Digital Fraud Wiki

Your source for the latest fraud intelligence, insights, research, and commentary.

Buyer-Seller Collusion

What is Buyer-Seller Collusion?

Buyer-Seller Collusion is a specific example of a broader fraud category known as Collusion Fraud. Collusion fraud occurs anytime two entities within an organization or defined ecosystem conspire to commit fraudulent actions. Collusion commonly occurs in the workplace, in the insurance sector, and in markets where two or more entities agree to work together to fix prices or stifle competition.

In buyer-seller collusion, the colluding parties form the two sides of a retail transaction—merchant, and customer.

What Should Companies Know About Buyer-Seller Collusion?

Buyer-seller collusion is a strategy fraudsters often employ to make the movement of large amounts of money seem normal, and accordingly to make it easier to avoid detection. A typical example of this kind of fraud occurs when bad actors create fake user accounts and then use them to make purchases with stolen credit card credentials. These so-called “purchases” are transacted with fake seller accounts that have been set up expressly to enable fake transactions. No goods ever actually change hands—in fact, they don’t exist in the first place—but once the “seller” receives the funds from the stolen credit card, those funds are then cashed out. At surface level, there is nothing suspicious about these transactions—the collusion can only be detected through holistic analysis that can expose the coordination and connections between all the moving parts of the fraud.

Research from DataVisior has previously identified three additional motivations for buyer-seller collusion:

  1. To claim promotion money: E-commerce platforms often offer promotions to incentive buyer and seller activity. These funds can be illicitly claimed by fraudsters who masquerade as legitimate buyers and sellers.
  2. To artificially establish seller reputations: As a new or small seller, it can be challenging to build a positive reputation, but without one, it’s hard to get buyers. Sometimes sellers will rely on fake buyers to artificially inflate their reputations. In many cases, both the buyer and the seller are bad actors, trafficking in stolen or fake goods.
  3. To launder money: Moving money between fake buyers and sellers via fraudulent transactions can be an effective way to obscure the illicit origin of the funds.

How to Prevent Buyer-Seller Collusion

Modern fraudsters engaged in content abuse activity can create and post massive amounts of content quickly, and adjust their techniques with equal rapidity. They are able to create vast hordes of fake accounts and use them to disseminate malicious content in ways that are increasingly difficult to detect. Fraud solutions that rely on manually-created features, rules, and blacklists, to try and keep pace with rapidly evolving content abuse techniques should not be considered viable solutions.

DataVisor recently addressed large-scale buyer-seller collusion for a client—a global online food ordering and delivery platform with 100 million+ monthly active users and services in 20+ countries. The business was rapidly expanding, and encountering unique and evolving fraud problems in each new region, including buyer-seller collusion.  

The collusion in question involved three colluding entities—merchants, customers, and delivery riders. Fake “customers” were making thousands of fake orders online, fake “merchants” were pretending to prepare food, and fake “riders” were reporting as if they had delivered the food. However, no actual food delivery ever took place. What did happen is that all of the involved parties received a vast number of subsidies from the platform.

Ending the buyer-seller collusion fraud involved uncovering an extensive collusion network that contained over 50 customers, merchants, and riders, all of whom conspired to place over 200 fake orders, and to fraudulently claim subsidies from the client. DataVisor’s solutions were able to detect that all of the “customers” shared similar email patterns, device models, and GPS coordinates, and holistic analysis was able to affirm that all the suspicious orders originated only from these “customers.” In addition to these giveaways, DataVisor’s systems revealed that the intervals between order times and order deliveries were consistently between 5 and 10 minutes—a range not actually possible.  

By holistically analyzing activities, accounts, addresses, digital fingerprints, and more, to expose suspicious patterns and coordinated activities, DataVisor was able to end the buyer-seller collusion that had been plaguing the client.