Trust & Safety, Payments Risk, Fraud Prevention — these are the teams on the frontlines of marketplaces fighting the widest variety of fraudulent behaviours seen by businesses today. If you don’t count yourself among those ranks, here’s a glimpse of the battlefield: three minutes spent investigating a traditional chargeback scenario; twenty minutes looking at a particularly complex account takeover; an hour spent looking at a USD 10,000 ACH transaction that just doesn’t look right (but all you’ve got is a name and an email); and a week investigating a mugging that occurred via your platform. By the way, you’re also responsible for fighting fraudsters in 20 countries.
The challenges and abuses faced by marketplaces are monumental, evolving faster than any business could keep up with. Therefore, it’s no surprise that effectively mitigating this onslaught of fraud is accomplished, in part, by sharing information and best practices. In that spirit, here’s three different types of fraud that marketplaces confront, the associated challenges, and the applicable solutions.
Payments fraud
Responsible marketplaces often err on the side of caution when it comes to payments fraud. Consequently, one of the biggest problems marketplaces face in the realm of payments is false positives. It’s conceivable that this is a problem brought on partly by marketplaces themselves by sacrificing proactive information gathering for growth and conversion. Internally, growth and risk teams have competing priorities that result in few new customer inputs required to enter the marketplace, which fraudsters then exploit. This lack of information in onboarding makes it extremely difficult for marketplaces to identify and make decisions around transactions.
How do marketplaces balance user identification with optimal user experience to decrease false positives and identify fraud effectively?
This flow not only reduces false positives, it increases friction on risky users and transactions. Depending on the sophistication of the marketplace, some will run pre-authorisation models to meet Transaction Risk Analysis (TRA) requirements under Payment Service Directive 2 (PSD2), allowing them to take advantage of Strong Customer Authentication (SCA) exemptions if they are operating in the European Economic Area.
For larger marketplaces this may all be in-house, but smaller ones will need to rely on third-party vendors and payment service providers for assistance in developing this risk-based approach.
Without partnering with an acquirer or other third party that can help manage SCA exemptions, marketplaces will ultimately introduce too much friction into their payment flows. It is recommended that marketplaces leverage every exemption available in PSD2.
Platform integrity fraud
A more nebulous type of fraud in the marketplace ecosystem is ‘platform integrity fraud’, exemplified by bots, spam, social engineering, and account takeover (ATO). While bots and spam can be mostly eliminated through rules at account signup (using line type, carrier, device information etc.), social engineering and ATO can be much more difficult to catch.
How do marketplaces identify users with intent to socially engineer other users or take over accounts?
Newer fraud trends like SIM-swapping are becoming a more prevalent issue, with recent notable cases in the news like Twitter CEO Jack Dorsey’s eponymous account posting offensive tweets.
Utilising signals like IP address risk and distance calculations can be assets to marketplaces looking to stop more sophisticated ATO techniques in real time.
Offline fraud
Offline (also known as in-person fraud) is what keeps all trust & safety professionals up at night. The thought of someone being hurt while using the platform sits heavily on the conscience and the brand. This type of abuse is where most reputational damage comes from. Marketplaces that facilitate in-person transactions are specifically exposed to this type of abuse, with mitigation measures extending to transaction completion and beyond.
How do marketplaces protect users and their brand from offline, in-person fraud, and the reputational damage that accompanies it?
As marketplaces expand their offerings internationally, the above challenges are compounded and new ones arise. Perhaps the most important part of finding solutions to these problems is finding partners and resources that are ready to support marketplaces wherever they go and for whoever they serve.
This editorial was first published in the Fraud Prevention and Online Authentication Report 2019/2020. The Guide covers some of the security challenges encountered in the ecommerce and banking, and financial services ecosystems. Moreover, it provides payment and fraud and risk management professionals with a series of insightful perspectives on key aspects, such as fraud management, identity verification, online authentication, and regulation.
About Conor Garside
Conor Garside leads the Marketplaces team at Ekata, providing expertise on identity verification solutions for marketplaces and payments companies.
About Jeremy Gottschalk
Jeremy Gottschalk is an expert in risk management for marketplaces. He founded the Marketplace Risk platform as an industry networking and knowledge-sharing platform.
About Ekata
Ekata provides global identity verification solutions powered by the Ekata Identity Engine, providing value through unique data links from our network and graph.
About Marketplace Risk
Marketplace Risk is the most comprehensive platform for education, networking, and information sharing for the sharing economy and marketplace startup ecosystem. More info at www.marketplacerisk.com.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. If you see a comment that you believe is inappropriate to the discussion, you can bring it to our attention by using the report abuse links. As the comments are written and submitted by visitors of the The Paypers website, they in no way represent the opinion of The Paypers.