Neighbor quickly detects and proactively deters organized fraud attacks with Persona

Neighbor is a marketplace that allows homeowners to rent unused space on their property (think basements, spare bedrooms, etc.) to individuals looking to store their personal belongings. This gives homeowners a way to earn extra monthly income and renters a cheaper storage solution.

Problem: Neighbor’s manual approach to investigating fraud wasn’t scalable

Like most industries, marketplaces are under attack — 65% of marketplaces report seeing more account takeovers, and 82% of shoppers have recently seen a fake review.

Neighbor is no exception, as evidenced by the influx of fraud it saw after launching an aggressive referral program over the holidays. “We wanted to do something to maintain growth through the slow season,” explains Simon Fullerton, Neighbor’s senior manager of trust and safety. “Our referral program is typically about $50 for both parties if you successfully refer a friend, and we ramped that up to $300 each.”

Knowing this sign-up bonus would attract fraud, the team put processes in place to mitigate the inevitable attacks. “We knew people would likely try to take advantage, so we set up a manual process for reviewing these payouts. While we definitely saw a significantly higher amount of fraud than we were expecting — we had some 300 accounts created over roughly 24 hours — we already had the processes in place to deal with it. It was pretty tedious, but it ended up really saving us in this instance.”

Unfortunately, while Neighbor’s fraud mitigation efforts were effective — it didn’t pay out anyone other than confirmed good users — they weren’t efficient. “We weren't quite prepared for that level of effort from fraudsters against us — it was a really tedious process to go in and review,” Simon admits. “We got lucky in the fact that these fraudsters were overly formulaic in how they approached it, so they were actually pretty easy to identify.”

Simon knew Neighbor couldn’t rely on luck to fight future fraud attacks, saying “If I could go back, I definitely would introduce more automated systems.” As such, he began looking for a more efficient solution.

‍

Solution: Neighbor uses Persona’s link analysis tool, Graph, to quickly detect and deter organized attacks

When Neighbor surfaced its fraud concerns to its customer success team at Persona, the team demoed Persona’s new fraud investigation and link analysis tool, Graph, which happened to be the exact solution Neighbor was looking for. “Linking systems like Graph are so important. We wanted something like this very badly, so when Persona showed us the tool, I immediately said, ‘Yep, I want that. That's something we need,’” Simon recalls.

And Simon wasn’t the only one who was impressed. “There were some jaws-on-the-floor kind of reactions when we saw how it would work because getting this kind of linking information has been so tedious for us, and Graph’s interface is so beautiful, easy, intuitive, and even kind of enjoyable to use. So my team was ecstatic.”

Before Persona, finding and removing fraud clusters was extremely manual for Neighbor, as its database wasn’t built with trust and safety investigations in mind. “We really had to dig into our data to try and find those indicators for collusion, which was a lot of manual ad hoc SQL queries into the databases, looking for things like IP address, device IDs — things that we had, but gaining access to see those and the connections was really complicated,” Simon explains. “So it was pretty tedious and complicated to go and do these investigations.”

Graph makes it easier to proactively fight fraud by helping organizations find accounts that are linked by IP address, device fingerprint, browser fingerprint, SSN, email address, phone number, and more. For example, if someone tried to create a Neighbor account to score a referral bonus — and then create 50 more accounts — Graph could surface all the accounts associated with the original account’s IP address and allow Neighbor to block all the accounts at once, along with future linked accounts.

“It was obvious this is something we needed to just really hone in on these organized group attacks against our site and to be able to identify them and tackle them quickly. So it was a pretty easy sell,” shares Simon.

Results: With Graph, Neighbor’s trust and safety team has more time to proactively investigate and fight fraud

Since implementing Graph, Neighbor has seen immediate benefits. “Graph has cut through a lot of previous issues, especially in the sense of quickly identifying if this is a problematic group of individuals or just a single lone wolf bad actor. We can find common threads of IP, device ID, address, phone number, verification documentation, and government IDs, and quickly figure out what we're dealing with without a lot of in-depth effort or pulling in another team."

Not only does Graph help speed up investigations, but it also allows Neighbor’s trust and safety team to conduct expert-level investigations without painful engineering work. “Graph gives my team the ability to identify the various levels of fraud and issues that we're seeing and determine quickly what we need to do to deal with this, which has been phenomenal — much better than having to write a new SQL query every time something comes up, bug an analytics person to get us the data, and bug an engineer to see if they know how something works. It cuts through all of that, keeps it on my team, and makes it quick.”

In fact, Graph frees up so much time that Simon now tells other teams to report any unusual behavior on the site so his team can investigate. “Graph lets me make my team available to the rest of the company. We can tell everyone, ‘If you see something weird, ping trust and safety’ and my team can take that information, plug it into Graph, and go, ‘oh hey, this bad actor is linked to a lot of other accounts. So it really gets us from, ‘hey, I've noticed a problem’ to doing something about it really quickly.”

‍