It’s possible to buy almost anything on the Internet today, and consumers are showing up to buy in droves. Amazon, the world’s leading online marketplace, reached 5.3 billion visits in July 2022. Long-standing competitor eBay clocked in with around 3 billion visits, and other sites like Facebook Marketplace are gaining a solid foothold in consumer awareness with around 1 billion active monthly users.
The appeal of online shopping is easy to understand: users can browse a vast assortment of products from the comfort of their own homes, and many eCommerce giants like Amazon offer lightning-fast, straight-to-door shipping. But how do these online marketplaces work, and what kinds of fraud and scam risks come along with this convenience?
There are three main types of online marketplaces, but all basically work to connect sellers and buyers via the Internet. While this approach has major advantages in terms of convenience, the increased anonymity can also open the door to fraudsters and scammers.
Business-to-business marketplaces are spaces for business professionals to sell enterprise-grade products and services to other businesses. For example, the kinds of office furniture and software needed by a corporation or SME will differ greatly from that needed by the average consumer. B2B marketplaces allow professionals to filter through consumers and sellers looking for consumer-grade goods.
Business-to-consumer online marketplaces follow the model that most people are familiar with from in-person shopping. A business advertises its product offering through the online platform, and consumers can peruse and buy at their leisure. Big-name brands like Amazon, Walmart, and Wish all fall under the B2C umbrella.
One of the biggest challenges facing B2C marketplaces is ensuring that users get what they pay for without their safety or data being compromised.
Lastly, consumer-to-consumer or peer-to-peer marketplaces take the familiarity of garage sales and flea markets into the digital sphere. Facebook Marketplace, Craigslist, and eBay are all potential examples of P2P marketplaces. Some websites, such as eBay and Facebook Marketplace, can also fall under the B2C category as business entities are free to join and sell to consumers as well.
Like other types of marketplaces, P2P marketplaces are vulnerable to scammers and fraudsters trying to con legitimate customers out of money or even more sensitive personal and financial information.
The increased anonymity of the Internet gives fraudulent sellers and buyers alike new opportunities to pull a fast one on a legitimate user. Here are some examples of common scams on a marketplace that users may experience.
Account takeover fraud or ATO fraud happens when a fraudster gains access to a user’s account and uses that access to do things like transfer money, steal personal information, and more. Account takeovers can sometimes be prevented using multi-factor authentication, but even this isn’t always effective, as fraudsters can use social engineering to gain access to other authentication factors like SMS codes.
Combined location and device intelligence can be helpful in preventing account takeovers by flagging unusual device and location behavior and returning a high-risk assessment. Because location identity is a passive authenticator, there’s no way for fraudsters to use social engineering to defeat it.
In this scheme, a buyer will contact a seller claiming to be very interested in an item. The buyer will then ask for the seller to send some sort of payment before the exchange, such as a shipping fee or other cost, that the buyer promises to pay back upon delivery of the item. Naturally, this is a scam, and the buyer is only after the seller’s money and potentially their confidential financial information, such as a credit card number.
A picture may be worth a thousand words, but not all of them are guaranteed to be true. In a brick-and-mortar store, the consumer has the advantage of seeing and inspecting any product they might buy for signs of poor quality or damage. Online buyers don’t necessarily have this same advantage.
Sellers can simply re-upload official product photos or highly edited photos to make a product seem better than it is in reality. The buyer might receive a counterfeit or damaged product, and unfortunately, they may not have much recourse against the person who sold it to them. If the seller’s account is reported, badly reviewed, or deleted, they can often make a new one under a different name and resume their fraud.
In an overpayment scam, a buyer “accidentally” overpays the seller by some amount–for example, $100 instead of an agreed-upon $50. The seller, who is likely a reasonable person, agrees to refund the overage. Unfortunately, in this type of scam, the buyer has paid using a stolen credit card number. When the cardholder notices the unauthorized transaction on their account, they’ll file a chargeback.
While the cardholder gets back all of the money the fraudster spent on their card, the seller won’t get back the money they refunded thinking their buyer had made an honest mistake. The phony buyer gets away with the “refunded” money and potentially even the seller’s product as well.
In another variation of this scam, there is no original payment at all. Rather, the fraudster sends a doctored screenshot of the supposed overpayment, and trusting sellers send the refund amount without checking to verify the original payment.
A request for a phone number seems innocent enough, but can also be part of a common Facebook marketplace scam. With the Google Voice scheme, a supposed buyer expresses immediate interest in the seller’s product but asks for the seller’s phone number before they’re willing to go through with the purchase.
If the seller sends their phone number, the fraudster will use it to open a new Google Voice account and then social engineer the seller into sending them the necessary verification code. The fraudster can then go on to use the new Google Voice number to perpetuate other scams with less risk of being traced back to their true identity.
Chargebacks can be a useful recovery method for victims of fraud, but unfortunately, it can also be used to perpetrate fraud against sellers. In chargeback fraud, also known as friendly fraud, a buyer uses their own credit card to make a purchase from a marketplace seller. After receiving the product, the buyer files a chargeback with their bank as though the transaction were illegitimate, even though it wasn’t.
When chargeback fraud is successful, the fraudster gets away with the product and their money while the seller loses out on processing fees, the original payment, and the product they wanted to sell.
Fraudsters on an online marketplace have a negative impact on that platform’s digital trust. When fraud is prevalent, users trust a platform less, meaning they make and spend less money. What’s more, the more legitimate users that stop using a platform, the further the platform gets from its target market, making trust and safety initiatives more difficult.
Overall, scams on online marketplaces result in lost revenue, poor user retention, and loss of digital trust.
There are a few things administrators can do to protect themselves and their users from marketplace fraud.
When people log on to an online marketplace to do business, they’re placing their trust in the marketplace administrators to safeguard them from fraudulent sellers. Marketplace admins have the responsibility of maintaining that trust by taking on the responsibility for fraud detection and prevention.
Some marketplaces, such as Facebook Marketplace, offer protection plans for purchase, but these plans only address fraud after the fact.
Marketplaces should instead address bad actors at the root of the problem by implementing better onboarding and authentication tactics. Many fraudsters commit their crimes from a different location than the one they target, so tools like real-time address validation and location spoofing detection can be helpful in weeding out legitimate customers from those with bad intentions and keeping track of high-risk merchant accounts.
In cases of repeat offenders, location and device intelligence can also be used to detect device farms and fraudsters using multiple burner accounts.
Ultimately, it’s in everyone’s best interest that fraud numbers on marketplaces remain low. When fraud risk is low, sellers and buyers can transact with confidence, increasing engagement and profits for the marketplace administrators and customer satisfaction for the users.