Full Story: Indiegogo

Company

Indiegogo is one of the first-ever crowdfunding platforms, enabling entrepreneurs to bring innovative ideas to life with the support of over 9 million backers across 235 countries. The platform sees 10 million monthly visitors and launches approximately 19,000 new campaigns each month. Given the high transaction volume and open nature of crowdfunding, maintaining trust and security is critical to Indiegogo’s success.

Overview

Indiegogo’s platform thrives on trust—backers need confidence that their contributions are going to legitimate campaigns, and entrepreneurs must be assured that their products reach the right customers. However, as the platform grew, so did fraud threats. Account takeovers (ATOs) driven by credential stuffing attacks and fraudulent chargebacks were increasing costs, damaging reputation, and overwhelming the customer operations team.

Challenge

Indiegogo was facing two major fraud challenges:

1. Account Takeover (ATO) Attacks – Bad actors used credential stuffing to gain unauthorized access to accounts, update user information, and conduct fraudulent transactions. Some attacks were immediately obvious, while others went undetected until customers reported unauthorized charges.

2. Fraud-Driven Chargebacks – Fraudulent credit card transactions led to costly chargebacks, which not only impacted revenue but also required significant manual effort from the customer operations team. Each dispute incurred a $15 fee in addition to the lost transaction amount.

At the time, Indiegogo relied on a risk scoring tool that assessed transactions at checkout. However, this approach was reactive and failed to consider earlier fraud signals—such as suspicious login activity or anomalies in user behavior—leading to continued chargeback losses and an inefficient manual review process.

“Chargebacks would start flowing in, and we had no idea where they were coming from. It wasn’t a sustainable way to operate.”

Justin Orme, Payments Manager at Indiegogo

Solution

To get ahead of fraud, Indiegogo needed a solution that could provide real-time visibility into risk signals across the entire customer journey. The team evaluated multiple vendors and ultimately chose Spec for its ability to:

• Detect threats earlier by analyzing user behavior across multiple touchpoints, not just at checkout.
• Integrate seamlessly with existing fraud tools using a no-code orchestration platform, reducing engineering overhead.
• Provide real-time adaptive fraud prevention, allowing Indiegogo to stop threats without adding friction for legitimate users.

Spec’s orchestration approach stood out because it allowed Indiegogo to test and deploy new fraud prevention measures without lengthy development cycles. “Spec was the most advanced in terms of its no-code approach to integrations,” said Adi Raghuwanshi, Senior Director of Engineering.

Results

Since implementing Spec, Indiegogo has seen immediate and measurable improvements in fraud prevention:

• -90% attack pressure: Reduced attack pressure by 90 percent over 6 months
• +9.8% good orders: Increased good orders over 9 percent
• Chargebacks from 20% → 5%: Chargebacks due to fraud fell from 20 to 5 percent
• Credential stuffing to < 1%: Reduced credential stuffing attacks to less than 1 percent of site logins
• Engineers = 0: Tested and deployed new fraud solutions without engineering resources
• Protected 100K customers: Protected 100K compromised customer accounts

One of the key advantages of Spec’s approach was its ability to disrupt attackers’ tactics. Spec identified and blocked automated credential stuffing attempts in real time and introduced deceptive elements like honeypots, which trick fraudsters into thinking they had successfully compromised accounts while preventing them from gathering intelligence on Indiegogo’s security measures.

Indiegogo attributes this steep drop, in part, because with Spec, attackers can’t easily reverse engineer the platform’s protections and they stay away.

Approach

Rather than relying solely on post-transaction risk assessments, Indiegogo shifted to a holistic, journey-based fraud detection strategy:

1. Early Detection & Risk Assessment – Spec’s platform analyzed behavior from the moment a user interacted with Indiegogo, identifying risk signals before transactions occurred.
2. Automated Response & Orchestration – Spec integrated with Indiegogo’s existing fraud tools, enabling real-time adaptive fraud prevention without requiring major engineering resources.
3. Advanced Fraud Disruption – By using techniques like honeypots and behavioral anomaly detection, Indiegogo could mislead attackers while ensuring a seamless experience for legitimate users.

Next Steps

Indiegogo continues to refine its fraud strategy with Spec, leveraging its flexible orchestration capabilities to adapt to new fraud tactics. The team is now exploring additional automated fraud prevention techniques to further reduce manual reviews and improve operational efficiency.

As Indiegogo scales, Spec remains a critical partner in maintaining trust and security—ensuring that entrepreneurs and backers can engage with confidence, without the risk of fraud interfering in their journey.