Background
Shill bidding has long been a problem in online auctions, damaging trust and artificially inflating prices through deceitful practices. At GoDaddy Auctions, we're committed to creating a fair and transparent auction environment, driving us to continuously enhance our fraud prevention measures. We understand the importance of quick action and are dedicated to implementing updates with urgency. This article highlights our recent innovations in fighting fraud, including the introduction of ID verification.
Understanding shill bidding
Shill bidding is a fraudulent practice where individuals manipulate auction outcomes by placing false bids. These deceptive bids create an illusion of high demand, artificially inflating the final price, and negatively impacting genuine auction participants.
Shill bidding can manifest in several ways:
- Sell/Solo: One seller places bids on their own item using one or more accounts.
- Sell/Coordinated: Multiple sellers collaborate to artificially raise auction prices.
- Buy/Solo: One buyer uses different accounts to set low and then high bids.
- Buy/Coordinated: Multiple buyers collaborate to place low and then high bids.
In recent years, GoDaddy Auctions has encountered buy/solo and buy/coordinated shill bidding. Bad actors would place low bids and then raise them to unreasonably high amounts to disincentivize genuine buyers from bidding. When the high bidder didn't pay, they would try to acquire the domain as the second-highest bidder, avoiding payment for the inflated bid.
The impact of shill bidding
The impact of shill bidding goes beyond financial losses. It undermines customer trust, affects revenue by selling domains below market value, and strains our resources as we manage fraudulent accounts and communications.
Combating shill bidding involves the following phases and responses:
- Prevention: This step focuses on measures to stop shill bidding, including setting automated rules and monitoring bidder behavior.
- Mitigation: This step involves reducing the impact of shill bidding after it occurs, such as identifying shill bidders, canceling their bids, suspending their accounts, and maintaining communication with customers to restore trust.
At GoDaddy, we prioritize the prevention phase.
As we enhance our ability to fight shill bidding, we have to make changes and updates to technology, processes, vendors, and systems. The TrustStar Iceberg is a useful analogy of what those changes are and the customer's visibility to them. The changes to the UI, such as the revamped Settings page and ID verification, are visible to the customer; the other changes are not. But they holistically contribute to the company's TrustStar, the goal of making GoDaddy Auctions the most trusted platform for purchasing aftermarket domains.
GoDaddy’s strategy
We use advanced "fraudulent signals" to identify potential shill bidders by tracking unusual activity, payment discrepancies, and suspicious bidding patterns. These signals are monitored across the entire GoDaddy ecosystem, allowing us to spot suspicious behavior early. Our teams manually test detection rules, tweak them for accuracy, and then automate them for better response to potential fraud.
The following image illustrates the three areas of focus in the prevention phase, ordered by their occurrence in the customer journey.
Our teams focus on three key areas to strengthen platform integrity:
- Membership Purchase: Buyers must purchase an Auctions Membership subscription and verify their identity before bidding. We evaluate signals such as payment method and contact information during this phase.
- Account Verification: To prevent individuals from creating multiple accounts for fraud, GoDaddy Auctions uses account verification. Since April 2024, we've switched to a more reliable ID verification method, replacing PayPal.
- Bid Verification: Our dynamic bid verification system flags suspicious bids before submission. We’ve been experimenting with identifying unusual bidding patterns and automatically suspending suspicious accounts.
ID verification
This new trust capability strengthens the GoDaddy Auctions member verification process with a five-step form that enforces CAPTCHA and includes submitting a valid government ID. The following image shows the new auction ID verification form required for existing members who haven't completed verification, and new members with low trust scores. This form must be completed to lift bidding restrictions.
The following image shows a bidder's account status which they can now view in the updated settings page to see if they need to complete verification:
The updated Settings page fits into the larger multi-quarter effort to revamp the GoDaddy Auctions frontend. The revamped frontend is written in JavaScript and TypeScript, is using React and Gasket (an open source framework created at GoDaddy), and is deployed as a containerized multi-region application running in AWS EKS. The revamp delivers reduced operational complexity, and improved user experience, performance and availability. It also increases our team's experimentation velocity because it integrates with Hivemind, our internal experimentation platform.
Most people know ID verification involves capturing an ID and confirming the person matches the provided details. Behind the scenes, GoDaddy's verification service ensures data accuracy, checks for forgery, and identifies any information about that person previously flagged as potentially fraudulent. The auctions membership service enforces OAuth as the authentication and authorization method for calls made by the verification service to update a member's verification status.
This project involved over 50 team members from different departments within GoDaddy. The result was a mix of existing capabilities and new developments.
We've observed significant reductions in shill bidding since implementing this improved account verification approach.
Looking ahead
At GoDaddy, we're constantly evolving our fraud prevention strategies to ensure a safe and reliable platform for all users. We've implemented new measures, some of which work quietly in the background.
Key shill bidding updates in 2024
- January: Refined bidding monitoring rules with automatic account suspension for obvious offenders.
- February: Introduced instant bans for members attempting to use duplicate PayPal credentials.
- March: Increased fees for shill bidding-related offenses, including non-payment for won domains.
- April: Implemented ID Verification V1 to replace PayPal.
- May: Released ID Verification V2, with centralized GoDaddy profile updates required.
- June: Blocked remaining PayPal surfaces used by fraudsters.
- July: Enforced selective re-verification for previously verified suspicious accounts.
- Ongoing: Developing machine learning technology and automation to detect and prevent fraudulent behavior.
We're committed to staying ahead of evolving threats. Our efforts have led to a reduction in shill bidding and an increase in customer satisfaction. If you suspect shill bidding on our Aftermarket platform, email auctions@godaddy.com and provide any relevant information to help us investigate the issue. We're proud of the progress we've made and excited about the future of our platform.
The cover photo for this blog post was generated using GoDaddy's internal Content-as-a-Service (CaaS), which provides a centralized platform for querying different LLMs.