Fraud prevention on online marketplaces

Online marketplaces have revolutionized the way we shop, offering convenience and a wide selection of products. But this new technology has also opened up a world of possibilities for fraudsters who are looking to take advantage of unsuspecting consumers.

From fake listings to sophisticated scams, fraud is one of the greatest risks facing online marketplaces today. It’s important for both buyers and sellers to be aware of the different types of fraud that could affect them, so they can protect their interests and avoid becoming victims. It's equally vital that marketplace platforms themselves take action to protect users from fraud and abuse.

P2P marketplace scams 

Depending on the type of marketplace, fraud on a marketplace can take a few different forms. For example, on peer-to-peer (P2P) marketplaces like Craigslist or Facebook Marketplace, common fraud methods include fake listings, bait and switches, and social engineering.

A common example of a fake listing scam is when someone posts an item for sale at an unreasonably low price, only to disappear after the buyer has made payment. In a bait and switch scheme, a seller might list one product but send the buyer another one, typically one that’s much lower in quality. An example of a social engineering scam would be a fraudster on a housing rental marketplace convincing users to divulge sensitive information like social security numbers, home addresses, and more.

B2C marketplace scams 

Business to consumer (B2C) marketplaces often face problems like fake listings, fake reviews artificially inflating the rating of products and sellers, inaccurate descriptions, or products that never ship after the buyer pays for them.

Other types of online marketplace fraud

Some forms of online marketplace fraud are shared across different types of marketplace. For example, concerns that are common across P2P, B2B, and B2C platforms include credit card fraud, account takeover, fake accounts, money laundering, and phishing scams.

Online marketplaces require users to verify their identity for a variety of reasons, such as to prevent fraud and to comply with anti-money laundering laws. Verification processes vary in complexity, but commonly include email and phone verification, photo ID and selfie comparison, address verification, and biometric verification.

While these methods are useful for confirming the identity of the user, they can be vulnerable to manipulation or security breaches. In this section, we’ll explore current methods of identity verification used by marketplaces today, and how they sometimes fall short in providing reliable confirmation of user identity.

Email and phone verification 

Email and phone verification are two of the most basic methods used to verify online marketplace accounts. In email verification, a user will enter their email address when registering for an account. The system then sends that email address an automated message with a validation code that can be used to activate the account. Phone verification works similarly - the user is asked to provide a phone number, which is then sent an automated message with a validation code.

Once the code is entered, the user's account is verified and they can begin using the platform. Both email and phone verification are relatively easy to implement and provide some level of assurance that someone is who they say they are.

However, neither of these methods are foolproof since it’s possible for fraudsters to create fake email addresses and phone numbers.

Photo ID and selfie comparison 

Photo ID verification and selfie comparison are two more advanced methods used to verify user accounts on online marketplaces. With photo ID verification, users are asked to upload a photo of their government-issued ID (such as a driver's license or passport). The platform then verifies the information against an official database in order to confirm that the account is associated with a real person.

Selfie comparison works similarly, but instead of verifying the ID against a database, the platform compares the photo to one taken from the user's camera or smartphone.

For verification purposes, having to upload an official photo or take a selfie are both steps that add a lot of friction to the verification process. Additionally, with the advancement of generative AI and deepfakes, facial recognition like the kind used in photo ID verification will become more vulnerable to spoofing attacks. 

Address verification 

Address verification can also be used to verify user accounts on online marketplaces. To do this, the platform requires users to enter their address when registering for an account. The system then checks that address against official databases to ensure that it’s associated with a real person and not a fraudster. This helps prevent fraudulent activity, since it makes it more difficult for someone to create a fake account using false information.

However, address verification using databases has many shortcomings, most notably gaps in the database’s recency and coverage. For example, the United States has a central address database through organizations like the United States Postal Service or the Department of Motor Vehicles, but these organizations aren’t standard in every country, which presents an immediate problem for global companies seeking to use address verification. If there’s no public database to rely on, companies have to go out of pocket to pay for private subscriptions.

Additionally, not every individual is covered by these types of databases. For example, minors who live with their parents and aren’t yet old enough to drive may not have an official record to which the address verification system can compare their information, which may result in a false positive.

Lastly, if database information is out of date (for example, if someone moved recently), that can result in false positives or in people gaining access even where they might have failed verification had the database information been current. 

Biometric verification 

Biometric verification is becoming increasingly popular as an identity verification method for online marketplaces. It involves using biometrics data like a fingerprint or face scan to verify the identity of someone registering for an account. Similar to address verification, the biometric data is compared against official databases to see if the user is who they claim to be.

Depending on the type of biometric verification, however, this method can be vulnerable to “spoofing” attacks in which an attacker sends false or manipulated biometric data to fool the system into granting them access. For example, in the case of facial recognition, someone might use a computer-generated deepfake video of their target victim in order to pass facial or voice recognition authentication.

Users today expect simplicity and ease when they sign on to use a new platform, so balancing security with minimal friction is crucial. As secure as methods like photo ID verification may be, they can be frustrating for users who expect a more streamlined experience. Too much friction in the onboarding process or during the user journey can turn users away from a platform, hurting acquisition and retention numbers.

At the same time, sacrificing user security is not an option. That's why the best marketplace identity verification solutions will always be those that can combine low friction with high security.

What makes a marketplace identity verification method frustrating for users? 

Passive identity verification is a method of verifying user accounts without actively prompting the user for additional input. Examples include biometric verification, where the device automatically reads a user’s face, fingerprint, voice, or behavior for verification.

Active identity verification, on the other hand, involves proactively asking users to provide information in order to verify their identity. Examples include photo ID comparison, wherein the user is asked to upload a photo of their government-issued ID (such as a driver's license or passport) and take a selfie for comparison. Another example might be asking the user to retrieve and input a code sent by phone or email.

Active identity verification can be frustrating for users as it requires extra, sometimes complex steps in the process. Imagine that you were settled comfortably in your office trying to sign up for a new online service, when suddenly you were asked to complete photo verification—you might have to get up from your seat, go find your official ID, and bring it back to your computer, and take pictures of it and yourself, all for a process that you expected to only take a few clicks.

Other factors that can make identity verification frustrating for users include data privacy concerns (users may feel uncomfortable sharing personal information with the platform) and the amount of time it takes to complete the process. No user wants to be stuck in an endless loop of verification requests.

Why marketplaces should use real-time address verification in the identity verification process 

Real-time address verification is a highly effective form of passive identity verification that can be used to verify user accounts on marketplaces. In this method, users enter their address when registering for an account, and the system then checks the address against their geolocation data in real-time.

Most people handle sensitive transactions and account access from a trusted location like their home or work, so this method is a good way to validate users without requiring additional input. The additional context provided by location can also allow platforms to block people logging in from locations previously associated with fraud or in close proximity to a large number of risky devices.

Incognia’s proprietary location technology provides this type of real-time location data with apartment-level accuracy and location spoofing detection, meaning that even if someone tries to fool the system by manipulating their location info, Incognia’s technology can detect that and return a high risk assessment. 

Using an online marketplace shouldn’t have to feel like a leap of faith for consumers and vendors, but neither should it feel like running through an identity verification obstacle course to reach the onboarding finish line. Using passive, tamper-resistant identity verification and authentication methods can help marketplaces manage user frustrations while also maintaining a high level of trust and security.