Stronger together: How BlaBlaCar and Nethone are fighting emerging fraud threats

What are the main fraud challenges you deal with in your role at BlaBlaCar?

There are three main fraud types we monitor closely, especially on our C2C ridesharing side. As a platform facilitating millions of trips every year, a certain level of fraudulent attempts is inevitable. For this reason, one of our main priorities is to stay ahead of them while keeping the experience safe and trusted for our 29 million genuine, active members.

First, fraudsters create fake accounts and then leave them idle for months or even years before reactivating them and selling them on the dark web. In some cases, these dormant accounts are used just long enough to build a bit of history, like profile details, basic activity, even a few ratings. Once they look more established, they’re resold at a higher price than empty accounts because they appear more genuine. Our mission here is to stop those accounts as early as possible in the user journey without disrupting our drivers and passengers. 

Second, social-engineering scams linked to fake carpool offers. Fraudsters imitate a normal ride, move the conversation off-platform, and redirect the passenger to a fake payment page. The flow varies, but the intention is always to collect payment details. This happens outside our system, yet it relies on our brand trust, which is why it's something we need to always keep an eye on. 

Finally, “silent” infrastructure abuse, such as SMS pumping. These attacks generate fake signups or OTP requests, often from countries where we don’t even operate. They inflate SMS costs and can mask other activity behind what looks like routine authentication traffic. We’ve recently used Nethone’s signals on top of our machine learning models, which helped us detect one of these waves much more quickly with 94% precision. 

"Nethone’s profiling solution, combined with their hands-on approach to emerging threats, gives us the precision and visibility we need to protect our business and users.” - Margot Zervelis, Fraud Manager, BlaBlaCar

What strategies have you implemented so far to mitigate these challenges?

We’ve taken a step-by-step approach, first organising the team and their intertwined scopes before tackling the technical side. We surfaced the right metrics, showed the impact across teams, and made it clear that fraud couldn’t be handled by the fraud team alone. What truly changed things was creating a formal task force that brings together Product, Engineering, Data, and Fraud, which gave us alignment, shared ownership, and a common roadmap, and it allowed us to react faster and test new ideas. 

Once the structure was in place, we started to make better use of the signals we already had, like account age, the type of actions, phone and email verification, trip patterns, country mismatches, and many others.  

We began with simple, static rules to learn how fraudsters behave and how quickly they adapt. Over time, we built our own ML system that scores accounts based on a wide set of signals. This gave us more context and helped us detect patterns earlier. 

How does your internal ML system combine with Nethone’s capabilities? 

At some point, we reached the limits of what we could see internally. That’s when we integrated Nethone’s profiling solution. Their signals help uncover the “hidden part of the iceberg”, and patterns that are not visible from our platform alone. We combine Nethone’s recommendation with our own signals and let our ML model weigh them in the final score. For recent threats like SMS pumping, their signals have already helped us act much faster.  

On top of the ML part, we maintain a strong human review process. Every reviewed case is labelled and fed back both into our system and into Nethone’s, creating a feedback loop where both sides learn and improve. That’s what makes the collaboration valuable, because it’s not a one-way vendor setup, but a shared architecture where each decision improves the next one. 

How has Nethone made a difference in your fraud prevention strategy? 

Nethone's device fingerprinting tools are especially useful in markets where fraud is more organised. Nethone also surfaces anomalies that look normal in isolation. For example, we detected around 24,000 account-creation attempts coming from the same network, with roughly 15 attempts per IP. Every time we blocked an IP, a new one from the same network popped up. Separately, each attempt looked harmless, but altogether, it pointed to a coordinated operation that we would not have detected without Nethone’s view of network-level patterns.

Another important area is automated behaviour detection. Nethone identifies peaks of automated registrations, sometimes up to 5% of all new signups, driven mostly by emulated Android devices. This type of traffic distorts our platform metrics and generates fraud risks. Their signals allowed us to isolate this behaviour and treat it separately from legitimate activity.

Across all these examples, what stands out is that Nethone gives us visibility into signals that are subtle on their own but revealing when combined. It’s this “bigger picture” perspective that adds context and insights to our internal ML system and allows us to react faster to new fraud threats.

The industry often frames it as build vs. buy, but you’ve demonstrated that the best of both worlds can be combined. What advice do you have for businesses still figuring out how to strike that balance?

My first advice is don’t fight fraud alone. It sounds obvious, but many companies still treat fraud as the responsibility of a single team or a single tool. The reality is that you need internal alignment before you can even decide what to build or what to bring from outside.

Then, if you decide to invest in internal machine learning, as we did, for example,  do it for the right reasons. An internal system brings consistency, control of thresholds, visibility into what’s happening on your platform, and the ability to react when fraud spikes. But it also requires a real commitment and a clear understanding of your own maturity level.  

For us, the turning point was understanding that both sides play a very different role, and that combining them gives us the high precision we need.  Nethone gives us the signals we can’t see, and they complement our internal ML model.  And once you build a feedback loop between the two, where every decision feeds back into both systems, the approach pays off more as the system matures.

In the end, it’s about finding a setup that matches your structure, your resources, and your risk level. And as fraud evolves, you need both: the internal muscle to operate, and the external expertise to keep challenging what you think you already understand.