When Trust and Safety teams are alerted to suspicious activity on a marketplace, they have to determine a few things. Does the activity actually violate the marketplace’s rules, or put its customers or platform at risk in some way? What specifically happened, who was involved, and what was compromised? And how should the marketplace resolve the situation?
These questions are part of the process of conducting a marketplace fraud investigation. Here, we’ll explain more about this process, including who’s involved in it and what its general goals are. We’ll also cover what a marketplace fraud investigation typically looks like, along with what Trust and Safety teams tend to emphasize when investigating certain types of fraud.
A fraud investigation is an examination of evidence to determine if someone deliberately deceived others to unfairly advance their own interests. In terms of Trust and Safety, it involves identifying marketplace rules violations and other behaviors that could pose risks to users and the system.
Not all fraudulent behaviors that break a marketplace’s rules, or otherwise put its users at risk, are necessarily criminal acts. So a marketplace fraud investigator’s primary goal is to first assess if a case of suspicious activity does, in fact, constitute fraud or another rules violation. Their top priorities in doing so are to protect users – including their accounts, money, and sensitive information – and to safeguard the overall integrity of the marketplace platform.
If, after fulfilling these top priorities, the investigator has uncovered evidence of criminal fraud, then they can contact the appropriate authorities. Regulators and law enforcement officials can then launch criminal investigations to prosecute the fraudsters. The marketplace’s Trust and Safety team will likely assist with these investigations, but its main focus remains keeping the platform functional and safe.
The length of the fraud investigation process depends on whether or not fraudulent activity is actually discovered and, if it is, on its complexity. Simple incidents of opportunistic fraud may only take anywhere from a day to a week to close the book on. More sophisticated fraud cases – especially those involving fraud rings – can take months or even years, often requiring the assistance of law enforcement.
A marketplace fraud investigation may determine that suspicious activity didn’t constitute fraud, a marketplace rules violation, or other behavior that put users or the platform at risk. Other times, it will find a mild violation and let the offender off with a warning, or a mild account restriction.
In more extreme cases, where the violation is severe and/or is from a repeat offender, the marketplace may hand down a temporary or permanent account suspension. If the investigation finds evidence of potential criminal fraud, then law enforcement officials will be brought in to prosecute offenders.
Trust and Safety investigations require a dedicated team of professionals with diverse skill sets. This is because they often involve the team working simultaneously with affected marketplace customers and merchants, other internal marketplace teams, and external stakeholders such as financial institutions and law enforcement. Here are a few key roles.
Fraud can come in many forms. Here are three categories of fraud that tend to happen in marketplaces, along with what Trust and Safety teams should prioritize when investigating each type.
Credit and debit card credentials are prime targets for fraudsters. Criminals find ways to steal these credentials and then sell them on the black market. Or, they will copy the credentials to counterfeit cards and make purchases on a marketplace for themselves with the victims’ money.
A Trust and Safety team should start a credit or debit card fraud investigation by collecting details surrounding any transactions the cardholder has disputed. It should look for unusual patterns in things like when the transactions took place and where they were initiated (i.e. geolocation and/or IP address). It should also analyze the actual cardholder’s previous account activity to assess whether or not they would have likely made these purchases anyway.
Wire fraud is a very broad category of fraud. It refers to using any type of electronic telecommunication (as opposed to physical mail) to attempt to deceive someone for profit intentionally. It can include advance fee fraud, phishing, hiring scams, and telemarketing fraud.
Wire fraudsters tend to strike quickly and then disappear just as fast, so time is of the essence in wire fraud investigations. That’s why it’s important for marketplace Trust and Safety teams to have processes in place for swiftly documenting details such as:
This information will help financial institutions and law enforcement further investigate these cases of fraud.
Criminals are increasingly using cryptocurrency in their schemes to defraud people. This is because cryptocurrency payments are difficult to reverse due to how the blockchain infrastructure on which they operate works. They also by and large lack legal protections, unlike credit and debit payments, because crypto regulations are still being developed.
Crypto fraud contains many of the hallmarks of wire fraud, such as suspicious “too good to be true” investment offers that supposedly need to be acted on urgently. Investigating it requires tracing a fraudulent transaction to a cryptocurrency wallet, then using KYC processes to attempt to identify the wallet’s owner. From there, the investigation usually requires law enforcement to issue legal orders in order to recover the stolen money.
The process of investigating marketplace fraud can differ depending on the specific type of fraud being carried out, as well as its scope. However, some general steps taken in most or all investigations include the following:
Potential fraud activity in a marketplace can be detected in multiple ways. A customer might file a complaint disputing a transaction. Or the marketplace’s suspicious activity monitoring tools pick up indicators of unusual exchanges. Or an internal audit might find strange patterns.
Perform an initial examination of evidence on hand to judge whether there is a need to investigate the situation further. Ask questions such as:
If it’s determined that the suspicious activity is likely fraud, a Trust and Safety team needs to put a plan in place for how it will investigate further. Things to consider include:
Once an investigation plan is in place, a Trust and Safety team should quickly request, collect, and preserve any relevant documents before they are deleted or destroyed. These may include paper documents as well as emails, account profiles, transaction logs, text messages, and so on. Analyzing the evidence using fraud investigation software can help the team decide how best to approach interviewing other people or entities relevant to the case.
Next, a Trust and Safety team should correspond with individuals and entities that may be able to provide further information. These include customers, merchants, financial institutions, etc. Analysis of the gathered evidence should inform considerations such as:
After analyzing collected evidence and interviewing relevant parties, the Trust and Safety team should write a summary of the case thus far. This should include an analysis methodology that leads to a conclusion of what happened in the incident. It should also include any suggestions for resolving the case, as well as preventing similar abusive behavior going forward.
Write the report for a general audience, as both internal and external stakeholders may want to read it. Also note in it whether the case is potentially criminal in nature, and therefore may require law enforcement to get involved.