“Though verifying a phone number during our sign up process is optional, we see more than two-thirds of our new users opting-in.”
OfferUp was founded in 2011 as the world’s simplest and most trusted mobile-first market place. OfferUp focuses entirely on the US market but what sets them apart is their innovation in the peer to peer space. Originally conceived as a marketplace, OfferUp has expanded into payments and shipping. Recently, OfferUp debuted a new feature that will place money in escrow on a de facto hold. This protects the seller against a buyer that gets cold feet. It also protects a buyer that might be more comfortable keeping an entire transaction on the platform. When a buyer reserves an item via the Hold Offers button on the app it becomes marked as sold. At that point, OfferUp authorizes an associated credit card to make sure the money is there to pay for it. When the meet up to exchange the item occurs, the buyer pulls up a QR code for the seller to scan. Users can tie their OfferUp accounts to credit cards or mobile services such as Samsung Pay, Apple Pay and Google Pay.
These cutting edge developments have created new revenue streams for OfferUp but also new security concerns. At the moment they are one of the most valuable start ups in the Pacific Northwest. What is more encouraging however is the amount of time users spend on the app, which has been comparable to major social media sites. OfferUp has also gained incredible penetration in its focus markets of the western United States with more than 15% of the adults in those markets using the app regularly. OfferUp continues to focus on aggressive expansion while keeping its platform and users safe, which is where TeleSign enters the picture.
Items sold on OfferUp can range in value from a couple dollars to a several thousand with people selling a wide range of items from antiques to classic cars. As such and with OfferUp expanding into mobile payment processing, holds and shipping it was critical to find a new way to register and verify their users. OfferUp had been using email verification but was starting to see account takeover become a problem. As OfferUp grew so did the target on their back, they decided to seek a partner to provide an added layer of security so they could keep their sterling reputation as the most trusted mobile-first market place.
After a thorough search, OfferUp decided to partner with TeleSign on a verification solution that would leverage 2FA with an SMS message and one time passcode. The idea behind this solution is that users now have their phone number as a trust anchor. By providing something you know(password) and something you have (mobile device) an extra layer of security was added to OfferUp’s platform. Furthermore in the event of a password reset flow, OTPs to a device are much more secure than email. By implementing this simple solution, OfferUp saw their account takeover (ATO)attacks drop dramatically. It also made certain that they were protected against future legislation such as California’s CCPA. Additionally, OfferUp leveraged a TeleSign mobile identity solution that relies on carrier data and phone intelligence to give a company certain insights about their users. In this instance OfferUp chose the Phone ID Device Info API which can tell a platform which kind of device their user has. This can of course help out for user experience (UX) reasons but also security. If a user is typically on aniPhone but then makes a several thousand dollar purchase on an Android device, the Device Info API can flag for a security review. All in, OfferUp had a seamless implementation of TeleSign solutions. Fraud is down, the company continues to grow and we look forward to seeing what OfferUp does when it eventually expands into new territories where all of its new users will rest easy knowing that OfferUp rests under the security blanket of TeleSign.
TeleSign offers up phone verification for OfferUp
OfferUp is the world’s simplest and most trusted mobile-first market place. Founded in 2011, OfferUp focuses entirely on the US market (at the moment) and has its strongest foothold on the west coast, specifically Los Angeles. OfferUp grew very quickly. In fact, according to venture capital expert Mary Meeker, OfferUp’s first five-year rise in gross merchandise value and the amount of time users spend on the platform dwarf the rest of the peer to peer marketplace industry. Aside from impressive growth, OfferUp is now focused on ancillary features such as shipping, in-app payment, a hold feature, and even the ability to put money into escrow to add a level of security for a person to person cashless transaction.
Alas, with great power comes great responsibility. OfferUp faced a problem with the account takeover (ATO). With lots of transactions and money on the line especially as OfferUp moved into the mobile payment space, the company became a target for fake accounts and fraudsters looking to exploit any obvious holes for their own gain. As originally constructed, OfferUp leaned on a fairly weak email verification process, one that could be gamed by even a novice hacker. With their platform exploding with growth and a valuation nearing the stars, OfferUp knew they needed to nip this issue in the bud before it became a major problem, so they turned to TeleSign.
As the pioneers in phone-based verification, TeleSign knew exactly how to provide a comprehensive SMS based verification solution to help OfferUp. OfferUp indeed implemented a three-pronged solution to increase their security and ensure they could maintain its mission of being the most trusted market place in the industry. The first step was to add SMS verify, a product that leverages 2-factor authentication (2FA) by utilizing a person’s cell phone. While creating an account a six-digit one-time passcode (OTP) is sent to the user’s phone proving that they are indeed the person they say they are. Furthermore, that number is then stored and in the case of a password reset, another OTP is sent to the number on file to help prevent account takeover. Perhaps most interestingly though OfferUp wanted to know what type of device their customers were using, so they implemented a TeleSign data solution, specifically the Phone ID Device Info API which will return to a business a type of device. This can be helpful for UX reasons. For example the user experience could be optimized differently whether a user is on an iPhone or an Android, but also if a user is customarily using one or the other and a foreign device pops up this can be a red flag for fraud. All in, OfferUp saw ATO drop dramatically with the implementation of a comprehensive TeleSign security solution. As they move toward universal adoption by their millions of monthly active users the OfferUp platform literally becomes more secure by the day.