Marketplace security — buyer/seller isolation + payout security + fraud detection
Marketplace = double the threat model. Each side needs auth + BOLA scope + fraud detection. Plus: payout security and category-specific safety controls (rentals, labor, finance).
Top security risks
Payout fraud
Attacker takes over seller account, changes payout bank, drains earnings before detection.
Cross-side BOLA
Buyer enumerating seller-only routes, or vice-versa.
Listing fraud
Bot-generated listings, fake reviews, manipulated ratings.
Restricted-category gap
Marketplace selling restricted goods (alcohol, prescription, weapons) without category gating exposes the platform to abuse.
Regulatory context
Securie focuses on the security-engineering surface: per-side auth scope, payout-change re-MFA, listing review, and bot-detection verified on every change.
Checklist
- Per-side auth scope (buyer-only vs seller-only routes)
- Payout-change requires re-MFA + cooldown
- Listing review queue (manual + ML)
- Bot-detection on signup
- Restricted-category gating per goods sold
Two-sided marketplaces are evaluated on trust signals from both sides — buyer protection + seller payout safety + dispute resolution.