The Marketplace Risk Management Conference (MRMC) gathered together marketplace fraud and risk management practitioners for two days of knowledge sharing on May 17th and 18th in San Francisco.
I had the pleasure of spending time with several hundred of my closest trust and safety friends, and while Zoom calls and YouTube recordings are nice, hallway conversations at in-person events elevate your understanding of the industry to another level. MRMC was particularly interesting for me in highlighting some of the challenges that marketplaces face in controlling fraud while at the same time providing an optimal user experience that keeps good market participants coming back for more.
Socure participated in a number of speaking opportunities, including a conversation led by our own Vice President of Emerging Markets, Candace Sjogren, where she talked with fraud experts from About-Fraud.com (a global community of fraud fighters), Turo (a car sharing marketplace), and Chargelytics (an industry analyst firm) about marketplace trust and safety trends. They shared the framework shown below that illustrates the customer lifecycle and demonstrates where identity verification, content moderation, step-up friction, and 2FA come into play.
I led a workshop on mitigating Account Takeover (ATO) attacks which turned into a therapy session with participants reliving crises and sharing best practices in countering ATO (TLDR: there are no ATO silver bullets – you need multiple defensive layers that evolve as fraudsters change tactics). Some learnings I gathered from the presentations and conversations with these thinkers and practitioners include:
- Marketplace trust is a big deal – One marketplace looked at their average participant spend before and after an ATO attack and found that participants who suffered an ATO attack reduced their spending by 60%. Marketplace customers victimized by ATOs typically blame the brand, and that can cause a reduction in transactions or cause the customer to simply stop returning. A loss of trust has financial consequences.
- ATO attacks – Marketplaces have seen a recent spike in ATO attacks, some of which one industry analyst attributed to the war in Ukraine and Russia trying to make an illicit profit from ATO. The analyst offered an additional hypothesis that the fraud opportunity around government stimulus during the pandemic through programs like the Paycheck Protection Program (PPP) has dried up for fraudsters, and now bad actors have transitioned to preying on marketplaces.
- Profit-driven fraud rings – These are the major threats mentioned by most marketplaces. It is not the opportunistic or isolated fraudster so much as gangs that probe marketplace processes for weaknesses and then launch large-scale attacks that often result in material losses.
- Mitigating ATO attacks – There is no single solution to addressing the ATO problem. Best practices include putting in place identity verification that allows only good users to participate in the marketplace, transaction fraud controls to catch what might slip through, and user education to minimize ATO risk.
- ATO & account recovery – One industry analyst session highlighted the need to provide a secure, automated way to recover accounts that have been compromised by ATO to avoid a cumbersome re-authentication process. Forcing ATO victims through an additional onboarding process creates an unpleasant customer experience. You need to have an automated, streamlined, secure process that validates the user and re-admits them to the marketplace.
- Multi-factor authentication (MFA) – This has been a godsend to marketplaces that have implemented it. MFA has helped to control the ATO problem, however, validation of profile changes (updating email/phone/address information) and one-time passcode (OTP) destinations for risk and correlation with the user are still needed.
- Progressive onboarding – The concept of progressive identity verification is something that marketplaces are embracing where risk is evaluated at various touch points during the customer journey. It might be evaluating the risk associated with a name, email, and/or date of birth at account opening, but then combine that with other PII gathered at later stages to make incremental risk decisions.
- Fairness and inclusion in risk decisions – Socure customer Dwellsy is a marketplace for renters and landlords that differentiates itself by having a “zero fraud” approach. Something that caught my attention was Dwellsy’s concern about fairness and inclusion. They did not want to disadvantage any particular demographic, ethnicity, or other group, and a big reason for choosing Socure that Dwellsy’s CEO Jonas Bordo mentioned was the demonstrated attention to fairness and inclusion in Socure’s AI/ML models.
Improve Your Marketplace Fraud Management Strategy
To learn more about best practices in countering ATO, watch our popular webinar, “Countering Account Takeover Attacks with Passive Authentication” on-demand, or request a demo to speak with one of our fraud experts.
Todd is Senior Director for Product Marketing at Socure, where he manages marketing for Socure’s Fraud suite of offerings. Prior to Socure, Todd worked in cybersecurity and identity at companies including Arctic Wolf Networks, Nok Nok Labs, Vormetric/Thales, and Trend Micro.
FBI Seizes Marketplace Selling Stolen SSNs: Countering Compromised...
U.S. federal law enforcement recently announced shutting down a marketplace selling...
Marketplace Risk Management Conference 2022: Trust & Safety...
The Marketplace Risk Management Conference (MRMC) gathered together marketplace fraud and...