Fraud Investigation

A fraud investigation is an examination of evidence to determine if someone deliberately deceived others to unfairly advance their own interests. In terms of Trust and Safety, it involves identifying marketplace rules violations and other behaviors that could pose risks to users and the system.

‍

‍

How is a Fraud Investigation Different from a Criminal Investigation?

Not all fraudulent behaviors that break a marketplace’s rules, or otherwise put its users at risk, are necessarily criminal acts. So a marketplace fraud investigator’s primary goal is to first assess if a case of suspicious activity does, in fact, constitute fraud or another rules violation. Their top priorities in doing so are to protect users – including their accounts, money, and sensitive information – and to safeguard the overall integrity of the marketplace platform.

‍

If, after fulfilling these top priorities, the investigator has uncovered evidence of criminal fraud, then they can contact the appropriate authorities. Regulators and law enforcement officials can then launch criminal investigations to prosecute the fraudsters. The marketplace’s Trust and Safety team will likely assist with these investigations, but its main focus remains keeping the platform functional and safe.

‍

How Long Does a Fraud Investigation Take?

The length of the fraud investigation process depends on whether or not fraudulent activity is actually discovered and, if it is, on its complexity. Simple incidents of opportunistic fraud may only take anywhere from a day to a week to close the book on. More sophisticated fraud cases – especially those involving fraud rings – can take months or even years, often requiring the assistance of law enforcement.

‍

‍

Trust and Safety Investigation Outcomes

A marketplace fraud investigation may determine that suspicious activity didn’t constitute fraud, a marketplace rules violation, or other behavior that put users or the platform at risk. Other times, it will find a mild violation and let the offender off with a warning, or a mild account restriction.

‍

In more extreme cases, where the violation is severe and/or is from a repeat offender, the marketplace may hand down a temporary or permanent account suspension. If the investigation finds evidence of potential criminal fraud, then law enforcement officials will be brought in to prosecute offenders.

Trust and Safety investigations require a dedicated team of professionals with diverse skill sets. This is because they often involve the team working simultaneously with affected marketplace customers and merchants, other internal marketplace teams, and external stakeholders such as financial institutions and law enforcement. Here are a few key roles.

‍

• Policy manager – The person who develops the guidelines for the marketplace. They mainly help with determining which rules may have been violated by certain activities.
• Investigation specialist – The main Trust and Safety investigator, who collects and analyzes evidence to determine whether a marketplace user’s activity actually constitutes a risk or rule violation. They can also take disciplinary action against offending users, as well as report to the policy manager(s) on gaps in the rule system to fill.
• Incident manager – An investigator who handles time-sensitive, high-severity marketplace violations that may not be totally covered by existing rules. They will also likely work with other marketplace teams on ways to avoid similar situations from happening again.
• Customer support specialist – A person who liaises with marketplace customers who file disputes and/or are the victims of rules violations. Their job is to understand how to help customers resolve problems, including how the marketplace could be improved for a safer customer experience.

Fraud can come in many forms. Here are three categories of fraud that tend to happen in marketplaces, along with what Trust and Safety teams should prioritize when investigating each type.

‍

‍

Debit and Credit Card Fraud Investigations

Credit and debit card credentials are prime targets for fraudsters. Criminals find ways to steal these credentials and then sell them on the black market. Or, they will copy the credentials to counterfeit cards and make purchases on a marketplace for themselves with the victims’ money.

‍

A Trust and Safety team should start a credit or debit card fraud investigation by collecting details surrounding any transactions the cardholder has disputed. It should look for unusual patterns in things like when the transactions took place and where they were initiated (i.e. geolocation and/or IP address). It should also analyze the actual cardholder’s previous account activity to assess whether or not they would have likely made these purchases anyway.

‍

‍

Wire Fraud Investigations

Wire fraud is a very broad category of fraud. It refers to using any type of electronic telecommunication (as opposed to physical mail) to attempt to deceive someone for profit intentionally. It can include advance fee fraud, phishing, hiring scams, and telemarketing fraud.

‍

Wire fraudsters tend to strike quickly and then disappear just as fast, so time is of the essence in wire fraud investigations. That’s why it’s important for marketplace Trust and Safety teams to have processes in place for swiftly documenting details such as:

‍

• Any communication that facilitated the fraud
• How many times the fraud occurred
• When the fraudulent transaction(s) occurred
• The number and type of accounts involved
• The types and amounts of money and/or credentials that were compromised
• Any intermediaries that authorized the transaction(s)

‍

This information will help financial institutions and law enforcement further investigate these cases of fraud.

‍

‍

Cryptocurrency Fraud Investigations

Criminals are increasingly using cryptocurrency in their schemes to defraud people. This is because cryptocurrency payments are difficult to reverse due to how the blockchain infrastructure on which they operate works. They also by and large lack legal protections, unlike credit and debit payments, because crypto regulations are still being developed.

‍

Crypto fraud contains many of the hallmarks of wire fraud, such as suspicious “too good to be true” investment offers that supposedly need to be acted on urgently. Investigating it requires tracing a fraudulent transaction to a cryptocurrency wallet, then using KYC processes to attempt to identify the wallet’s owner. From there, the investigation usually requires law enforcement to issue legal orders in order to recover the stolen money.

The process of investigating marketplace fraud can differ depending on the specific type of fraud being carried out, as well as its scope. However, some general steps taken in most or all investigations include the following:

‍

‍

1. Decide whether an investigation is warranted

Potential fraud activity in a marketplace can be detected in multiple ways. A customer might file a complaint disputing a transaction. Or the marketplace’s suspicious activity monitoring tools pick up indicators of unusual exchanges. Or an internal audit might find strange patterns.

‍

Perform an initial examination of evidence on hand to judge whether there is a need to investigate the situation further. Ask questions such as:

‍

• Does the behavior violate the marketplace’s policies or otherwise put it at risk?
• Who is allegedly responsible, and do they have histories or red flags of fraud?
• What accounts, resources, or credentials were allegedly impacted?
• Is a reporting person or entity acting in good faith, with evidence to back their claims?

‍

‍

2. Plan a strategy

If it’s determined that the suspicious activity is likely fraud, a Trust and Safety team needs to put a plan in place for how it will investigate further. Things to consider include:

‍

• Who will be involved in the investigation, and what their roles will be
• Which specific acts will be investigated as part of this case
• What evidence and testimony will be needed, and how to get these things
• How long the investigation should take
• What the end goal of the investigation is

‍

‍

3. Collect and analyze evidence

Once an investigation plan is in place, a Trust and Safety team should quickly request, collect, and preserve any relevant documents before they are deleted or destroyed. These may include paper documents as well as emails, account profiles, transaction logs, text messages, and so on. Analyzing the evidence using fraud investigation software can help the team decide how best to approach interviewing other people or entities relevant to the case.

‍

‍

4. Conduct interviews

Next, a Trust and Safety team should correspond with individuals and entities that may be able to provide further information. These include customers, merchants, financial institutions, etc. Analysis of the gathered evidence should inform considerations such as:

‍

• What the goal of each interview should be to find out
• In what order relevant people or entities should be interviewed
• When each interview should be conducted
• How each interview will logistically be conducted
• When interviewees should be notified of their required assistance
• What each interviewee should be told about what to expect from the interview

‍

‍

5. Report the findings

After analyzing collected evidence and interviewing relevant parties, the Trust and Safety team should write a summary of the case thus far. This should include an analysis methodology that leads to a conclusion of what happened in the incident. It should also include any suggestions for resolving the case, as well as preventing similar abusive behavior going forward.

‍

Write the report for a general audience, as both internal and external stakeholders may want to read it. Also note in it whether the case is potentially criminal in nature, and therefore may require law enforcement to get involved.

‍

‍