Marketplace security — trust between strangers at scale
Marketplaces balance frictionless onboarding with fraud defense. Typical attacker profile: sellers selling stolen goods, buyers committing payment fraud, account takeovers to monetize reputation, safety incidents between users.
Top security risks
Seller account takeover → fraudulent listings
Attackers take over reputable-seller accounts and list fake / stolen goods. MFA + device-trust scoring.
Collusive fraud between accounts
Seller + buyer accounts owned by same party, manipulating reputation and payments.
Off-platform contact (for illegal purposes)
Buyer + seller communicating off-platform to bypass safety controls.
Identity verification bypass via AI-fake IDs
As of 2026, consumer-available AI generates passable synthetic IDs.
Regulatory context
GDPR / CCPA for user PII, age-verification laws for age-restricted marketplaces, anti-money-laundering for high-value goods.
Checklist
- Identity verification with liveness check
- Device-trust scoring (block VPN/residential-proxy from new-account flows)
- Off-platform-contact detection in messaging
- Reputation scoring that is hard to fake quickly
- Transaction holds for new accounts / high-value items
- Safety-incident escalation playbook
Marketplace investors ask about take-rate, trust-and-safety-spend %, and fraud-loss rate. Your security answers should map to those numbers.