There are no "not-legitimate" transactions. Just ones that end up in the chain and ones that don't.

If a user is concerned that they might be dealing with someone who would try to back out of paying then they should use Bitcoin's built in solution, wait for confirmations.