Realizing our vision of providing both a buying and selling experience that exceeds expectations to create a marketplace so inviting that even first-time users want to sign up requires us to battle against stealthy opponents.

In a previous edition of Mercan, we showcased an initiative that made eKYC mandatory on Mercari to guarantee that users know who is on the other end of their transactions. In this article, we’ll explore the work of the teams supporting our anti-fraud measures—who are responsible for supporting the sense of user safety on which our marketplace stands.
Hundreds of spam comments posted in an instant; listings containing counterfeit goods; users lured to external services: On C2C marketplaces like Mercari, the daily battle against malicious users, known as “bad actors,” is unrelenting.
However, fraud prevention is not just about eliminating bad elements. Mercari advocates for two things: the thorough elimination of fraudulent users and thorough aid for users caught up in transaction disputes. We don’t just cut out bad actors; we also work to protect and nurture users using our services in good faith. For this article, we spoke with two key figures about this philosophy and its implementation.

Conducting comprehensive care against fraudulent activities with a broad perspective

—What kinds of fraudulent activities have occurred on Mercari?

@ryutoro: There are three main types.

The first is leading users to external services. What this refers to is comments or profile text that leads one user to contact the other via a third-party chat service, effectively diverting them from Mercari. If a transaction occurs outside of Mercari, we cannot protect the user from fraud. This is why it is positioned as one of the most serious violations.

The second kind of fraudulent activity we see is spam. Users who post a large number of comments in a short time or repeatedly list the same item are guilty of this. We’ve seen a resurgence of spam since last autumn. At times, hundreds to thousands of spam comments are posted in a single day.

The third kind is malicious transactions. Such transactions include listing counterfeit items, repeatedly canceling after making a purchase, and posting defamatory comments.

• Leading users to external services: Using the comments section or a user profile to lure users to an external service, allowing interactions outside of Mercari
• Spam: Disrupting the Mercari user experience of a service by posting a massive number of comments in a short period of time or repeatedly listing the same item
• Malicious transactions: Listing counterfeit items, abusing the platform’s cancellation options, posting defamatory comments, and other such activities

—How have you addressed these fraudulent activities?

@ryutoro: When I first joined, we focused on responding to fraud one listing at a time. When we detected that an item had been listed by a bad actor, we would freeze each individual listing, effectively treating the symptoms instead of the root cause. However, this approach folds against a large number of fraudulent listings. In the past, there were cases where thousands of listings were made in the space of a few hours.

To fight this, we adopted an approach that hunted down the original account and effectively restricted it. In other words, we shifted from playing whack-a-mole with fraudulent users to focus on taking out the nest.

—What specific mechanisms do you use to detect fraudulent activities?

@ryutoro: Our operations rely on three mechanisms, namely detection, restriction, and deterrence.

1. Detection: Comprehensively identifying suspicious activity

• Simple rule-based mechanisms tend to be overcome quickly, so comprehensive judgments based on multiple factors are employed instead.
• Detection covers fraudulent scores, ID detection in images, profiles, comments, and listing images.

2. Restriction: Slowing down bad actors and nipping their activities in the bud

• This approach shifts from treating the symptoms at the listing level to curing the problem by focusing on problematic accounts.
• Detecting behaviors typical of spam accounts and imposing temporary regulations reduces the momentum of spam attacks and buys time.

3. Deterrence: Rather than just punishing bad actors, focus on protecting and nurturing users who use our service in good faith

We don’t just shut users down. At the foundation of what we do is a desire to create an environment where well-meaning users can continue to use our services with peace of mind. This is where our ideas of elimination and aid come into play.

—It’s my understanding that account monitoring takes a broad perspective based on comprehensive judgment criteria.

@ryutoro: Yes. If fraudulent activity is judged solely on specific conditions, normal users could be inadvertently affected, and the system would also be easy to overcome. So, similar to comprehensive care practices used in medicine, we aim to make comprehensive judgments from multiple perspectives, not just based on a single symptom.

From the time they register their accounts, bad actors generally share distinct traits. They might be using a distinct device or behaving unnaturally immediately after registration. The comprehensive evaluation of these traits is what we call the “account fraud score.”

@pyon: On the product side, we are also mindful of designing the marketplace to be inherently difficult to abuse. To curb the speed at which spam comments can be posted, we have implemented a posting-rate limit that sets a cap on the number of comments that any individual user can post per hour. This buys us time to identify and suspend the offending account. We do this with a combination of product specifications and monitoring.

—What measures are in place to prevent users who use the system properly from being punished?

@pyon: Bad actors share some common traits. For example, in the case of spam comments, a bad actor will post an overwhelming number of comments—far more than you would expect from a regular user—and then abandon them. Ordinary users would never do that, right?

@ryutoro: When determining the criteria for “regular user behavior,” we monitor how many times the average user posts comments in a day and how frequently they list items. Comparing the results of monitoring the usage of normal users versus the usage of bad actors, we saw that the bad actors were posting a comparatively large number of comments. In this way, accurately understanding the normal usage of regular users is the first step in countering fraudulent use.

---

Balancing “elimination” and “aid” in the belief that human nature is fundamentally good

—I have heard that a distinctive feature of Mercari’s anti-fraud measures is the return to the belief that human nature is fundamentally good.

@ryutoro: So, when we addressed the pointed opinions expressed on social media in November 2024, we sought to explore what monitoring policies should be implemented to revise the abuse monitoring system. This led us back to the belief that human nature is fundamentally good.

When abuse occurs, instead of suspending the account after the user’s first offense, we start by issuing a warning message along with a temporary usage restriction to raise awareness. There are individuals who will reconsider their actions as a result of receiving a warning. However, if we detect that they are still abusing the marketplace, we have a system in place to suspend their account.

—What is the reasoning for not having a one-strike rule?

@ryutoro: Everyone makes mistakes. There are times when people break the rules without even realizing it. As platform providers, it is just as important to protect the rights and opportunities of users who use the platform properly as it is to eliminate user accounts that violate the rules.

Of course, we take immediate action in cases of clear malice, such as when there is a group committing fraud or when a user repeatedly violates the rules even after receiving warnings. However, for those whose intentions fall in a gray area, we first attempt dialogue. Implementing thorough elimination of fraudulent users and providing through aid for users are not actually contradictory ideas.

—How have you managed to get the practices of “elimination” and “aid” to coexist?

@pyon: We prioritize designs that reward good users rather than punish bad ones.

For example, we link behavior to search rankings. We have implemented a system that makes it difficult for listings from sellers with a high risk of disrupting the platform from appearing in search results. Last autumn, one of our Product teams introduced this feature, which enabled us to significantly reduce post-purchase cancellation rates.

We are also promoting initiatives to visualize good user behavior by evaluating recent transaction actions, such as by awarding “badges” to users. Rather than deliberately punishing users for bad behavior, an ideal design is one where users exhibiting good behavior are chosen naturally for rewards.

—What do you do for a regular user in the event their account is restricted after being inadvertently flagged for bad behavior?

@ryutoro: When we impose account restrictions, we always establish a clear process for the user to reinstate their account. If a user hasn’t completed the identity verification process, they can regain account usage by verifying their identity. For those who have already completed identity verification, we handle their cases more cautiously. If they contact us and we can confirm that there was no fraud committed, we lift the restrictions.

Since we are restricting the rights of users, we must also consider the legal risks involved. That is why when we receive feedback, we thoroughly examine the content and ensure we respond in earnest.

---

AI usage and the challenge of eliminating root causes

—How would you like to further develop these initiatives using AI and LLMs going forward?

@pyon: Recently, we’ve been focused on addressing unfair ratings. There are cases where the buyer gives their transaction a negative rating simply because the seller refused to negotiate their price. Alternatively, the buyer might complain that the shipping was slow even though the item was shipped on time. I would like to leverage AI to prevent users from being subjected to unreasonable experiences like these.

@ryutoro: We are moving toward utilizing transaction messages proactively, while also handling them with due care. For example, if a user receives an unreasonable rating that they cannot explain, being able to leverage AI to instantly determine whether the claimant has a transaction history of sending aggressive messages would help us with our decisions.

Going forward, we have plans to leverage LLMs by using AI to automatically propose adjustments, such as by suggesting that we add a certain rule based on increases in a particular word pattern.

—I understand your work also tackles the root causes of fraud, right?

@ryutoro: Yes. I don’t think we should resolve issues simply by offering compensation from customer support when problems arise, but rather address the root causes of why these problems occur at all.

Many of the disputes that happen between users are due to a gap in expectations between the seller and the buyer regarding the item in question. For instance, there are cases where the item is described in the listing as being “like new,” but when it actually arrives, it has scratches on it—this is evidence of a difference in perception.

@pyon: We have the capacity to resolve this sort of issue on the product side; we can create ways to add metadata that more accurately conveys the item’s condition, create systems to detect damage automatically through image recognition, and keep records of the item authentication results. By helping to align how the seller and the buyer perceive an item, we can create conditions where problems are less likely to occur. I believe the ultimate form of anti-fraud measures is design that prevents fraud from occurring in the first place.

---

Working to create a world where “safe and secure” is the norm

—In closing, could you each share the ideal that you are aiming for?

@ryutoro: By working collaboratively with AI, we aim to understand more than just binary distinctions like whether a user’s intentions are good or bad, but also the intentions and background behind the user’s actions in a deeper and more multifaceted way. Furthermore, to create an environment where everyone can cooperate, we need to focus not only on technically advanced initiatives but also on building trust with users and enhancing psychological safety. Specifically, we will work on creating an environment where users can conduct transactions seamlessly and without stress, and if a problem does come up, the user can always consult Mercari’s user support.

The struggle against bad actors is endless. Their methods of deception are constantly evolving. However, we will continue to evolve both our technology and ideas.

@pyon: From the user’s perspective, the fundamental assumption must be that Mercari is safe; we want to provide a system that empowers users to identify and resolve any specific concerns or risks on their own.

We want to provide users with the base materials that will allow them to determine whether they can enter into a transaction with a person in advance and have a clear path to resolution in the event there are any problems. By consistently applying the principles of thorough elimination of fraudulent users and through aid for users, we aim to create a marketplace where everyone can buy and sell with confidence.

—Mercari isn’t just looking to root out bad elements, but also to protect and nurture the good ones as well. I think you’ve both conveyed the company’s determination as a platform provider. Thank you for your time today.

Photography: Tomohiro Takeshita