[pc]

I think it depends a lot on your target audience.

- If your users are "in control" of their own business -- if they handle refunds and customer service issues themselves, if they'd like to log in to their own dashboard, etc. -- I think Connect[1] makes more sense. This is what, say, Squarespace uses.

- If your sellers are providing a service to another company, and expect that the company will take care of everything (a la Lyft and Postmates), I think the transfers API is a better fit.

Does that make any sense?

[1] https://stripe.com/connect

[pyduan]

To add on this, I would advocate you to think more in terms of user experience (which pc addressed very well) rather than fraud liability when making your decision.

Of course it depends how big your customers are, how well-educated about fraud your users are, and your own tolerance for risk, but in my experience transferring the risk liability onto your customers is a very bad idea if you can avoid it.

Even if you're not technically liable, your users will blame you and hold you responsible if they end up losing money to fraud, even more so if their online stores are hosted on your website (which is probably the case if you're referring to your product as a marketplace).

Because they are potentially much smaller than you are (if you are offering a self-service platform, this is the kind of users you'll tend to get), they are extremely sensitive to risk and they are at high risk of incurring a catastrophic (to them) loss. If that happens, leaving them to their own device will be extremely bad PR and will potentially cost you more business than if you had absorbed the loss. I was talking to a friend who works on the fraud team at Square (who use Stripe Connect), and I recall they reached this same conclusion after one of their merchants on SquareSpace was attacked by fraudsters. We don't use Stripe at Eventbrite but I can guarantee we could even never suggest passing the fraud losses onto the event organizers without losing a lot of business.

So don't imagine that by having your users register their own Stripe account you will be cleared of fraud issues (at least for buyer fraud -- merchant risk is another issue). Instead, just pick the solution that makes the most sense in terms of product and ease of accounting.

Also, because as the owner of the marketplace you have much more data than any individual merchant, you are better equipped to detect and fight fraud than they are -- if you have the capability and are able to assume the risk I would highly encourage you to do so, even if it means increasing fees for your users to cover your costs. As a nice side-effect, you'll even be able to advertise a "no fraud liability" policy for your users which may sway potential customers that were hesitant with trusting some online platform to handle their money.

[callmeed]

The type of fraud that is endemic to many marketplaces is exactly what can be prevented by going with the Stripe Connect approach. In a nutshell, what happens is (a) fraudster creates a fake "store" in your marketplace, (b) they run purchases through that store with stolen credit cards, (c) they attempt to have the funds transferred to a bank account. Your own founder even talked about it [1] and I've had to deal with this quite a bit at http://nextproof.com

Actual merchants in the marketplace are rarely affected other than the user experience. But when all the chargebacks come back to you, it severely affects the bottom-line. I also think the user-experience has improved quite a bit (with Stripe Connect, you can have users provision their own Stripe account during signup).

I would also argue, given how how "lean" many startups and MVPs are, many marketplaces are actually smaller and more at risk than the sellers they serve. Most marketplaces don't have $200M in funding and data scientists like EventBrite ;)

[1] http://techcrunch.com/2011/06/16/founder-stories-eventbrite-...

[pyduan]

Oh, I completely agree -- I am well aware of this (in fact as you can guess we have a similar challenge problem with fraudulent even organizers). Which is why I precised I was talking about buyer fraud and not merchant fraud, and that one should only undertake risk if he has the capability to do so.

When you run a marketplace you are sensitive to risks both from the merchant and the buyer. The first kind would be what you are describing and you are right that Stripe Connect mitigates this. But the latter is not a threat to ignore either, especially with the increasing number of high profile credit card breaches. What happens is that fraudsters attack legitimate merchants by purchasing goods using stolen credentials and reselling them later for full profit.

I just saw your marketplace was a platform for photographers -- in this case you are right my point doesn't really apply to you, because photographs have little resell value so such platforms will indeed not be a big buyer fraud target. Hopefully though my advice will be relevant for other people. For some platforms losses due to buyer fraud are able to potentially dwarf those due to than merchant fraud, mostly because the latter tends to be much easier to detect: for a merchant, you have many data points to figure out if they're fraudulent; for a single purchase you only have one!

[necubi]

If you're dealing with a lot of marketplace fraud, you might take a look at Sift Science (http://siftscience.com). We're a YC company that uses machine learning to detect fraud, and we have a number of marketplaces using us successfully (including AirBnB, Uber and Kickstarter).

[tim333]

How does Stripe Connect prevent the fake store, stolen card numbers scam? I'm genuinely curious here.

[Kliment]

The chargebacks go to the fake store, rather than to the marketplace operator.

[tim333]

Ah, thanks.