailing P/E of around 17. However with around 480 mn in Cash, the cash adjusted P/E is “only” around 12,4.
2017 Free Cash flow (their definition) was ~137 mn USD, so Price/FCF is less than 9x which is quite low for a still growing tech company.
Problems: Apple, Amazon, Short sellers & GDPR
Looking at the share price, It is pretty easy to see that Criteo has some issues:
The stock is below the IPO price from 5 years ago and has underperformed the tech sector dramatically despite high and growing profitability over the last years. So what happened ?
Well, several things and many of them not good:
Apple
Apple modified their Safari browser to make tracking and retargeting much more difficult on their devices. This is what Criteo itself was saying:
The release of Apple’s Intelligent Tracking Prevention feature in Apple’s Safari browser, or ITP, on September 19, 2017 had a net negative impact on our Revenue ex-TAC in the third and fourth quarters of 2017 of less than $1.0 million and $25 million, respectively. Given the iOS 11 roll out and our coverage of Safari users, we expect Safari’s ITP feature will continue to have a net negative impact on Revenue ex-TAC, as reflected in our 2018 projections. Refer to Part II Item 1A. “Risk Factors”.
This is clearly something to watch. Normally, the Adtech industry is quite creative in finding new ways to track users.
Amazon
Amazon announced just a few days ago that they will also move into the retargeting space:
While the details are not entirely clear, Bloomberg asserts the new Amazon program will compete with similar offerings from Google and Criteo. It’s currently being tested and will be a PPC-auction product, according to the report. Recently, Amazon stopped buying product listing ads (PLAs) on Google.
Although it’s not clear to me that any retailer want to use its main competitor Amazon for retargeting, this is definitely something to keep an eye on. If Amazon gets in somewhere, caution is always a good strategy for the long-term.
GDPR
“GDPR” is the new privacy standard that the EU implemented in late May. In summary, it provides guidelines how personal user data can be used. The new law/standard foresees pretty hefty fines for non-compliant companies.
One of the problems is that for the company itself, the standards are not clear yet. There is no rule book what exactly companies have to do to comply.
I have talked with a couple of people in the online advertising area and a lot of them were telling me that for the time being they will not use retargeting as long as the situation is unclear.
“Short attack” from Gotham Research
There seem to be generally some issues about Adtech and retargeting. This is for instance a specialized blog that shows that there seems to be some serious “ad fraud” from Adtech companies going on.
In a well-timed attack last year, short seller Gotham research targeted Criteo with such kind of “ad fraud” accusations:
The Gotham posts are actually well written and I learned a lot about how Criteo and Adtech works just by reading it. Some of the accusations are clearly warranted, others maybe less so.
For instance the Apple Https “Super Cookie” weakness was well-known for some years and Apple was very slow to close it. Also the fact that some advertisers maybe overpay for online advertising is nothing specific to Criteo. Actually, I think a significant part of Google’s and Facebook’s Ad revenues are “overpaid” by advertisers that are not able to track the effectiveness of their expenses.
Nevertheless, the Gotham research clearly identified many of the weaknesses of the retargeting business model.
CEO change – founder back
Criteo defended itself vigorously but at some point it looks like that the pressure got to high. Maybe it was a coincidence but I guess that the fact that the CEO was kicked out some weeks ago and the founder came back is a clear sign that not everything was great.
Founders coming back to startups sometimes works very well, with Steve Jobs being the best example but of course there are alos negative examples.
Q1 Results 2018
Q1 results of Criteo were still pretty good despite all the issues /revenue +8%, EBITDA +22%) but they mentioned that GDPR will clearly have an impact already in Q2.
Summary:
Criteo in my opinion is both, a very interesting stock and an interesting business model. During my Criteo research I learned a lot about online advertising and Adtech.
It is pretty clear that although “retargeting”” looks maybe a little bit like “Online stalking” and in conflict with data privacy. But on the other hand, normal online advertising (Google, Facebook) has become so expensive and difficult to track, that companies who are interested in cost efficient online advertising need this kind of tools.
In the short-term, especially the GDPR discussion will things difficult for Criteo and “Independent” retargeting, but on the other hand I think more and more people are worried that the large players like Google and Facebook become too dominant.
Take booking.com for example, which is a client of Criteo. If you only advertise on Google and Facebook and these guys try to become your competitor, you might think twice in directing all your ad efforts to these guys because then they exactly know how the business works and can easily copy and take over.
I am also a little bit sceptical on some projections about online advertising. Yes, it is still growing strongly, but in my opinion this is also the result of a lot of money wasted by unsophisticated players that are not able to track the efficiency of their ad spending.
Nevertheless, for the time being, I wil stay on the sideline and watch Criteo from the outside. Due to GDPR it is pretty clear that the next quarters will be more difficult and I am not sure if everything is already priced in. Also, in the past, the Adtech industry always came up with some creative new ways to achieve their goals and one could speculate that this could happen again.
So despite the current headwinds. the stock could become clearly more interesting in the future as a potential deeply contrarian play. I also think that Criteo could be an interesting take over target.
P.S.: A “link dump” from my research:
https://www.businessinsider.de/criteo-market-cap-2016-8?r=US&IR=T
https://www.theinformation.com/articles/Criteo-The-Ad-Tech-Company-Google-Pays-Attention-To
IPO Prospectus:
https://www.theverge.com/2017/9/14/16308138/apple-safari-11-advertiser-groups-cookie-tracking-letter
https://pxlnv.com/blog/criteo-cookie-monsters/
https://www.eff.org/deeplinks/2017/12/arms-race-against-trackers-safari-leads-criteo-30
Apple burns the HSTS super cookie
https://github.com/pulsejet/HSTS-SuperCookie
https://www.securityweek.com/apple-addresses-hsts-user-tracking-webkit
https://forums.macrumors.com/threads/hsts-super-cookies-reason-to-dump-safari.1836501/
Click to access toorcon2015.pdf
https://www.orantec.uk/blog/2015/01/12/cross-site-user-tracking-cookies-and-online-privacy
HSTS Super Cookies
HTTP Strict Transport Security (HSTS) is a security feature that allows websites to signify that they should always be accessed via a secure connection. The first time a user visits a website, it sends a bit value (true or false) which the browser stores to remember whether it should connect via HTTPS. This is a security enhancement as it ensures the browser always connects via HTTPS even if the user types or clicks a link for HTTP.
Ironically, this security enhancement has become a privacy flaw as Sam Greenhalgh of RadicalResearch has developed a method of using these flags to create a Super Cookie. The technique involves sending a request to 32 URLs which each return a true or false value that is stored by the browser. Combining these 32 values gives a binary number that can uniquely identify up to 2 billion browsers. This number can also be read by any website, not just the issuing site, and will also work in private browsing mode on some browsers.
Internet Explorer is immune to this technique as it doesn’t currently support HSTS, although it is in development. Chrome, Firefox and Opera will delete these Cookies if Standard Cookies are cleared and the latest version of Firefox does not pass the same Cookies from normal to private browsing modes and vice versa. Chrome does pass the Cookies from normal to Incognito mode but not in the other direction. Safari does not provide any way of clearing these cookies and does pass the same values between normal and browsing modes. Even more worryingly, the cookies are also uploaded to iCloud so will be sync’d with other devices.
The HSTS Cookie technique was developed recently but was actually highlighted as a potential issue by Mikhail Davidov back in 2012. For more information on HSTS Cookies read Sam’s article at http://www.radicalresearch.co.uk/lab/hstssupercookies
https://www.quora.com/How-do-Internet-companies-track-users-activity
http://www.seerinteractive.com/blog/real-cross-device-management/
http://www.cardinalpath.com/connecting-the-dots-top-3-cross-device-tracking-methods/
https://digiday.com/media/ad-tech-firms-quitting-europe-blaming-gdpr-often-scapegoat/
value and opportunity 
Sahm Adrangi’s presentation on ad fraud at the Kase Learning conf on short selling
Great to see that we for once analyse the same company. I have had my eye Criteo for many years now and as you know from my blog, owned it 2 times around. In the end I sold the position, why? Basically because I changed my investment philosophy to only buying companies I feel I can understand.
With Criteo I thought I understood the company/business, but then market changes so quickly, that suddenly I didn’t understand what was going on. If you don’t work in this industry, I don’t think you can keep track of what is going on, without spending an unreasonable amount of time. So then the investment comes down to faith, faith in execution from the management and the people working in Criteo, being better than competitors and outsmarting them. I don’t have that level of faith, and again it’s not really my investment style to just invest in people. I’m happy to invest with great people, but I also want to understand what is going on.
For the similar reasons I exited another wonderful company, Catena Media, which is retargeting people to gambling sites. Fantastical business, but so much is changing in the industry, it takes an unreasonable amount of time to keep abreast of the changes. So I sold.
You can find all my posts on Criteo on my webpage, where my full reasoning for buying and then later selling is presented.
thanks for your comment. I slighlty disagree with one remark however:
I think these days it becomes more and more important to actually invest in people. I think with the current pace of change, it is an illusion trying to “reall understand” a business. Not even the people running a business understand evreything.
Of course, Criteo is difficult, because their business model is very new and changing rapidly, but again, many industries are subject to similar dynamics.
Well I think its a perfectly good investment strategy investing in/with people. But then your analysis should focus on that, and deeply understand what makes these people stand out from the crowd. I think everyone would love to add this to their company analysis, but it’s not very easy. If you meet management, maybe you get charmed by their charisma, but they are actually not good at running the company. A lot of people are hard to dig up the facts about. In the end, what you have as hard facts, is their previous track-record. But even that needs then to be scrutinized. Was it that the person before them laid the groundwork for the turnaround? Did just external factors turn-around so they looked like a hero in the company? You never know..
For me the understanding is about being secure enough to stay by my investment even when the stock starts to fall. If you both understand the company and believe in the people there, that is for me much stronger than just believing in the people.
I don’t disagree. All I am saying is that it is not easy or even an illusion trying to “full understand” any company,
Thanks for the – as always – very good article. I had Criteo on my watchlist and started a small position recently to keep me interested.
My overall thesis is that due the GDPR many of the simpler and more obvious marketing techniques, newsletters, business cards and the like are made much more difficult. Regulators regulate what they can easily understand.
The demand flows somewhere else. Two areas will benefit from this, I think: the more technically complex ad business like Criteo’s and the low tech human to human marketing like event marketing, exhibitions and the like.
I also have seen over and over again that regulated businesses prosper (think tobacco), because regulation implies higher barriers to entry and thus reduces competition.
So in my opinion, the GDPR regulation will perhaps make the ad tech business more difficult but not less profitble.
thanks for your perspective. Let’s see, but i think in the short run, results might suffer….
Yes, there are retargeting “services” both from Google and Facebook, that’s why I said that Criteo is a competitor. But as I mentioned, I don’t think that everyone agrees that Google or Facebook should know absolutely everything about a companie’s ad strategy.,
Criteo “invented it” but similar services are clearly available from other players.
Are you sure that Google’s AdSense program doesn’t use retargeting, too? As far as I know this is in industry standard, but correct me if I’m wrong….