Case Study

How Lemon Squeezy uses Realtime ML to Protect its Storefronts

Lemon Squeezy is an all-in-one platform for selling SaaS and other digital downloads. From their early days, they have partnered with Sumatra to build a comprehensive risk-management foundation, to safeguard their ecosystem and automate their processes for scale. By predicting user intents in real time, they are able to respond to threats instantly, ensuring a seamless and secure experience for sellers and buyers alike.

Case Study

How Lemon Squeezy uses Realtime ML to Protect its Storefronts

Lemon Squeezy is an all-in-one platform for selling SaaS and other digital downloads. From their early days, they have partnered with Sumatra to build a comprehensive risk-management foundation, to safeguard their ecosystem and automate their processes for scale. By predicting user intents in real time, they are able to respond to threats instantly, ensuring a seamless and secure experience for sellers and buyers alike.

Case Study

How Lemon Squeezy uses Realtime ML to Protect its Storefronts

Lemon Squeezy is an all-in-one platform for selling SaaS and other digital downloads. From their early days, they have partnered with Sumatra to build a comprehensive risk-management foundation, to safeguard their ecosystem and automate their processes for scale. By predicting user intents in real time, they are able to respond to threats instantly, ensuring a seamless and secure experience for sellers and buyers alike.

Problem

Innovative business models present unique risks

Lemon Squeezy recognized early on that unique risks are inherent to providing a low-friction selling experience to creators selling digital goods.

Solution

Predict user intent in real time

Using Sumatra, they added comprehensive behavioral signals to their payment fraud model and established intent-prediction points in the path of every opportunity for abuse.

Result

Sellers protected and money saved

Sumatra has blocked 126% more fraud than Stripe Radar alone. Multiple card-testing and account takeover attacks have been stopped. Dozens of fraudulent storefronts have been shut down.

Problem

Innovative business models present unique risks

Lemon Squeezy recognized early on that unique risks are inherent to providing a low-friction selling experience to creators selling digital goods.

Solution

Predict user intent in real time

Using Sumatra, they added comprehensive behavioral signals to their payment fraud model and established intent-prediction points in the path of every opportunity for abuse.

Result

Sellers protected and money saved

Sumatra has blocked 126% more fraud than Stripe Radar alone. Multiple card-testing and account takeover attacks have been stopped. Dozens of fraudulent storefronts have been shut down.

Problem

Innovative business models present unique risks

Lemon Squeezy recognized early on that unique risks are inherent to providing a low-friction selling experience to creators selling digital goods.

Solution

Predict user intent in real time

Using Sumatra, they added comprehensive behavioral signals to their payment fraud model and established intent-prediction points in the path of every opportunity for abuse.

Result

Sellers protected and money saved

Sumatra has blocked 126% more fraud than Stripe Radar alone. Multiple card-testing and account takeover attacks have been stopped. Dozens of fraudulent storefronts have been shut down.

"Sumatra's solution has been a key value proposition to sellers adopting our platform. Comprehensive and fully-automated protection means they can focus on growing their business."

"Sumatra's solution has been a key value proposition to sellers adopting our platform. Comprehensive and fully-automated protection means they can focus on growing their business."

JR Farr

CEO @ Lemon Squeezy

Problem

Innovative business models present unique risks

Innovative business models present unique risks

As the merchant of record to a large number of independent sellers, Lemon Squeezy has a more complex risk management challenge than traditional e-commerce. In addition to card testing, refund abuse, and vanilla stolen credit card fraud, a merchant of record is vulnerable to sophisticated threats, such as:

  • Royalty fraud. Fraudulent sellers purchase their own products with stolen credit cards.

  • Fake storefronts. Scammers set up fake storefronts to lure in unsuspecting good customers.

  • Account takeover. Attackers take over seller accounts to reroute payouts to their own bank accounts.

Unmitigated, these threats can lead to substantial financial loss and reputational damage. For that reason, it was crucial for Lemon Squeezy to establish their foundational fraud prevention measures to protect their business, customers, and brand against these risks.  

Lemon Squeezy looked for a solution that would allow them to:

  • Reduce fraud loss (unauthorized charges, abusive refunds, abusive payouts)

  • Avoid reputational damage (seller ATOs, payment processor sanctions)

  • Minimize good customer friction (delayed fulfillment, delayed payouts)

  • Reduce operational overhead (manual review time)

As the merchant of record to a large number of independent sellers, Lemon Squeezy has a more complex risk management challenge than traditional e-commerce. In addition to card testing, refund abuse, and vanilla stolen credit card fraud, a merchant of record is vulnerable to sophisticated threats, such as:

  • Royalty fraud. Fraudulent sellers purchase their own products with stolen credit cards.

  • Fake storefronts. Scammers set up fake storefronts to lure in unsuspecting good customers.

  • Account takeover. Attackers take over seller accounts to reroute payouts to their own bank accounts.

Unmitigated, these threats can lead to substantial financial loss and reputational damage. For that reason, it was crucial for Lemon Squeezy to establish their foundational fraud prevention measures to protect their business, customers, and brand against these risks.  

Lemon Squeezy looked for a solution that would allow them to:

  • Reduce fraud loss (unauthorized charges, abusive refunds, abusive payouts)

  • Avoid reputational damage (seller ATOs, payment processor sanctions)

  • Minimize good customer friction (delayed fulfillment, delayed payouts)

  • Reduce operational overhead (manual review time)

Solution

Predict user intent in real time

Predict user intent in real time

Leveraging Sumatra's capabilities to predict user intent from behavior, Lemon Squeezy was able to implement a highly dynamic approach:

  • Continuous Behavioral Analysis: Sumatra's platform continuously updates user profiles, analyzing actions up to the current moment to predict user intents.

  • Propensity Modeling: While more typically used in marketing for predicting customer conversions or churn, Sumatra's propensity modeling is equally applicable to identifying users with malicious intent. This approach recognizes potentially risky behaviors and enables immediate responses like blocking suspicious transactions.

  • Adaptive Decision Points: The integration of comprehensive behavioral signals into Sumatra's models allows for more nuanced decision-making at each touchpoint, ranging from user signup to purchase attempts.

Leveraging Sumatra's capabilities to predict user intent from behavior, Lemon Squeezy was able to implement a highly dynamic approach:

  • Continuous Behavioral Analysis: Sumatra's platform continuously updates user profiles, analyzing actions up to the current moment to predict user intents.

  • Propensity Modeling: While more typically used in marketing for predicting customer conversions or churn, Sumatra's propensity modeling is equally applicable to identifying users with malicious intent. This approach recognizes potentially risky behaviors and enables immediate responses like blocking suspicious transactions.

  • Adaptive Decision Points: The integration of comprehensive behavioral signals into Sumatra's models allows for more nuanced decision-making at each touchpoint, ranging from user signup to purchase attempts.

Decision Points


  • Purchase

  • Refund

  • Signup

  • Update Payout Method

Additional Events


  • Click Affiliate Link

  • Download

  • Login

  • Update Product

Sumatra aggregates data across all provided events to build comprehensive profiles of buyers, sellers, IPs, devices, and other relevant entities. Here are a few example features from Lemon Squeezy's logic, as they are defined in Sumatra's feature language:

Sumatra aggregates data across all provided events to build comprehensive profiles of buyers, sellers, IPs, devices, and other relevant entities. Here are a few example features from Lemon Squeezy's logic, as they are defined in Sumatra's feature language:

-- event signup
emails_by_domain_3d :=
  CountUnique(seller_email by email_domain last 3 days)

-- event purchase 
buyer_gibberish_score :=
  GibberishNameScore(buyer_name)

avg_buyer_gibberish_2w :=
  Average(buyer_gibberish_score by seller_id last 2 weeks)

Finally, at each decision point, a combination of AI propensity models and rule-based logic determines a verdict of Allow, Block, or Review. This logic is continuously updated based on dispute data and analyst labels fed back into the system.


Finally, at each decision point, a combination of AI propensity models and rule-based logic determines a verdict of Allow, Block, or Review. This logic is continuously updated based on dispute data and analyst labels fed back into the system.


Result

Sellers protected and money saved

Sellers protected and money saved

By partnering with Sumatra, Lemon Squeezy has blocked 126% more fraud than would have been caught by Stripe Radar alone. Additionally, Sumatra's holistic solution has protected Lemon Squeezy from: refund abuse, money laundering, fake accounts, credential-stuffing attacks, and more.

The enhanced protection is evident from a card-testing attack that hit in May 2023:

By partnering with Sumatra, Lemon Squeezy has blocked 126% more fraud than would have been caught by Stripe Radar alone. Additionally, Sumatra's holistic solution has protected Lemon Squeezy from: refund abuse, money laundering, fake accounts, credential-stuffing attacks, and more.

The enhanced protection is evident from a card-testing attack that hit in May 2023:

Stripe Radar Alone


237 Allow

158 Review

0 Block


Blocked Attempts:

0%


With Sumatra


3 Allow

0 Review

392 Block


Blocked Attempts:

99.2%

Lemon Squeezy is continuing to partner with Sumatra to leverage the platform's streaming data and AI capabilities to protect their customers as they grow and expand their service offerings.

The next big project is protecting against click fraud for their affiliate program, so look out for more details on that soon.

Lemon Squeezy is continuing to partner with Sumatra to leverage the platform's streaming data and AI capabilities to protect their customers as they grow and expand their service offerings.

The next big project is protecting against click fraud for their affiliate program, so look out for more details on that soon.

Get started

Sign up now to lock in early adopter pricing

Get started

Sign up now to lock in early adopter pricing

Get started

Sign up now to lock in early adopter pricing