The organised fraud networks are now systematically targeting online marketplaces in Jamtara style as to what it did to the banking networks. Coordinated groups are exploiting systems at scale, and are now playing out across eCommerce. The fraudsters are using features designed to drive growth such as return policies, cashback offers, referral incentives, and Cash-on-Delivery (CoD) are increasingly being misused. An analysis by Bureau, an AI-powered risk decisioning platform, has showed that marketplace fraud today is structured, coordinated, and operating at scale. In its detailed study, Bureau saw an average of 1 in 6 risky devices having more than 10+ accounts associated with the same device, which is typically a sign of a “farm.” This was also consistent with signs of large-scale automation, where for instance, in some cases, a single account recorded 50+ instances of activity within just one hour. In total, 256 clusters were mapped, comprising ~45,000 accounts across just 9,000 devices. As per the study, promo and referral abuse remains widespread, with device farm activity particularly concentrated in Delhi, Bengaluru, and Noida. Some platforms recorded up to 15 times the typical share of users operating multiple accounts, indicating that incentive structures can directly influence fraud volume. Return abuse is also systematic. Fraudsters order high-value goods and return counterfeits, empty packages, or reject deliveries altogether. Bureau’s models detect these patterns early using device, address, and behavioural signals often before a return is initiated. Bureau highlighted that at the core of this e-commerce fraud is device farming. A device farm where multiple phones are operated together acts as the operational backbone of these fraud networks. It allows fraudsters to run and control dozens, sometimes hundreds, of accounts simultaneously, switching between them at speeds no individual user can match. This infrastructure enables different levels of abuse. At the most visible layer, it is used to commit promo and referral abuse by creating multiple accounts to repeatedly claim incentives. But this is only the entry point. The more critical function of device farms is to systematically move across large volumes of accounts to identify which ones can be exploited further. In effect, these systems “scan” or parse through accounts hopping rapidly from one to another to detect those with saved cards or linked wallets. These become the high-value targets for direct financial fraud. What appears to be simple incentive abuse is often a filtering mechanism to identify accounts that can be monetised. The scale and automation behind this activity are evident in the behavioural patterns observed. The study surfaced strong location anomalies: in one case, an account logged in from Gujarat and Bengaluru within 30 minutes; in another, a single account was active across 70 locations, patterns consistent with automated account cycling, not human behaviour. Get Latest News Live on Times Now along with Breaking News and Top Headlines from Business, Economy and around the World. Vikas Kumar is Deputy Editor (Business) at Times Now driving coverage across policy, economy and markets. He possesses nearly a decade of experience i... View More