The risk for startups from breach of trust is much higher as they enlist customers through technology and promise and not through legacy. The threat of non-financial risks, particularly TRUST factors are on the increase and every startup must put a plan in place.
June 15, 2017
Traditional risk models are inadequate in the P2P market place or shared economy due to their inherent inside-out focus, i.e., reliance on internal data. In the shared economy, where a large part of the interaction is online, it is important to establish trust elements (e.g. Airtel doing Know-Your-Customer checks for a financial transaction or Uber enlisting a driver or Airbnb onboarding a host or guest) beyond the confines of in-house data. Traditional risk management focuses on building models based on internally available data which does not capture the full online identity of a user. Furthermore, P2P marketers try to minimize the friction for a user to be onboarded. Online marketers and startups should instead move to Trust modelling that uses external data from social media, web pages and online databases for a 360 degree Trust assessment. This article explains what p2p companies or online operators must do to take advantage of the recent explosion in data and access for trust and safety.
Think of this situation; you are finally getting some traction on your platform, getting some press on your startup and you are on your way to sign a Series A round. And then, one of your key members comes in and says that they are seeing some malicious behavior on your site. It can be underage usage (portrayed in Silicon Valley Season 4 ), promotion offer being misused, safety event with a customer, payment fraud, chargeback fraud, money laundering , prostitution rings  or all of the above.
When startups are in their early stages, the focus is primarily on growing the key metrics related to the product. This could be number of users, revenue etc. With a small team size, it is hard to dedicate resources to trust. However, this can be harmful in the long run. As the platform grows, bad actors will find ways to misuse it. The outcomes can range from significant financial loss, to bad press and may even lead to shutting down the company.
Here is what you need to start doing:
For the technically uninitiated, logging is recording data about a program’s execution. Most modern applications are extremely complex and have a large number of moving parts. Ideally all the endpoints of your application must be logged. There needs to be a team identifying all the trust and risk points and logging them. The logs must be informative enough that when there is a complaint, the team is able to retrace the event with less effort. This will also be useful for risk management and compliance. More on that later.
Having the logs is not enough though. You will need the infrastructure to analyze the logs and generate key metrics which track all the malicious activities on your platform.
Every platform has a set of loyalists who genuinely believe in the platform’s vision and want to ensure that it is being used in the right manner. This is especially visible in platforms like Quora and Reddit where malicious content creators are shut down pretty quickly. The user interface must allow good users to report easily and report often. At worst, it alerts you to the problem and at best it might even shut down the problem. This also helps you bootstrap a dataset for the problem.
A good starting point to solve the problem is to divide your malicious activity into two categories:
- Issues common to the industry like spam, chargeback fraud etc.
- Issues unique to your platform; e.g. Rider safety is a problem only in companies like Uber and Lyft.
For problems common to the industry, there is no point in reinventing the wheel. As the first layer of defense, you should evaluate the vendors in the space and hire the one most suited to your need. The evaluation must be based on precision and recall 4 of the vendor’s algorithm to detect bad activity, along with cost and latency. You will also need to decide the policies on what you are going to do with the data received from the vendor. Should you ban the users flagged automatically or send it through a manual review or send a warning to the user? Trust Vendors should have distinctive knowledge of the platform, analytics and proprietary technology and tools to get into the root and address.
The next step is to solve the problems unique to your platform. Ideally you should build out a team internally, from people who have been working on the problem in some capacity. By creating a dedicated team, you are empowering them to make an impact on the platform along with sending the message that you are serious about trust and risk. Other important components of the team are data analysts and labelers who will be the human experts who can identify malicious activities and create datasets for your data science team to work on. You should also hire experts in the industry who have built such teams in the past. Finally, the team should also comprise of business and product leads who can ensure integration of trust and risk into the product appropriately.
A large part of trust and risk is to identify what tradeoffs you can live with. Tradeoffs may include requiring users to add more identity information to limit fraud at the cost of a lower signup rate. These decisions are not easy to make. This might cause friction between the product and sales teams and the trust and risk teams. The best way to integrate trust and risk is to make it an integral part of your product and brand. It should be thought of as the team saving you from existential threats. Addressing Trust risks comprehensively in a layered manner is not only crucial for long term survival of the platform, but may also save you from major financial losses. It’s always better to be safe than sorry.
 Statt, N. (2017, May 01). HBO's Silicon Valley wades into a heated debate about privacy policies. Retrieved May 24, 2017, from https://www.theverge.com/2017/5/1/15504692/hbo-silicon-valley-season-4-episode-2-terms-of-service-recap
 PayPal Faces U.S. Investigations over Money Laundering and Sanctions. (2017, May 02). Retrieved May 24, 2017, from http://paybefore.com/pay-gov/paypal-faces-u-s-investigations-over-money-laundering-and-sanctions/
 C. K. (2016, February 09). Airbnb hosts warned that pimps and prostitutes are renting apartments to use as temporary BROTHELS. Retrieved May 24, 2017, from http://www.dailymail.co.uk/travel/travel_news/article-3438473/Airbnb-hosts-warned-homes-used-brothels.html
 Precision and recall. (2017, May 18). Retrieved May 24, 2017, from https://en.wikipedia.org/wiki/Precision_and_recall