Sharetribe’s architecture is designed and built with best security practices in mind and prevents most common online attack vectors. However, dealing with spam, suspicious users, and financial fraud is a part of running any online business. Unfortunately, there will always be people trying to exploit platforms like yours.

The good news is that there are several practical steps you can take to make your marketplace safer for everyone.

Below are several measures you can take to stay one step ahead of spammers and attackers.

One important step of security is prevention. User Access Control helps prevent unauthorized or suspicious activity before it happens. You can use Sharetribe’s built-in access control features to ensure that only trusted users can view listings, post items, or start transactions. You can:

You can handle this verification process manually, or even automate it using tools like Zapier, which can save you time, improve the user experience and help ensure only trusted users gain access in a timely manner.

While these steps won’t stop every spam attempt, User Access Control adds an important layer of security to your marketplace.
​

Making sure the content of your emails, like welcome messages and notifications about new transactions or messages, includes clear security advice is a great way to prevent phishing attacks from being successful. Phishing attacks attempt to trick people into giving away sensitive information through deceptive emails that are written as if they're from a trusted source (such as your marketplace).

To help your users avoid phishing attempts, you can add texts informing users to never click on links that don’t point directly to your marketplace. If a link in an email or message leads somewhere else, it’s best not to trust it. This is basic internet safety, but it’s worth repeating because not everyone is aware of these risks.

You can alter the contents of all emails by going to the email text editor in Console and modifying the content of the Welcome email, the first email in a transaction, and the new messages email.

It can also be a good idea to create a dedicated page on your marketplace that explains your security measures and how your platform operates. This helps users understand what to expect and reassures them that you’re taking their safety seriously. Be clear about how you communicate and handle transactions, especially if you ever need to send users outside the marketplace for things like subscriptions or third-party payments. You can create this content using the Pages feature.

You can use our Zapier integration to get notified, as an admin, when something happens in your marketplace. You can use the notifications as an alert for anomalies. If you normally get 10 transactions per day, and suddenly, you get 50, that can be a signal of some unusual behavior. You can then log in to Console, check if the transactions are suspicious, and if they are, ban the user who's initiating them.
​
Although setting up multiple Zaps can increase operational costs of your marketplace, Zapier notifications are a valuable monitoring tool, especially if you regularly check your inbox for alerts.

Read more about setting notifications with Zapier in this article. The article is about notifications for listings pending approval, but the same principle can be applied to multiple events in your marketplace:

One of the most damaging attacks for any online marketplace is financial fraud, especially credit card testing. Credit card testing happens when a fraudster uses stolen card numbers to make small payments or test transactions, to see if the cards are still valid for later use elsewhere.

In many cases, a fraudster signs up to your marketplace and creates two user accounts one pretending to be a buyer, and another pretending to be a seller. They then perform a fake transaction with small amounts of money using stolen credit card details.

If you use Sharetribe’s built-in Stripe integration to handle payments, you should always monitor your payments in your Stripe dashboard to spot unusual or suspicious activity as early as possible. You can view the Risk Evaluation for each payment directly in your Stripe dashboard. Stripe automatically evaluates how likely a payment is to be fraudulent. Each transaction is assigned one of five risk levels:

Most payments will appear as Normal risk, meaning no suspicious activity was detected. However, if you see a payment labeled High risk or Elevated risk, take immediate action:

If you use Stripe for payments, you can also consider using Stripe Radar, a feature that offers advanced fraud detection and prevention tools. Using Stripe Radar will come with an additional cost, but it can significantly strengthen your protection against credit card testing and other financial fraud on your marketplace. Combine this monitoring with Zapier notifications and you would be able to react fast to most abuse attempts.

If you suspect that your marketplace is being targeted by spam or other attacks, contact Sharetribe Support immediately. Our team can help you respond quickly, identify potential risks, and implement additional protections. You can also reach out proactively before any issue arises to discuss extra security measures tailored to your marketplace. We’re here to help.

Besides contacting our team, you can and should enable access control features, like user approval and restricting transaction rights immediately, to limit potential damages. You should also ban all suspicious users, while the situation is resolved. These measures might affect valid users, but it is better to be safe in the immediate future. You can always unban or remove access control features later.

Staying vigilant and monitoring your marketplace, especially during the early growing days, is fundamental for the prevention and limitation of damage. Trying to keep your users informed is a great way to maintain a secure and trustworthy marketplace, but nothing beats vigilance and fast action.