Fighting payments fraud in online marketplaces

After years of gradual growth, global eCommerce shot up dramatically in the last year, bolstered by a mass-migration online. In 2020, marketplaces accounted for two thirds of global online B2C sales. This upward trend has corresponded with another phenomenon: a surge in eCommerce fraud, which has become a major roadblock to online success.

When it comes to fraud, online marketplaces face unique challenges. First, their exposure to buyer fraud is exacerbated by varied product offerings, a broad customer base, and complex logistics operations. Second, as hosts of third-party sellers, marketplaces are at risk of seller-side fraud. As malicious actors, both buyers and sellers, are constantly innovating their attack methods, identifying fraudulent activity is becoming increasingly difficult.

In this paper, we break down the different types of buyer and seller fraud, and share information on common modus operandi, including listing and shipping fraud, policy abuse, buyer-seller collusion, account takeovers (ATOs), and more. We discuss the best ways to detect and combat malicious actors, and demonstrate how data on the seller, the buyer and the transaction can be linked and analyzed to recognize fraudulent patterns and protect the platform from abuse. Our goal is to offer fraud experts and other eCommerce professionals the latest information necessary to develop a comprehensive fraud protection strategy, ensuring your business’s long-term survival amidst a constantly changing eCommerce ecosystem.

Buyer fraud & challenges

Online marketplaces are susceptible to all the same types of buyer fraud that single-merchant eCommerce shops face — namely Card Not Present (CNP) fraud, as well as account takeover (ATO) attacks and fraudulent chargebacks. While marketplaces fall across multiple industries and markets, as platforms that connect buyers with third-party sellers, they all share four common characteristics that give rise to unique fraud challenges:

Diverse product offerings

By nature, marketplaces tend to offer a diverse array of products at different price ranges. As opposed to single-merchant eCommerce businesses, marketplaces host multiple sellers, often targeting different value ranges. Take for example a hotel selling on its direct channel, versus hotel bookings sold through an online travel agency (OTA). While the single hotel may offer different room types at incremental pricing, its target audience is clearly defined, be it for backpackers, business travelers, or vacationing families. The OTA, on the other hand, presents the offerings of a wide variety of hotels, catering to several distinct audiences — with distinct variance in budget.

Accordingly, fraudsters tailor their strategy and MOs to the goods they target. Whether it’s digital or physical goods, local or international sellers, discount or luxury — the complexity of the fraud attack differs from target to target, leaving marketplaces to contend with diverse fraud methods.

Global audiences

Marketplaces are often global players. While big retailers tend to concentrate primarily domestically — up to 96% of orders, according to Riskified data — some retail marketplaces transact up to two-thirds of the time with cross-border customers. Take for example the case of the sneakers industry. As shown in the graph below, marketplaces sell to international buyers at over twice the rate of single-merchant shops.

Selling cross-border increases the complexity of fraud detection. Fraud trends have a geographical component influencing the common fraud methods and rates. Additionally, legitimate customer behavior varies across countries, each with its unique eCommerce “culture.” For example, 1 in 4 Germans prefer paying by invoice for domestic purchases, but when transacting cross-border, they have to dust off a credit card that hasn’t been used in a while — which means there isn’t much of a comparable transaction history. Less than half of the people in Switzerland have a social media account, which can make identity verification more challenging.

Mandatory account creation

Customer accounts are an important facet of many eCommerce platforms. They help increase customer stickiness and reduce friction at checkout by storing payment and shipping details. And they decrease the risk involved in transacting with unknown customers: Riskified data finds that first-time shoppers carry on average a 60% higher fraud risk than returning customers. On marketplaces, it’s not uncommon for first-time customers to be required to create an account in order to check out.

However, while customer accounts have very positive effects on customer loyalty and lifetime value, they generate an additional vulnerability: account takeover attacks. First, a bad actor obtains the login credentials of a good customer’s account. Once a customer’s account is breached, there is an assortment of fraud schemes to pursue. They can conduct transactions that are harder to detect and stop because they look like they’re made by known customers. These types of attacks are particularly costly: In addition to the lost revenue and the costs associated with chargebacks, these attacks have a devastating impact on brand reputation and the lifetime value of a customer. A Riskified-commissioned survey found that 65% of customers would stop buying at a store where their account was breached, and 30% said they would encourage friends to stop shopping with the merchant.

Accounts that include stored payment details such as a saved credit card are a fraudster’s jackpot. Even when merchants have a reason to doubt an account-associated transaction, our data shows that they are often reluctant to decline it, not wanting to offend their most loyal customers. Some merchants ask account-holding customers to reinsert CVV codes. While this is good practice, our data shows that more than a third of merchants do not enforce regular CVV checks on stored payment methods, often for technical or compliance-related reasons.

Fraud spotlight: ATO with a stored credit card

An order was placed on a large US-based marketplace for a pack of boxer briefs costing approximately $70, including shipping. The order was placed via a two-year-old customer account with a history of good purchases. The billing and shipping identities matched, as did the name on the customer account – all safe indicators. However, Riskified’s machine learning models were able to identify these transactions as fraudulent and deny them automatically based on a few suspicious details, including a high probability of proxy use to mask the user’s true IP address. Based on this fraud attempt, we were able to identify several other ATO attacks across different merchants in our network. Even though all of these orders appeared to originate from different identities & geographies, a single detail linked them all: browser cookies. This allowed Riskified to stop an ATO spree in its tracks before serious damage could be done.

Dispersed logistics operations and complex fulfillment flows

As platforms without their own inventory, marketplaces often deal with a more complex fulfillment operation. Some large global marketplaces, such as Amazon and Shein, have warehouses around the world that house inventory from many sellers, allowing the marketplaces themselves to handle shipping and logistics. In many other cases, however, the payment side of a transaction is conducted through the marketplace, while fulfillment is up to each individual seller. Some P2P marketplaces offer direct shipping from seller to buyer (such as eBay and Etsy), while others take on liability in the form of product screening and reselling (such as StockX and Vestiaire Collective).

When fulfillment operations lack clarity around returns and exchanges, otherwise loyal customers may find themselves confused or frustrated. While some may understand, others will likely be less forgiving, opting to file an ‘Item Not Received’ or ‘Item Not As Described’ chargeback claim. Disputing these chargebacks is difficult and runs the risk of exacerbating the problem, potentially insulting honest customers.

Marketplaces that succeed in identifying and overcoming these four challenges should reap the benefits of increased precision: improved fraud prevention, a lift in approval rates, and ultimately higher margins.

Seller fraud & challenges

Seller fraud is a varied and sophisticated method of deceiving both the hosting marketplaces and the end customers. It can take place at any point in the sales cycle, from the time a marketplace store is established throughout the shipping and returns process. Additionally, fraudsters will often work within the marketplace to manipulate their stores’ position and influence competitors.
There are 4 main categories of seller fraud:

Product and Listing FraudThere are 4 main categories of seller fraud:

The seller advertises a product or listing that is inaccurate, misleading, or otherwise deceitful. Examples include:

• Misleading or counterfeit listings: any instance in which a listing doesn’t accurately represent the product being sold, or when the listing is for a non-existent product.
• Illegal merchandise: refers to products that are classified as illegal according to marketplace rules or in a specific country in which they are sold.
• Copied listings: when a seller duplicates the listing of a competitor.
• Listing as a marketplace brand: misrepresenting a product as one that falls under a marketplace brand.
• Poor quality listings: refers to listings with low-quality images or poorly written descriptions that don’t portray the product accurately.
• Second-hand as new: listings that misrepresent second-hand products as new products.

Shipping fraud and abuse

The fraudulent activity takes place during the shipping process, from the time an order is placed through the returns process. Examples include:

• Selective shipping: a seller who ships partial orders.
• Shipping SNAD items: eBay sellers who ship products that are ‘Significantly Not as Described’ (SNAD).
• Issuing fake or used tracking numbers: this leads to buyers tracking a different product shipment than the one they purchased.
• Falsifying inventory location: this results in buyers’ inability to track their purchases.
• Violating shipping and refund policies: refers to sellers who ship their products against stated marketplace or store policies, e.g., charging for return shipments when they are advertised as free.

Account and KYC issues

This category involves sellers using fraudulent identities or other practices that violate a marketplace’s terms and conditions. Examples include:

• Duplicate stores or accounts: sellers list the same product on multiple stores they own to help ensure a customer purchases from them.
• Failed KYC: occurs when a marketplace’s seller verification fails. This can happen when a seller uses fraudulent documents, a stolen identity, etc.
• Born to be sold: the establishment of a marketplace store strictly to collect positive feedback and reviews so that store can be sold.
• Excessive violations: a store’s excessive violation of a marketplace’s terms and conditions until the store is closed.
• Unilateral refunds: refers to sellers issuing refunds to buyers without a request. For example, this could be considered fraud when a seller colludes with a buyer using a stolen credit card. The refund would then be split between the buyers and seller.

Collusion and antitrust

This category involves practices designed to impede free competition amongst sellers or by creating the illusion of competition between different stores. Examples include:

• Fake reviews: refers to leaving bad reviews on a competitor’s store in order to damage their sales and reputation.
• Collusion: Refers to cases where the buyer and seller are the same person. This can result in fraudsters bidding on their own products to drive up prices or leaving positive reviews on their own store.

When it comes to seller fraud, everything is cyclical

Seller fraud is largely part of a repeat cycle — whether in-marketplace, or cross-marketplace. Bad players are rarely one-hit-wonders, and repeat acts can be negated if players are quickly flagged. A historical analysis of Payoneer seller data from 2018 found that 67% of seller fraud cases were connected to prior cases, and that 57% of all seller fraud could have been averted if known players had been flagged post-first offense.

This form of fraud is a growing concern to marketplaces. Often hard to detect (despite its cyclical nature), seller fraud exploits platform vulnerability, incurring both direct and indirect impacts on some of the most sophisticated marketplaces. Complex schemes can threaten financials by costing up to 4% of revenues, according to Payoneer data, as well as interfere with compliance practices and impact consumer trust and brand reputation.

Take control — outsmart the fraudsters

With bidirectional fraud challenges, marketplaces need a robust and efficient fraud prevention strategy to ensure a great shopping experience that meets customer expectations for speed, convenience and security. The abundance of alternatives in today’s eCommerce landscape means that customer experience is key to retaining their lifetime value and growing sales.

The key to effective fraud management lies in data: about the buyer, the seller and the transaction. Advancements in technology have made this data available to the platforms, but it is the way in which that data is used that can make or break a fraud prevention strategy. In this chapter, we’ll outline the ways in which fraud prevention partners track, analyze and compare transactions and listings to deliver a secure shopping experience for all parties involved.

Data is the key to identifying seller fraud

Fraudsters are often creative and able to skirt marketplace policies, compromising platform security. We’ve seen marketplaces impose overprotective policies in an effort to protect their platform from potential repeat offenders. But these policies often risk platform performance, resulting in slow onboarding processes (of 30+ days), delayed payouts, and seller deboarding (some have reported deboarding up to 50% of their seller ecosystem). But is there a better way to outsmart the fraudsters?
Marketplaces tend to leverage payments partnerships to facilitate their end-to-end payments needs rather than settle themselves, and often lack direct visibility into transactional data. This data, however, is key to pattern detection.
The payments perspective provides unique visibility into seller fraud, enabling marketplaces to identify fraudsters before they strike, from three angles:

• Spotting suspicious payment behavior in-platform: enabling marketplaces to investigate sellers preparing to commit or committing fraud.
• Spotting cross-marketplace fraudulent behavior: enabling marketplaces to prevent sellers with a fraud track record from onboarding in the first place.
• Spotting store and/or account linkages: enabling marketplaces to prevent repeat fraud, and gain insight on group behavior.

CASE STUDY #1

Identifying cross-marketplace fraudulent behavior

Sellers are champions of diversification. It is rare that they’ll put all their eggs in one basket and therefore they can often be found selling cross-platform. An analysis of historical Payoneer data found that more than 70% of a marketplace’s sellers sell on multiple platforms. That number creeps up in smaller marketplaces (i.e, it is more common to find exclusive sellers in giant marketplaces. There, sales volumes are high enough to justify selling on a single platform).

Sellers Operating on Multiple Marketplaces, by Percent of Marketplace Volume, 2019*

Let’s take a look at what happens when fraudsters manipulate cross-platform selling to their advantage.

Meet Seller A. Seller A was an active seller receiving funds through three different eCommerce marketplaces via Payoneer, circa 2017-2018. Seller A opened up stores on two marketplaces simultaneously in July 2017, yet only kicked off activities on one while the second remained idle. For the first few months (Q317), Seller A established his presence and saw a steady increase in sales on Marketplace 1. No abnormality in sight. But then Q417 noted a sharp drop, followed by a nearly six-fold increase in selling activity that raised a red flag. The seller was wise in that he tried to disguise the observable increase behind the peak associated with the Winter holiday season, but by Q118 his activities steadily declined — entering a cooling period — as Marketplace 1 became suspicious that the prior quarter’s activities were a byproduct of shipping fraud.
To compensate for the cooling period, Seller A kicked off activities with Marketplace 2 (the one that had been opened in July yet remained inactive) in Q118. But there, fraud was detected almost immediately, and Seller A’s store was shut down within two months.
To compensate for the shutdown, Seller A opened up a third store on Marketplace 3 in March. He gradually built up activity there while reinitiating activities on Marketplace 1 (essentially ending Q118’s cool-off period) hoping to better balance activities between the two. Things were looking up in Q218, but by the time summer hit, Seller A was found to have committed fraud on both marketplaces and his activity was ceased by Q418.
The lesson: To successfully manage this type of fraud, marketplaces should work closely with providers to gain deep insights into seller behavior outside of their platform.

CASE STUDY #2

Identifying store connections

Sellers often operate more than one store, but it is not always easy to identify store linkages. In the case presented here, a mapping carried out by Payoneer’s Risk team found that 127 stores were owned by 25 sellers, with 2-15 stores each (this number can run into the thousands). Although most of these connections were domestic, some operated cross-border.
Now, while not all store connections should be viewed as suspicious, having an overall view and understanding of these connections can help marketplaces thwart fraud schemes that rely on these connections.

According to historical Payoneer data, 67% of fraud cases reviewed in 2018 were part of a larger group incident. If marketplaces were to work more closely with a payment partner like Payoneer on detecting store connections, an estimated ~57% of fraud cases could be averted.

Leveraging machine learning to prevent buyer fraud

Preventing buyer fraud is steeped in data analysis. For every transaction made online, there’s an abundance of data points, including specific order details, behavioral analytics, device fingerprinting, and more. So much data that a human, or a rigid system of rules and filters, will not be able to process and accurately weigh the information within a reasonable timeframe. Machine learning algorithms are a technologically advanced approach to managing fraud.

These algorithms, or models, are able to analyze thousands of data points and compare them to large databases of information, providing a highly precise prediction about whether the order is fraudulent or legitimate.

Leveraging the network effect

A key advantage of machine learning is that with the right setup, the models optimize themselves and require no maintenance or adjustments on the merchant’s part. However, machine learning is not a silver bullet. The model’s performance relies heavily on learning from past experience, which in turn, requires accurate tagging of clear-cut fraud attempts, safely approved transactions, fraud-related chargebacks, and transactions that were wrongly declined. The more previous orders there are to compare to, the more accurate the model’s prediction will be. But a merchant doesn’t need to be limited to the scope of their own order history; they can leverage the network effect when participating in a data-sharing program with other eCommerce merchants. A first-time customer for one merchant may be a loyal customer for another; by linking their identity across the network, merchants benefit from the shared transactional history.

Offering a superior customer experience

For customers, machine learning fraud review dramatically reduces friction at checkout. The process is entirely transparent, not requiring additional input from the customer (as in the case of two-factor authentication), and it is conducted instantly, without the need for a manual review queue. Most importantly, thanks to the heightened accuracy, fewer good customers are turned away, lowering false declines to a minimum. And when 33-40% of customers report that they won’t return to a merchant who wrongfully declined them, the impact on customer loyalty and lifetime value is critical.

Detect and prevent Account Takeover ATO attacks

It’s possible to prevent account takeovers from becoming fraudulent orders at checkout, but ideally, ATOs should be detected at login. If the bad actor is allowed to enter the account, they’re already able to pilfer the customer’s data, who must then be informed that their account has been compromised. However, catching the bad actor at login is tricky: firstly, a false decline at login can be more insulting and confusing to a customer than at checkout, so precision is crucial. Second, the decision needs to be made instantly, and with less information. Often it is determined before the customer has even begun their browsing session.
The need for accuracy and real-time decisioning means there is no choice but to fully automate this process. Building such a system is not simple, but there are two main facets of any automated ATO detection solution: detecting behavioral and device changes, and bot detection. Collecting and analyzing data about users’ online behavior in real-time and comparing it to customers’ past behavior is the key to detecting ATO attempts. But identifying the attacks isn’t enough. To successfully manage this type of fraud, merchants need to determine when and how to block bad users, notify customers of suspicious login attempts, or request additional verification.

Conclusion: the value of provider partnerships

Leveraging partnerships with payment providers and fraud solutions can help marketplaces gain better insight into their transactional data and into the sophisticated fraud schemes that stand behind corrupt seller practices. In learning them, marketplaces will be able to outsmart them.

About Payoneer

Since 2015, Payoneer has partnered with the world’s leading marketplaces to solve their biggest payout challenges. Since then, Payoneer has evolved to empower businesses to go beyond borders, limits and expectations, by streamlining global commerce across 200 countries and territories. Leveraging its robust technology, compliance, operations and banking infrastructure, Payoneer delivers a suite of services that includes cross-border payments, working capital, tax solutions, merchant services, risk management and more.

Payoneer powers marketplaces with a comprehensive end-to-end infrastructure that includes:

• Localized payment acceptance & checkout management via payment orchestration
• Global mass payout management
• Automated seller KYC & onboarding
• Accounts payable automation
• US & EU Tax/VAT services

About riskified

Marketplaces lose billions to underperforming legacy fraud solutions, payment failures and high-friction verification. Riskified uses powerful machine-learning algorithms to recognize good orders with a 100% guarantee against fraudulent chargebacks. Marketplaces can safely approve more orders, expand internationally and ensure a seamless shopping journey without taking on new risk.

In addition, Riskified’s ATO prevention solution accurately identifies malicious login attempts, delivers actionable next steps, and minimizes friction for your customers. Our machine learning models assess the risk of every login and resulting account event. We then provide a clear “allow,” “block,” or “verify” decision. When verification is required, our solution can deploy the identity challenge on the merchant’s behalf.

By linking every login and checkout to millions of previous shoppers and billions of transactions across Riskified’s merchant network, our system differentiates legitimate customers from bad actors with a high level of confidence. Marketplaces who partner with Riskified benefit from best-in-class fraud detection technology and actionable decisions, and ensure that their good customers are never subjected to needless friction.