1/ Here's a tweetstorm about how we got caught up in some crazy fraud that nearly took down our startup.
(and why I'm a big fan of managed marketplaces)
(and why I'm a big fan of managed marketplaces)
2/ The year was 2014, Threadflip (a marketplace for women's fashion) was growing like weeds. Our team was new to the world of marketplaces. Every day, we had hundreds of users listing thousands of items for sale. The AOV (average order value) was off the charts.
3/ "Seller time to activate", a metric we were tracking very closely to see how soon a new user would sign up to become a seller and then subsequently sell the item, was looking ridiculous.
4/ "Cold start" is a legitimate problem in P2P marketplaces like Threadlfip, so for a new user to sign up with no history on the site and to list items that actually sold within 24 hours was unheard of! So, I guess we were doing something pretty awesome?
#sabrage
#sabrage
5/ Up till this point, we really hadn't had any chargebacks (when a user complains to the credit card company about a charge they didn't authorize).
But for the first time in the company's history, we were starting to experience chargebacks.
But for the first time in the company's history, we were starting to experience chargebacks.
6/ The volume of chargebacks was so high that we were put on notice by Stripe (this was before Stripe had any fraud detection products and Sift was a very nascent product and company)
What the what...
What the what...
7/ So we dug in - we created a daily Looker report to inspect qualitatively. Some interesting patterns emerged:
New user signs up and within a few minutes they create an item for sale typically for ~$1500 (the item was typically a handbag with a stock description).
New user signs up and within a few minutes they create an item for sale typically for ~$1500 (the item was typically a handbag with a stock description).
9/ And within a few hours of the item getting created, it would be purchased by another account that was also created within the last 24 hours. Most often with the exact same IP address as the seller (some were sophisticated enough to use different IPs).
10/ So why was this seller buying from themselves and paying us a 20% commission?
Well, the buyer was using a stolen credit card (hence the chargeback from the original card owner). And there was never any actual items/goods that exchanged hands.
Well, the buyer was using a stolen credit card (hence the chargeback from the original card owner). And there was never any actual items/goods that exchanged hands.
11/ So to sum up:
- "seller" creates fake item
- "buyer" buys fake item using stolen CC (seller & buyer are the same person)
- seller makes 80% of the sale price (20% rake)
- seller cashes out ASAP
- original CC owner issues chargeback
- we are f'd
- "seller" creates fake item
- "buyer" buys fake item using stolen CC (seller & buyer are the same person)
- seller makes 80% of the sale price (20% rake)
- seller cashes out ASAP
- original CC owner issues chargeback
- we are f'd
12/ After some sleuthy investigation, we discovered that we were being targeted by a ring. And they were relentless. The attacks were brutal and the scammers were sophisticated and continued to try everything under the sun.
13/ We very quickly put a BUNCH of checks into place to prevent these from happening, which helped save our business.
Marketplace fraud including big time money laundering is actually quite pervasive in P2P marketplaces: https://nypost.com/2017/11/27/criminals-are-reportedly-using-airbnb-to-launder-money/
Marketplace fraud including big time money laundering is actually quite pervasive in P2P marketplaces: https://nypost.com/2017/11/27/criminals-are-reportedly-using-airbnb-to-launder-money/
15/ Managed marketplaces, FTW!
/fin
/fin