Back to Operations & Scaling
Operations & Scaling ArticleIntermediate

Marketplace trust + fraud prevention from day one

How to design trust into a marketplace before fraud becomes a customer-acquisition tax — the controls that prevent both sides from gaming the system.

EE
Published 1d ago 1

Marketplace fraud is the silent killer most founders don't model until it's eating 10-15% of GMV. The trust-and-safety surface you build in year one determines whether the marketplace scales or collapses under bad-actor weight. Here are the controls that actually work, by category.

The four fraud surfaces

Identity fraud — fake accounts on either side. Bots inflating supply, fake buyers running chargeback schemes, sellers with multiple accounts to game ratings.

Transaction fraud — chargebacks after delivery, payment fraud, money-laundering through the platform.

Reputation fraud — fake reviews, sockpuppet 5-star accounts, review-trading rings.

Disintermediation — supply and demand exchange contact info on the platform then complete the transaction off-platform to avoid fees.

Each requires different controls.

Identity fraud controls

  • Phone verification on signup. Cuts bot signups 90%+. SMS verification via Twilio, Vonage, or any major provider. Trivial to implement; massive deflection.
  • Stripe Identity or Persona for higher-value sellers. Government ID + selfie for sellers above a transaction threshold. Cost is real ($1-3/verification) but the fraud savings dwarf it.
  • Device fingerprinting. FingerprintJS, Castle, or Sift detect when the same device creates multiple accounts. Critical for catching multi-account rating manipulation.
  • Email domain rules. Block disposable email domains at signup. Most fraud accounts use them.

Transaction fraud controls

  • Stripe Radar (free, on by default with Stripe Payments). Catches the obvious patterns. Tune the rules as fraud patterns emerge in your data.
  • Holdback period on payouts. Don't release funds to sellers until 24-72 hours after delivery confirmation (longer for high-value items). Stops the "deliver-and-chargeback" pattern.
  • Two-factor authentication on seller dashboards. The most common takeover vector is credential stuffing, not novel attacks. 2FA stops 99% of it.
  • Velocity limits. New accounts can transact up to $X/day; lifts after positive history. Stops large-loss bursts on day 1.

Reputation fraud controls

  • Reviews tied to verified transactions. Cannot leave a review without a confirmed purchase. Stops fake-review services dead.
  • Anomaly detection on review patterns. Reviews bursts (10 reviews in 2 hours, all 5-star) are 95% likely fake. Auto-quarantine for human review.
  • Cross-account review-ring detection. Same set of users reviewing the same set of sellers — classic review-trading. Graph analysis catches it.

Disintermediation controls

  • Mask contact info pre-transaction. Phone numbers proxied, messaging in-app only, no email exchange until purchase is confirmed.
  • Make the platform genuinely valuable beyond matching. Escrow, dispute resolution, insurance, recurring booking, calendar integration. Disintermediation happens when the platform's only value is the introduction.
  • Penalise direct contact info in messaging. Detect and warn on email/phone patterns in messages. Some platforms ban accounts; warning works for most.

The realistic cost

For a marketplace at $1M GMV/month:

  • Fraud loss budget: 0.5-2% of GMV ($5-20k/month) at maturity. Higher in year 1 (3-5% range).
  • Trust-and-safety tooling: $500-3,000/month at this scale.
  • Trust-and-safety headcount: 0 at <$5M GMV, 1 at $10-50M GMV, full team at $50M+.

The companies that under-invest in T&S in year 1 pay 3-5x more in fraud loss and customer-churn later. The companies that over-invest spend on tooling they don't use yet. The middle path: implement the basics (phone verification, Stripe Radar, transaction-tied reviews, contact masking) immediately; expand as patterns emerge.

What to do today

  1. Audit which of the four fraud surfaces you have controls on. Most marketplaces have 1-2; aim for all four.
  2. Add phone verification at signup. ~2 hours implementation.
  3. Tie reviews to verified transactions. Block off-transaction reviews entirely.
  4. Mask contact info pre-purchase if you haven't.
  5. Set a fraud-loss budget as a line item in your operating plan. Tracking it makes it manageable.

Discussion

0 comments

Sign in to join the discussion.

Be the first to comment. The Bible community reads every thread.

Keep reading

More from Operations & Scaling