In the 2019/2020 Fraud Prevention and Online Authentication Report from Paypers, Marketplace Risk founder Jeremy Gottschalk and Conor Garside of Ekata co-authored "Fraud and Abuse Challenges for Marketplaces". Click here to download the full report.
Fraud and Abuse Challenges for Marketplaces
Trust & Safety, Payments Risk, Fraud Prevention — these are the teams on the frontlines of marketplaces fighting the widest variety of fraudulent behaviors seen by businesses today. If you don’t count yourself among those ranks, here’s a glimpse of the battlefield: three minutes spent investigating a traditional chargeback scenario; twenty minutes looking at a particularly complex account takeover; an hour spent looking at a USD 10,000 ACH transaction that just doesn’t look right (but all you’ve got is a name and an email); and a week investigating a mugging that occurred via your platform. By the way, you’re also responsible for fighting fraudsters in 20 countries.
The challenges and abuses faced by marketplaces are monumental, evolving faster than any business could keep up with. Therefore, it’s no surprise that effectively mitigating this onslaught of fraud is accomplished, in part, by sharing information and best practices. In that spirit, here’s three different types of fraud that marketplaces confront, the associated challenges, and the applicable solutions.
Responsible marketplaces often err on the side of caution when it comes to payments fraud. Consequently, one of the biggest problems marketplaces face in the realm of payments is false positives. It’s conceivable that this is a problem brought on partly
by marketplaces themselves by sacrificing proactive information gathering for growth and conversion. Internally, growth and risk teams have competing priorities that result in few new customer inputs required to enter the marketplace, which fraudsters then exploit. This lack of information in on-boarding makes it extremely difficult for marketplaces to identify and make decisions around transactions.
How do marketplaces balance user identification with optimal user experience to decrease false positives and identify fraud effectively?
1. Work with your growth team to identify the maximum amount of identity elements they feel comfortable collecting.
2. Prior to a user transaction, extract all information and metadata from identity elements.
3. Design progressive user experience flows for low-risk and high-risk users based on modeling and rules using identity information.
This flow not only reduces false positives, it increases friction on risky users and transactions. Depending on the sophistication of the marketplace, some will run pre-authorization models to meet Transaction Risk Analysis (TRA) requirements under Payment Service Directive 2 (PSD2), allowing them to take advantage of Strong Customer Authentication (SCA) exemptions if they are operating in the European Economic Area.
For larger marketplaces this may all be in-house, but smaller ones will need to rely on third-party vendors and payment service providers for assistance in developing this risk-based approach.
Without partnering with an acquirer or other third party that can help manage SCA exemptions, marketplaces will ultimately introduce too much friction into their payment flows. It is recommended that marketplaces leverage every exemption available in PSD2.
Platform integrity fraud
A more nebulous type of fraud in the marketplace ecosystem is ‘platform integrity fraud’, exemplified by bots, spam, social engineering, and account takeover (ATO). While bots and spam can be mostly eliminated through rules at account signup (using line type, carrier, device information etc.), social engineering and ATO can be much more difficult to catch.
How do marketplaces identify users with intent to socially engineer other users or take over accounts?
1. Sentiment (conversation) analysis rules are an effective first step toward reducing the number of users vulnerable to social engineering in the form of links to external sites and apps. Sophisticated marketplaces may choose to deploy models around sentiment analysis to identify more complex cases of social engineering and ATO.
2. In-platform notifications regarding behavior to watch for, e.g. ‘Do not give out your personal banking information’.
Newer fraud trends like SIM-swapping are becoming a more prevalent issue, with recent notable cases in the news like Twitter CEO Jack Dorsey’s eponymous account posting offensive tweets.
Utilizing signals like IP address risk and distance calculations can be assets to marketplaces looking to stop more sophisticated ATO techniques in real time.
Offline (also known as in-person fraud) is what keeps all trust & safety professionals up at night. The thought of someone being hurt while using the platform sits heavily on the conscience and the brand. This type of abuse is where most reputational damage comes from. Marketplaces that facilitate in-person transactions are specifically exposed to this type of abuse, with mitigation measures extending to transaction completion and beyond.
How do marketplaces protect users and their brand from offline, in-person fraud, and the reputational damage that accompanies it?
1. Safety features like ‘Track My Ride’, made popular by ride-sharing companies, provide a great deterrent for potential ne’er-do-wells who may engage on the platform. Another prime example is providing or suggesting safe spots for users to meet up and engage in a transaction.
2. Performing background checks or more detailed screening of user populations may be warranted in cases when prolonged interaction is common in the marketplace, or one user is more vulnerable to harm than the other (e.g. service providers coming to users’ homes).
As marketplaces expand their offerings internationally, the above challenges are compounded and new ones arise. Perhaps the most important part of finding solutions to these problems is finding partners and resources that are ready to support marketplaces wherever they go and for whoever they serve.