Your Trust & Safety is our top priority
Thank you for trusting Mercari as your online marketplace. We take account security very seriously. There are over 15 billion compromised credentials being distributed among global hacker forums, including login names and passwords from 3rd party data leaks. That’s just one of the reasons Mercari’s dedicated Trust & Safety teams work diligently every day to identify and halt unauthorized activity on our marketplace.
In some cases, Mercari users have experienced account takeover. An account takeover occurs when login names (emails), passwords and other credentials are compromised on 3rd party sites and hackers attempt to use them on multiple accounts and platforms. Scammers often keep this information for long periods of time and use it on multiple platforms to try to access various accounts. That’s why we need users to proactively follow online safety guidelines including using strong passwords, having unique passwords for each account and frequently making updates. Stay vigilant to protect yourself and consider utilizing services like two-factor (2FA) or multi-factor authentication (MFA) as an added protection method.
What we do to protect you
We have procedures in place to proactively protect both buyers and sellers. Our teams are dedicated to identifying any potential fraudulent activity. Mercari uses monitoring and identity verification to keep our users safe and secure. We investigate the situation, behavior, and/or account, and proactively put measures in place to prevent future fraudulent activity from happening.
What will happen if we identify unauthorized activity on your account
If we identify any fraudulent issue with your account or are alerted to any unauthorized access or activity, we will contact the Mercari account owner directly and/or limit your account until the issue is thoroughly reviewed and addressed.
What to do if you believe your account has been compromised
- Check the information on your account to see if any information has changed, such as email, phone number, shipping address, payment methods, bank account, etc. If this has happened, change the information and reset your password immediately. Contact Mercari for support if needed using this form. We also recommend changing your email account password as well.
- Check to see if any purchases have been made and/or if any balance transfers have been initiated. If this has happened, you can cancel any payment transfers or orders that might be in process, and reset your password immediately. Contact Mercari for support if needed using this form.
- If the above-mentioned situations haven’t occurred, but you are still concerned about your account security, change your password immediately using a new, unique, strong password with 8 or more characters including mixed letters, numbers, and symbols.
- You should also turn on 2-step verification (see Tips below) if you don’t already have it activated.
- If you can’t access your account, try resetting your password.
- If you typically log into your Mercari account using Facebook, change your Facebook password
- If you can’t reset your password and your account has been taken over due to suspicious activity, contact Mercari for support immediately using this form.
- Learn more about online safety in our Safety Guidelines.
Important Note: If you use the same user name/email and password across multiple accounts, a leak from one 3rd party can make your account vulnerable on other sites. That’s why it’s so important to have unique login/password credentials for each account and to enable two-step verification whenever possible.
Tips on keeping your account secure
Here are some tips and information to prevent other people from gaining unauthorized access to your account.
Keep account passwords updated
We recommend that you reset your password every 6 months. Use a new, unique, strong password that is at least 8 characters or more with a mix of letters, numbers, and symbols. Using a unique password for each website/app is safer than reusing the same password multiple times. In addition, make sure that your email account also uses a unique, strong password and is updated regularly. You can also use Facebook or Google single sign-on. This can make your login process faster.
To reset your password,
- Login to your account > Click Profile > Account settings > Edit Account and change your password
- You can also input your email address here to reset your password
- If you still can’t reset your password, please contact us for assistance with your account.
Enable 2-step verification and SMS
2-step verification, also known as two-factor (2FA) or multi-factor authentication (MFA), adds an extra layer of security to your account. Every time you log in, we’ll send you an SMS verification code to verify that you’re the one logging in.
To enable 2-step verification, first make sure you have a verified phone number on your Mercari account. Then click here or go to your Mercari app > Tap Settings > Account security. You can opt-in to 2-Step Verification and other SMS messages by switching the toggle to the “on” position. Note: If your phone number changes, be sure to update your Mercari account with the new number.
If you can’t use your phone for 2-step verification or you can't receive a text for some other reason, and you are unable to log in to your account, please contact us through the Help Center. Note: Some VoIP phone numbers can’t receive texts from a shortcode number.
Ensure your phone and/or other devices are secure
Setting up a strong passcode to unlock your phone and/or other devices such as computers, tablets, etc. makes it harder for other people to use your device when you’re not watching. Contact us if you lose your device that is logged into your Mercari account. Make sure to keep all software and virus protection up to date. Remove unnecessary apps and browser extensions that you don't use or need. If you are switching devices, be sure to delete any identity or financial information.
Watch out for logins and transactions that you didn’t initiate
Check your email and notifications to see if there’s been any activity on your account that you didn’t initiate. We recommend checking your Mercari account info and usage history regularly to make sure there hasn’t been any information changed or any purchases or money transfers made without your knowledge.
Stay away from suspicious messages or websites posing as Mercari
If you receive any suspicious messages (email, text, push, links, etc.) claiming to be from Mercari (phishing scams), delete them immediately without opening the message or clicking on any links. The safest way to check or make any updates to your account is to log in to Mercari directly via the web URL or app. Do not share your personal contact information such as emails, addresses, or phone numbers within Mercari chat messaging. Scammers may try to contact you outside the Mercari app or website and trick you into providing information or payments to them. Mercari will never request that you make payments outside of the Mercari app or website. Learn more about online safety in our Safety Guidelines.
Note: Mercari communication is always sent from the following email domains:
- @mercari.com
- @contact-us.mercariapp.com
- @mercariapp.com
- @mercari-us.zendesk.com
Do not borrow or lend accounts
Letting another person, even family or friends, use your account is an infringement of Mercari’s Terms of Service. Mercari is not responsible for any complications or issues that may arise from lending out account info. If you notice unauthorized access to your account, contact us immediately for assistance.
Get your account verified
We want to keep your account safe and secure at all times. It’s easier for us to recognize unauthorized activity when we’ve verified your account and it helps to reduce fraudulent activity on our marketplace. Sometimes we ask users to verify their account with an SMS code to make sure only the account owner can log in. We may, at times, also ask for additional verification such as verifying your identity, card or other data in order to make sure it is you accessing your account. Learn more about getting verified on Mercari.
FAQs
Has there been a security breach at Mercari US?
No. Typically account takeovers occur from weak login credentials and/or passwords, or compromised 3rd party data. If you believe that your account credentials have been compromised or receive notice from another company to update your credentials, we recommend changing your password to a strong password and using our 2-step verification. If you identify any unauthorized activity, please report it to Mercari using this form.
Why are there so many account takeovers at the same time?
There are over 15 billion compromised credentials being distributed among global hacker forums, including login names and passwords from 3rd party data leaks. Scammers often keep this information for long periods of time and use it on multiple platforms to try to access various accounts. Scammers hit one site after another to try to see where your login credentials might work. We see scammers pursuing both typical account takeover attempts and large attempts at credential stuffing.
Will Mercari let me know if my account or personal information has been compromised?
If we are alerted to any unauthorized access or activity on your account, we’ll notify the Mercari account owner directly. If you identify any unauthorized activity please report it to Mercari using this form. Please note that for your protection, your account may be limited until we can investigate the report and account activity.
I received a notification about my account changes or resetting my password. What should I do?
If you received a notification from Mercari asking you to reset your password, that a new device has accessed your account, or other related communication, first check to ensure that the email is actually from Mercari. Sometimes scammers pose as a company and send fraudulent communications. If it is from Mercari, please login to your account and/or reset your password as required. If you aren’t sure if the email is from Mercari, just log in to your account directly on Mercari.com or the Mercari app. Review your account for any suspicious activity and change your password. If you identify any unauthorized activity, please report it to Mercari using this form.
How can I contact Mercari to help secure my account?
Our Help Center support team is available to help you with any account-related issues you may be experiencing. The fastest way to resolve any account security or takeover issues with your Mercari account is to contact us using the form on this page.
How long will it take to receive assistance with my account?
Our Risk team will review your report and the activity on your account and respond back as soon as possible. Sometimes this does take longer than expected due to high inquiry volume, so please allow several days for a response. We appreciate your patience as we work as quickly as possible to address customer account issues.
Can Mercari retrieve the funds if they were stolen from my account?
In certain circumstances, we may be able to retrieve the funds, but further investigation will be required. Our Trust & Safety team may be able to reverse or halt any unauthorized deposits or transactions if alerted in time. Please provide details of any unusual activity you see with your payment methods, changes to your contact information, or orders using the report form on the bottom of this Help Center page.
Can I keep the funds from fraudulent activity?
No. If we find that there is fraudulent activity happening on your account, we will investigate the transactions to determine which funds will be recovered and to ensure that funds are distributed to the rightful owner.
I don’t think my account has been accessed, but do I have to take any action to secure my account?
For security purposes, we recommend that you regularly update your password. If you use the same password on multiple accounts, if you have not updated your password in the last 6 months, or if you don’t have a strong password for your account, please update and strengthen your password. Ensure that your new password has at least 8 characters of mixed type (capital, lowercase, symbols, and numbers) and hasn’t been previously used on Mercari or on other 3rd party sites. In addition, we recommend that you enable two-step verification for an extra layer of security.
Is fraudulent activity happening at other companies?
Unfortunately, scammers are everywhere. They try to gain access to individuals’ accounts on multiple platforms, and if not successful on one platform, they move on to the next to see where you might have an account. These ‘bad actors’ use leaked data to target many sites where they believe they can get access to funds, make valuable purchases, etc. That’s why it’s so important to be aware of online safety and ensure you have a unique, strong password (8 characters or more with a mix of letters, symbols, and numbers and not used previously), and enable 2 Step Verification.