Matt - Sorry I missed this.
I did contact you guys through support to share what I know. It was like trying to push water uphill.
It took four? five? responses and several weeks to get past the platitudes to get a glimmer of interest.
By the time I got interest in a discussion from flippa the trail was already cold. The trial accounts for statcounter that (unlike analytics) seemed to find the problems had expired. Even the tool I was using to prove the correspondence (reverseget.com) was by then discontinued: so discussion after that seemed largely pointless.
I have a few screenshots of reverseget and statcounter but that is all.
Happy to discuss , but I want information too.
In that process I discovered that some of the scammers seem to be good enough to fool google (analytics and adsense) and that is really scary! Conventional wisdom on due diligence of "Google analytics is the gold standard" seems to be wrong.
And they were certainly fooling flippa - by selling related sites behind URL hidden multiple identities ( which had variously, private server name strings, email id, adsense id , or analytics id in common). The reason I got to know some of this is by networking with one other about sites he had been offered, so we put some pieces of a puzzle together to come to a worrying conclusion.
The prototype for the scam I think we unearthed seems to be:
1/ At the heart is click fraud to show real earnings for adsense over a period of months to make a site look attractive to buyers. The earnings screenshots in as far as I can tell real at least for a period, because a live video screenshot of adsense is hard to fake. The earnings continued even when adsense snippet was changed. So this was not as far as I can tell discoverable by fake or verifiable earnings tools. The earnings continued for a couple of weeks after transaction then stopped dead.
2/ The problem then is to generate traffic that makes those earnings seem sensible CTR. This is the clever part.
They appear to use a series of US bots to drive traffic (which looks like genuine US search traffic), but it gets through a blindspot in google and appears to be rea. It is cunning, I will grant them that. Statcounter tells a different story, it appears to see the bots, which analytics seemingly cannot.
3/ The final part - to avoid getting caught on flippa use multiple identities, and hidden URLs. I can say for sure that some of the sites being sold by multiple identities were being sold by the same person or group, but I did not know that till later. I am guessing the reason they wanted rid of the sites, is they knew the game would be up on google sooner or later.
It seems to me that non paying bidders are and will be just an annoyance in your formula. And a credit card does not prove they can or will pay. It only allows you to ban them! The sellers and you - are protected from all but a waste of time, by various escrow processes. Resulting in no money , no site, so no scam possible. Just time wasters.
Using credit card validity for buyers, is a bit like making sure the christians are real christians and tasty enough before throwing them to lions: Which may make good business sense, it is not necessarily ethical. It is the lions you should be controlling, they are the ones doing the eating!
Scammers are for the most part sellers. So they IMHO are the ones who need to produce identity proof, using credit card for example to validate name and address. Particularly if they intend to sell URL hidden. It seems to me they must prove who they are before being allowed to sell. If the earnings last longer than escrow period, then escrow in and of itself is no protection.
If what I see is real, and I think it is - these guys are clever, and will stay one step ahead, so there is no easy panacea. That means every means is needed to root them out. Like selling related sites from many identities is suspicious in and of itself, but only flippa know that, so it is up to them to root it out.