Online marketplaces may offer buyers convenience, variety, and value, while sellers gain market access, lower overheads, and sales support. But those benefits come with unique challenges in ensuring trust and safety, as well as staying on the right side of the law. To make matters worse, these anti-fraud and compliance challenges increase in complexity with cross-border transactions.

It’s a modern reality that fraudsters and other criminals exploit online marketplaces to scam users (e.g. credit card fraud or fake goods), launder money, or evade taxes. These activities can damage the reputation of the platform, erode user confidence, and expose the platform to substantial financial losses.

  • More than $100 million in stolen Covid relief funds intended for small businesses were laundered through retail investment platforms like Robinhood and Fidelity.
  • According to TSB Bank, up to a third of Facebook Marketplace ads are probably scams.
  • Anti-fraud platform, Sift, estimated that account-takeover fraud (when criminals use stolen credentials to order goods online) has risen over 350% in 2023.

Criminals are not the only external threat to your marketplace’s reputation and viability. Contravening certain types of business legislation can lead to hefty fines:

  • In 2022, the European Commission fined Amazon €773 million for anti-competitive practices involving preferential treatment for its own retail business over third-party sellers on its platform.
  • In 2021, China’s State Administration for Market Regulation fined Alibaba $2.8 billion for anti-competitive practices, alleging they forced merchants to use its own logistics and payment services.
  • In 2020, the US Consumer Product Safety Commission (CPSC) fined Wish $13 million for selling unsafe products, including counterfeit goods and toys with hazardous materials.

To prevent fraud and comply with regulations, online marketplaces need to implement robust anti-fraud and compliance mechanisms. These mechanisms should verify the identity and legitimacy of users, detect and prevent fraudulent transactions, and report suspicious activities to authorities. 

In this blog post, we will discuss some of the solutions that online marketplaces can use to enhance their anti-fraud and compliance capabilities. In particular, we look at identity verification services, anti-money laundering solutions, Stripe Radar for fraud detection, and ways to manage data protection regulations.

Identity Verification Services

Identity verification is the process of confirming that a user is who they claim to be. Identity verification is essential for online marketplaces to establish trust between buyers and sellers, prevent identity theft and account takeover, and comply with KYC (know your customer) regulations. However, verifying the identity of users can be challenging for online marketplaces, especially if they operate globally and have a large and diverse user base.

One way to overcome this challenge is to use third-party identity verification services that provide fast and accurate identity checks for online marketplaces. These services can help online marketplaces verify the identity of their users by asking them to provide personal information (such as name, date of birth, address), upload a photo of their ID document (such as passport, driver’s licence), and take a selfie or a video. The service then uses advanced technologies such as optical character recognition (OCR), facial recognition, and biometrics (e.g. liveness detection) to verify that the information matches the document and that the user is a real person.

Each marketplace presents its own identify verification challenges. A fintech platform, for example, will have different user onboarding requirements to a service marketplace. Fortunately, there has been an explosion in specialist tools. Digital banks like SoShop and Revolut use Onfido, a dedicated KYC and AML tool for financial services, which uses AI-powered identity verification and custom workflows to scale customer onboarding without increasing risk.

Anti-Money Laundering Solutions

Money laundering is the process of concealing the origin of illicit funds by moving them through legitimate channels. Online marketplaces can be used as vehicles for money laundering by criminals who use them to buy and sell goods or services with dirty money. This can expose online marketplaces to legal and regulatory risks, such as fines, sanctions, or even criminal charges.

Some common techniques that money launderers utilise on marketplace platforms:

  1. Fictitious transactions: Money launderers might create fake accounts and use them to buy and sell goods or services at inflated prices, transferring illegal funds between accounts while masking their origin.
  2. Bulk purchases of high-value items: Buying large quantities of expensive items like electronics or gift cards with cash or anonymous payment methods can be a red flag for money laundering.
  3. Splitting large transactions: Dividing large amounts of illegal funds into smaller transactions across multiple accounts can be a method to avoid suspicion and bypass reporting thresholds.
  4. Smuggling and resale: Money launderers might use online marketplaces to sell smuggled goods, disguising the illegal source of funds through online transactions.

To combat money laundering, online marketplaces need to comply with anti-money laundering (AML) regulations that require them to perform due diligence on their users, monitor their transactions for suspicious activities, and report them to authorities. However, complying with AML regulations can be complex and costly for online marketplaces, especially if they operate across multiple jurisdictions with different rules and standards.

One way to simplify AML compliance is to use third-party solutions that provide AML services for online marketplaces. These solutions can help online marketplaces verify the identity and source of funds of their users, screen them against watchlists and sanctions lists, flag and investigate suspicious transactions, and generate AML reports. By outsourcing AML tasks to experts, online marketplaces can reduce their operational burden, save time and money, and focus on their core business.

Technology is only one part of the AML equation though. For marketplace entrepreneurs, strong compliance mechanisms are crucial to deter and detect money laundering activities. These measures can include:

  • Know Your Customer (KYC) and Anti-Money Laundering (AML) policies: Verify the identity and legitimacy of users, monitor transactions for suspicious activity, and report suspicious behavior to authorities.
  • Transaction monitoring: Flag unusual activity like large cash transactions, split purchases, or transactions between high-risk countries.
  • Data security: Securely store and protect user data to prevent unauthorized access and misuse.
  • Collaboration with authorities: Work with law enforcement agencies to identify and combat money laundering activities.

Importantly for online marketplaces, AML policies can be used in conjunction with onboarding tools to reduce user friction. Art marketplace, Affordable Art Fair, implemented a conditional AML feature, which stipulated that only orders greater than £xxx from specified locations should be subject to KYC checks.

Stripe Radar for Fraud Detection

Despite enhanced user onboarding security measures, MasterCard reported that ecommerce vendors still lost $48 billion to online payment fraud in 2023. Unfortunately, identity verification is not always enough to prevent online card fraud. Fraudsters’ methods have become more sophisticated with account takeover fraud (hijacking a user account) especially on the rise.

The growth in ecommerce payment fraud 2020 - 2023
The growth in global ecommerce payment fraud 2020 – 2023

Into this breach steps Stripe Radar, a machine learning-powered fraud detection system that helps online marketplaces prevent fraudulent payments. Stripe Radar analyses hundreds of signals from each payment, such as the device used, the location of the cardholder, the behaviour of the user, and the history of the card. It then assigns a risk score to each payment, indicating how likely it is to be fraudulent. Based on the risk score, online marketplaces can decide whether to accept, reject, or review the payment.

Stripe Radar also provides tools to help online marketplaces customise their fraud prevention rules and settings. For example, they can create rules to block payments from certain countries, regions, or IP addresses, or to require additional verification for high-value transactions. They can also use Stripe Radar’s dashboard to monitor their fraud performance, identify fraud patterns, and adjust their rules accordingly.

Stripe Radar dashboard

What makes Stripe Radar especially great is that it is automatically bundled with all Stripe accounts, so no laborious integration necessary. Larger businesses can sign up for a customisable version that gives access to additional features such as adjustable risk thresholds, a custom rules engine, and manual review flows. The stage of your marketplace development and the type of industry it serves will therefore determine which version of Radar you should use. Note that there is a Stripe fee, starting at 5¢ for each screened transaction.

Managing Data Protection Regulations

Concerns about data privacy and rising online payment fraud has led governments to implement various data security regulations that stipulate how customer information should be collected, used, stored and protected. The EU’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA) are two of the most well-known. According to the United Nations, 71% of countries now have such legislation in place.

Global Data Protection Legislation - UN graphic

This may seem like an ignorable administrative burden on your nascent marketplace, but the consequences of breaching data protection regulations can be brutal.

  • In 2021, Amazon was hit with a $887 million fine for violating the EU’s GDPR laws, in particular how the ecommerce giant processed customer data for advertising purposes.
  • In 2016, Etsy received a $425,000 fine from the Federal Trade Commission (FTC) for failing to disclose customer data breaches affecting millions of users.
  • In 2014, eBay faced a $147 million fine from the California Attorney General’s office for failing to disclose data breaches to affected users.

The obvious question is how does a marketplace startup that operates across multiple international borders manage all these data protection regulations? Once again Stripe comes to the rescue with its Connect payment platform for online marketplaces. As a certified PCI DSS Level 1 service provider, it offers features that automate certain PCI compliance aspects. For example, cardholder information is processed by Stripe’s PCI DSS–validated servers.

Stripe Connect can be complemented with dedicated data protection applications like Perimeter X, whose Code Defender feature protects platforms against data breaches via digital skimming, formjacking and Magecart attacks.

Limitations of anti-fraud and compliance tools

Marketplace operators have to be careful not to see compliance and anti-fraud tools as a magic formula. Each marketplace will have unique trust and safety challenges, depending on where it operates, which products or services it sells, or which revenue model it follows.

Bad actors will always try and find ways to circumvent ant-fraud checks. AI-powered apps like OnlyFakes can now create realistic ID documents such as passports and drivers licences based on fake biographical data. In response many platforms now require users to present their identity documents during live video feeds.

Mr Bean Fake French ID Card
Even Mr Bean can get a French ID card. (Site redacted for obvious reasons)

Friendly fraud, also known as chargeback fraud, affected 34% of ecommerce vendors to the tune of $4 billion in 2023. This happens when customers dispute a legitimate card charge after receiving the goods or request a refund without returning the goods. Drivers of friendly fraud include misunderstanding of terms and conditions, impulse buying and forgetfulness. This an instance where policies, UX design and other mechanisms can be more effective than anti-fraud tools. Best practices include clear customer communication regarding cancellations and returns, clear billing descriptions, order confirmations, and first-rate customer service.

Sometimes the tool itself imposes restrictions on its use. Stripe’s Restricted Business List prohibits the use of its products to do business with users in certain countries or industries. This includes countries under sanctions such as Russia and industries such as gambling.

Anti-fraud tools can also be rendered toothless if fraudulent transactions can’t be disputed. 3D Secure, facilitated by Visa and Mastercard, protects vendors and platforms against disputes aka chargebacks. However, 3D Secure is not mandatory in all countries; Australia, for example recommends, but does not enforce its use. Sift, an AI-powered fraud detection service, which includes a dispute management feature, offers a way around this obstacle.

In conclusion, there are a variety of tools and mechanisms to protect your online marketplace from reputational damage and financial losses due to payment fraud and government penalties. However, the implementation of tools like Stripe Connect require proper integration and fine-tuning to meet the needs of your particular marketplace. Furthermore, anti-fraud and compliance tools should be supported by risk minimising platform policies and UX design. It makes sense to utilise the services of a development agency with expertise in marketplace payments systems.