Marketplace security — buyer/seller isolation + payout security + fraud detection

Updated May 1, 2026

Marketplace = double the threat model. Each side needs auth + BOLA scope + fraud detection. Plus: payout security, regulatory compliance per category (rentals, labor, finance).

Top security risks

Payout fraud

Attacker takes over seller account, changes payout bank, drains earnings before detection.

Cross-side BOLA

Buyer enumerating seller-only routes, or vice-versa.

Listing fraud

Bot-generated listings, fake reviews, manipulated ratings.

Regulatory category miss

Marketplace selling regulated goods (alcohol, prescription, weapons) without compliance = FTC + state-AG action.

Regulatory context

Section 230 (US platform liability), DSA (EU Digital Services Act), regulated-goods category-specific laws.

Checklist

Per-side auth scope (buyer-only vs seller-only routes)
Payout-change requires re-MFA + cooldown
Listing review queue (manual + ML)
Bot-detection on signup
Regulatory category compliance per goods sold

What your buyers look for

Two-sided marketplaces are evaluated on trust signals from both sides — buyer protection + seller payout safety + dispute resolution.