If you missed the biggest event of the year in marketplace trust and safety (or if, like me, your short-term memory expired 4-8 hours ago), fear not: Here are the highlights and lowlights from the Marketplace Risk Management Conference in San Francisco last week:
Most shocking: Ghost cities of slaves
I received this spam message on my Uber ride to the airport the morning after the conference ended. Look familiar? By now you’re probably aware that this is a scam known as “pig butchering”. You may also already know that the scammers are generally victims of human trafficking (Didn’t know? This podcast is required listening).
But if you’re like me, you probably did not know the nation-state scale of the crime. In her keynote speech, Erin West, Founder of Operation Shamrock, described a horrifying but unignorable reality: that China is sponsoring a $50 billion fraud operation against U.S. targets—far exceeding the scale of hobbyist scammers buying expensive lambos—built on modern slavery. “I can’t overstate what I saw.” In photos, Erin shared stories from the campuses of buildings housing full-time scammers, many or all of them victims of human trafficking, who were abducted after responding to phony online job ads, booking flights to their new countries, and intercepted at the airport where their passports were confiscated before being bussed to their new prison-homes.
I thought the humanity of Erin’s keynote was an important and grounding kick-off to a conference that would then overdose on AI pontification. The lesson: fight harder against scams, recognizing the enormous human cost of the cities of slaves whose backs the industry is built on.
Biggest facepalm 🤦♂️: Deregulatory headaches
The Marketplace Risk Advisory Board kicked-off day two with a great panel on marketplace trends for 2025. I laugh-cried the most during the conversation on de-regulation. “Oh gee,” said Julia Breyer, Deputy General Counsel, Instawork, “How do I figure out how to comply with 50 different sets of laws, whereas you used to only have to think of one?”
Last year I spent weeks researching the INFORM Consumers Act and the broad industry support it enjoyed for replacing a patchwork of state laws with a federal standard. Amazon argued that “establishing a standard, nationally consistent expectation for the entire industry is a positive development that will help ensure small businesses selling products online do not have to manage an unworkable patchwork of state-level regulations.” eBay said “We’re grateful to lawmakers who partnered with eBay to align on one federal compliance standard that prevents burdensome information collection requirements.”
The INFORM Act is still on the books (requiring marketplaces to verify their high-volume third party sellers), but given there’s been no enforcement action to date, it’d be surprising if we saw anything in the remaining 3 years 7 months and 29 days of the current term. It’ll be interesting to see which regulatory gaps states feel the need to step in and fill. My money (unsurprisingly) is on stricter verification standards for marketplace sellers at a time when AI-generated synthetic identities are pacing to overwhelm legacy verification systems.
Thanks Garrett Olson, Jeff Sakasegawa, Julia Breyer, Kimmie Restificar, and Kristin Kupiec for the discussion
Biggest threat: Synthetic identity fraud
Some self-dealing here as Middesk’s Product Lead Andrea Hong spoke on a panel with Clutch’s Senior Director of Operations and Marketplace Risk Advisory Board Member Kimmie Restificar on how to catch synthetic identities posing as legitimate business sellers to defraud marketplace buyers... BUT: it’s a huge problem. Marketplaces are extra vulnerable to this type of fraud because seller identity verification systems generally focus on individual sellers, leaving business verification to manual review processes that have a much harder time spotting synthetic identities.
To understand why verifying business legitimacy is so much more difficult for a manual reviewer than verifying individual sellers, consider the questions you need to answer for each. With individuals, there are really only three questions: Does this person exist? Is this person who they say they are? And do I want this person on my platform? But when it comes to verifying businesses, there are at least 7 questions to verify the business, the person, and the person’s right to represent the business. That means there is much more surface area for a fraudster to blend real and fake business information into a synthetic identity that a manual reviewer can easily miss.
We weren’t the only ones talking about synthetic identity fraud. In the panel First-Party Fraud 2.0: Synthetic Identities, Face Swaps & Deepfake Manipulation, justified ranting i.e. “identity verification is kind of bullshit” abounded. Airbnb Product Manager and former IRS Special Agent Dave Griesbach criticized as inadequate the “two-dimensional” identity checks in the age of hyperrealistic deepfakes, where asking “Does this driver’s license match this face?” tells you nothing.
But the thing keeping Dave up at night “is when we get to first parties using gen AI and agentic processes to commit third party fraud”, i.e. creating a synthetic identity to impersonate you and claim third party fraud that’s actually first party.
In the final segment of the panel dubbed bullish or bullshit?, “First-party fraud will soon outpace third party fraud” received the most aggressive audience head nods and emphatic YESes from the panelists. “As we as a society have the ability to physically distance ourselves from the fraud, we’ll commit more of it. In a world of AI agents that take us further and further away, people will say ‘An agent did that, I’m not really a bad person.’” Oof. Wake me up when it’s over.
Thanks Dave Griesbach, Eamon M, Kyle De Freitas, and Vanita Pandey for the discussion.
Best cookie analogy 🍪
People who know me know I love cookies. I have one almost every day from Lowrider Cookie Company (pictured above, nationwide shipping here. I don’t get a kickback but honestly I should). When asked “What advice would you give smaller marketplaces just starting out with incidence response?” Doordash’s Kristin Kupiec answered “Don’t expect perfection. I kind of see it like baking cookies: You’re going to burn the first batch.”
The analogy was great, but Kristin had another that brought the conference full circle for me. Read on.
Worst of Marketplace Risk: AI mumbo jumbo
We did it too. I built a slide titled “How are you using AI in 2025 to fight fraud?” and forced Dre and Kimmie to talk about it. This isn’t a shot at any individual speaker because we’re all guilty of it. But good God. The AI nonsense speak has gotten out of hand, which I say as a technologist who read AI 2027 for pleasure and believes AGI is 2 years away. But listening to every session with my marketing hat on, all I could think was “how can we have a conversation about AI that leaves the audience with real next steps?”
The most telling moment of the whole conference was when Unit21’s Head of AI Tyler Allen asked the audience “How many people in the room here use AI?” and everyone raised their hands, but when Tyler followed up with “How many use AI in their day to day lives to automate actions for them – i.e. send an email without even looking at it?” NOT ONE PERSON RAISED THEIR HAND!!!!!
Nobody is using AI in their day to day lives to automate actions for them. Yet. Whatever you think about AI, this is a useful pulse check on the state of the technology in marketplace Trust & Safety today.
In conclusion: Humanity and cookies
Closing us out by bringing it back to cookies and humanity, while we still have cookies and humans to enjoy—
Members of the Marketplace Risk Advisory Board were asked to share their top piece of advice for trust and safety professionals. Doordash’s Kristin Kupiec replied “Always focus on wellbeing first. Because if you don’t, you’re going to have five trays of burnt cookies instead of one. If you don’t focus on wellbeing first, then you’re not going to do right by the next of kin, or whoever was harmed.”
I thought that was a poignant reminder of the humanity at the heart of Trust and Safety work, even more so during a conference that overdid it on AI. Let this be a reminder to center wellbeing on the job—ours, our colleagues, and all the people whose lives are impacted by this work.
“You don’t want to be a burnt cookie yourself,” joked the moderator. “I am one burnt cookie. I’m charred.”
.png)
