OfferUp is the world’s simplest and most trusted mobile-first market place. Founded in 2011, OfferUp focuses entirely on the US market (at the moment) and has its strongest foothold on the west coast, specifically Los Angeles. OfferUp grew very quickly. In fact, according to venture capital expert Mary Meeker, OfferUp’s first five-year rise in gross merchandise value and the amount of time users spend on the platform dwarf the rest of the peer to peer marketplace industry. Aside from impressive growth, OfferUp is now focused on ancillary features such as shipping, in-app payment, a hold feature, and even the ability to put money into escrow to add a level of security for a person to person cashless transaction.
Alas, with great power comes great responsibility. OfferUp faced a problem with the account takeover (ATO). With lots of transactions and money on the line especially as OfferUp moved into the mobile payment space, the company became a target for fake accounts and fraudsters looking to exploit any obvious holes for their own gain. As originally constructed, OfferUp leaned on a fairly weak email verification process, one that could be gamed by even a novice hacker. With their platform exploding with growth and a valuation nearing the stars, OfferUp knew they needed to nip this issue in the bud before it became a major problem, so they turned to TeleSign.
As the pioneers in phone-based verification, TeleSign knew exactly how to provide a comprehensive SMS based verification solution to help OfferUp. OfferUp indeed implemented a three-pronged solution to increase their security and ensure they could maintain its mission of being the most trusted market place in the industry. The first step was to add SMS verify, a product that leverages 2-factor authentication (2FA) by utilizing a person’s cell phone. While creating an account a six-digit one-time passcode (OTP) is sent to the user’s phone proving that they are indeed the person they say they are. Furthermore, that number is then stored and in the case of a password reset, another OTP is sent to the number on file to help prevent account takeover. Perhaps most interestingly though OfferUp wanted to know what type of device their customers were using, so they implemented a TeleSign data solution, specifically the Phone ID Device Info API which will return to a business a type of device. This can be helpful for UX reasons. For example the user experience could be optimized differently whether a user is on an iPhone or an Android, but also if a user is customarily using one or the other and a foreign device pops up this can be a red flag for fraud. All in, OfferUp saw ATO drop dramatically with the implementation of a comprehensive TeleSign security solution. As they move toward universal adoption by their millions of monthly active users the OfferUp platform literally becomes more secure by the day.