Marketplace trust + fraud prevention from day one
How to design trust into a marketplace before fraud becomes a customer-acquisition tax — the controls that prevent both sides from gaming the system.
Marketplace fraud is the silent killer most founders don't model until it's eating 10-15% of GMV. The trust-and-safety surface you build in year one determines whether the marketplace scales or collapses under bad-actor weight. Here are the controls that actually work, by category.
The four fraud surfaces
Identity fraud — fake accounts on either side. Bots inflating supply, fake buyers running chargeback schemes, sellers with multiple accounts to game ratings.
Transaction fraud — chargebacks after delivery, payment fraud, money-laundering through the platform.
Reputation fraud — fake reviews, sockpuppet 5-star accounts, review-trading rings.
Disintermediation — supply and demand exchange contact info on the platform then complete the transaction off-platform to avoid fees.
Each requires different controls.
Identity fraud controls
- Phone verification on signup. Cuts bot signups 90%+. SMS verification via Twilio, Vonage, or any major provider. Trivial to implement; massive deflection.
- Stripe Identity or Persona for higher-value sellers. Government ID + selfie for sellers above a transaction threshold. Cost is real ($1-3/verification) but the fraud savings dwarf it.
- Device fingerprinting. FingerprintJS, Castle, or Sift detect when the same device creates multiple accounts. Critical for catching multi-account rating manipulation.
- Email domain rules. Block disposable email domains at signup. Most fraud accounts use them.
Transaction fraud controls
- Stripe Radar (free, on by default with Stripe Payments). Catches the obvious patterns. Tune the rules as fraud patterns emerge in your data.
- Holdback period on payouts. Don't release funds to sellers until 24-72 hours after delivery confirmation (longer for high-value items). Stops the "deliver-and-chargeback" pattern.
- Two-factor authentication on seller dashboards. The most common takeover vector is credential stuffing, not novel attacks. 2FA stops 99% of it.
- Velocity limits. New accounts can transact up to $X/day; lifts after positive history. Stops large-loss bursts on day 1.
Reputation fraud controls
- Reviews tied to verified transactions. Cannot leave a review without a confirmed purchase. Stops fake-review services dead.
- Anomaly detection on review patterns. Reviews bursts (10 reviews in 2 hours, all 5-star) are 95% likely fake. Auto-quarantine for human review.
- Cross-account review-ring detection. Same set of users reviewing the same set of sellers — classic review-trading. Graph analysis catches it.
Disintermediation controls
- Mask contact info pre-transaction. Phone numbers proxied, messaging in-app only, no email exchange until purchase is confirmed.
- Make the platform genuinely valuable beyond matching. Escrow, dispute resolution, insurance, recurring booking, calendar integration. Disintermediation happens when the platform's only value is the introduction.
- Penalise direct contact info in messaging. Detect and warn on email/phone patterns in messages. Some platforms ban accounts; warning works for most.
The realistic cost
For a marketplace at $1M GMV/month:
- Fraud loss budget: 0.5-2% of GMV ($5-20k/month) at maturity. Higher in year 1 (3-5% range).
- Trust-and-safety tooling: $500-3,000/month at this scale.
- Trust-and-safety headcount: 0 at <$5M GMV, 1 at $10-50M GMV, full team at $50M+.
The companies that under-invest in T&S in year 1 pay 3-5x more in fraud loss and customer-churn later. The companies that over-invest spend on tooling they don't use yet. The middle path: implement the basics (phone verification, Stripe Radar, transaction-tied reviews, contact masking) immediately; expand as patterns emerge.
What to do today
- Audit which of the four fraud surfaces you have controls on. Most marketplaces have 1-2; aim for all four.
- Add phone verification at signup. ~2 hours implementation.
- Tie reviews to verified transactions. Block off-transaction reviews entirely.
- Mask contact info pre-purchase if you haven't.
- Set a fraud-loss budget as a line item in your operating plan. Tracking it makes it manageable.
Discussion
0 comments
Be the first to comment. The Bible community reads every thread.