By 2019, buy now, pay later (BNPL) became the fastest-growing e-commerce payment method worldwide — accounting for 2.6% of global e-commerce sales (excluding China).
As BNPL has exploded in popularity, fraudsters have taken advantage of the processes’ vulnerabilities. In 2021, BNPL fraud rose 66% YOY, and fraudsters are becoming increasingly creative in their BNPL attacks – even sharing their attack methods on social networking apps.
Despite these issues, BNPL is still a promising payment method for retailers, and it supports greater financial inclusion for consumers than the standard credit bureau model. As long as organizations are prepared to put in the initial work of accommodating a new payment method in their fraud prevention systems, they can reap big financial gains and contribute to a more flexible consumer landscape. It all comes down to building a collaborative and proactive anti-fraud approach for BNPL transactions.
The Two Types of BNPL Fraud
Increased e-commerce sales over the last several years opened new doors for fraudsters looking to exploit burgeoning payment methods. When it comes to BNPL, fraudsters employ two different kinds of attacks to exploit the process’s vulnerabilities.
The first type attacks BNPL transactions with traditional fraud methods. For example, a fraudster might create a so-called “synthetic identity” with real pieces of victims’ identities and use it to pass identity checks before selecting BNPL at checkout. Or they could hack a victim’s account and make purchases with BNPL as the payment method. Using the BNPL option adds more delay before the victim whose card, account, or identity is being misused notices what’s going on – giving fraudsters a little extra time before the victim takes action.
The second type of BNPL fraud uses the BNPL model more explicitly. Fraudsters create new accounts on retailers’ websites to make a few small purchases using the BNPL payment option. Once these accounts have established good reputations, the fraudsters use stolen credit card information to make an expensive purchase. Because the initial purchases have made the account look legitimate, the purchase will likely be approved. But by the time the victim notices the fraudulent purchase and initiates a chargeback, the fraudster will have already received the purchased item. In most cases, it’s the merchant or BNPL provider who ends up footing the bill.
Siloed Processes and Cursory Approval Processes Exacerbate the Issue
In either type of BNPL fraud, the attack method is not significantly different from those associated with other kinds of payments fraud. But a few factors make BNPL fraud prevention more complicated.
Because there is no standard BNPL protocol across organizations, each merchant chooses how to implement anti-fraud solutions on their own. Merchants that lack expertise in credit may have to make assessments without the tools to do so confidently, significantly burdening their payments and risk teams. Merchants and BNPL providers typically design credit applications to add minimal friction to consumer journeys. This usually means approval processes are fast and light, opening the door to the use of stolen and synthetic identities by fraudsters.
And because BNPL is managed in silos, BNPL credit is not systematically recorded anywhere apart from the organization’s own records (not by the bureau nor the card issuer, for example). This means short-term credit is hard to track and can lead to one-off fraud scenarios that aren’t easily identified. This is further exacerbated by the fact that companies are rightfully wary of sharing personal user information and often decline to share BNPL data with outside retailers or providers. Because different merchants and BNPL providers don’t often collaborate, fraud is more difficult to track across organizations and fraudsters can repeatedly hit different merchants undetected.
Four Tips for Building a Proactive BNPL Anti-Fraud Strategy
When implementing BNPL transactions into your payment options, initial bumpiness is expected while your fraud prevention systems adjust – but don’t let this deter you. Even if fraud temporarily spikes while your organization is adapting, the cost is worth the benefit of gaining a popular payment method that expands your customers’ options.
Here are four key tips to consider as you build a proactive and data-informed BNPL anti-fraud strategy:
Emphasize internal communication. If interdepartmental relationships aren’t strong in your organization, teams will likely struggle with BNPL implementation. The team introducing BNPL and the fraud prevention team must have strong communication to ensure successful implementation. Without this collaboration, your new payment flow won’t be built with fraud in mind, and your fraud team won’t be prepared to mitigate the risks that come with the BNPL model.
Regularly analyze BNPL data. Continuous analysis of your organization’s BNPL data will help you identify new forms of fraud and attack patterns quickly. This is especially crucial in the first few months following BNPL’s implementation, as fraud teams adjust to new payment parameters and rely on data to identify key risks and inform security decisions.
Collaborate with merchants and BNPL providers. To lessen your BNPL fraud risk, use privacy-enhancing technology (PET) to track personal user data and share fraud patterns with other merchants and BNPL providers. PET protects personal user information so you can safely collaborate with other organizations to analyze fraud data and identify potential attacks.
Think long term. Just like other payment methods and fraud risks, BNPL must be considered in your organizations’ overall fraud strategy and planning. Prioritizing preventative and long-term solutions is the only way to move from a reactive to a proactive anti-fraud approach, and it ensures prevention methods stay consistent as your organization evolves.
BNPL Enables Flexibility in the Consumer Landscape
As more and more merchants brave the learning curve to implement BNPL transactions, increased collaboration between retailers and BNPL providers will enable better fraud tracking and reduce fraud risks. Although implementing BNPL comes with a learning curve, it allows you to contribute to a payments ecosystem that prioritizes financial inclusivity and greater consumer flexibility.
As an alternative to regular credit offerings, BNPL is poised to become a staple of consumer behaviour. A proactive and data-driven approach to your anti-fraud strategy helps ensure successful BNPL implementation – and empowers your customers with a new payment option.
By Uri Arad, Co-Founder and VP Product at Identiq.
