Carousell is a multi-category classified and re-commerce online marketplace that makes buying and selling as easy as chatting and taking photos. While in-person cash payments are popular, digital adoption has increased the preference for online transactions. However, low digital literacy and a rise in online phishing scams increase customers' vulnerability to falling for fraud. To better protect customers against these threats, Carousell built a secure on-platform payment solution that allows for safer, faster and more convenient transactions. In 2023, Carousell further enhanced its payment solution, powered by Stripe Connect, to roll out the buy button feature to provide secure payments, integrated deliveries, and buyer protection.
After implementing Stripe, Carousell's trust and safety team spent a few months gathering data about their most common fraud attack vectors. Then, they turned to Stripe's professional services team to work together on a strategy to combat fraud threats specific to their particular business to boost their reaction time, improve customer experience, and prepare for further global expansion.
Stripe professional services partnered with Carousell for a 10-week fraud strategy advisory to build and refine its trust and safety processes. Carousell’s focus is building a trusted local community, so the teams started by creating user personas to reduce false positives and narrow down the threat model.
Fighting first-party fraud
Creating a persona for first-party fraud, often called “friendly fraud,” became the teams' first focus. This is when customers claim they have not received items. These cases are difficult for machine learning models to detect as the user initially appears legitimate. However, these cases rarely happen in isolation and are often tied to fraud rings.
The key to first-party fraud is to employ an "entity resolution" process to focus on the relationships between groups to stop fraud rings from expanding. It's important to respond with clear evidence to chargebacks (disputes) in order to help banks (through Stripe's Enhanced Issuer Network) and law enforcement acknowledge this kind of fraud and take action.
Improving the checkout experience
The teams also focused on improving the checkout flow for new customers, where fewer lifetime fraud signals were available. Typically, marketplaces apply various kinds of friction to new customers, often leading to churn. Carousell, as a secondhand marketplace, wanted a good user experience across all technical capabilities. To accomplish this, Stripe and Carousell collaborated on an approach to apply a fixed set of interventions to build a deep defense, also known as an "onion ring" risk model. This model considers a broad array of signals to choose interventions along a customer's user journey.
Combatting merchant fraud
A risk model can only be as good as its scope. In a marketplace, that scope should include the sellers, due to the possibility of merchant fraud. The teams reviewed both sellers and products holistically when designing the user personas. The result is a risk assessment matrix representing the likelihood of various merchant fraud, first-party fraud, and various forms of buyer and seller collaboration. Based on this matrix, Carousell's trust and safety team built fraud processes with multiple degrees of interventions.
Carousell worked with Stripe professional services to create user personas to determine its most significant threats, risk levels, and mitigation opportunities, without sacrificing user experience. As a result, Carousell implemented new fraud processes that reduced detection and reaction times, helping Carousell maintain low levels of fraud since the engagement’s completion. These new processes have also increased issuer authorization rates by 10%, reduced 3D Secure (3DS) interventions by 15%, lowered false positives by 75%, and reduced early payment blocks significantly.
Trust and safety is a top priority at Carousell. Stripe's professional services team was instrumental in crafting an integrated solution that precisely matched our business requirements and commitment to trust and safety for our users. Their direct support and guidance were indispensable, making it possible for us to successfully enhance complex fraud mitigation measures and strengthen our fraud prevention capabilities.