How to prevent buy now, pay later (BNPL) fraud
Buy now, pay later (BNPL) is on course to become one of the world’s most popular alternative payment methods. It’s already used by 45 million people in the US, and 17 million in the UK, and is expected to reach a market value of nearly $4 trillion by the end of the decade.
But where there’s money to be made, criminals will follow. Buy Now, Pay Later fraud is on the rise, with fraudsters deploying ever-more ingenious ways to take advantage of businesses and consumers.
To fight it, you need to know how it works. Below, we explain the different types of BNPL fraud you need to be on the lookout for, which party is liable for the loss when it occurs, and we give you our top fraud fighting tips.
What is BNPL fraud?
BNPL fraud refers to any criminal activity that exploits the BNPL payment method to steal data or money. It is most commonly perpetrated by professional third-party fraudsters, but even merchants, consumers and BNPL companies are capable of engaging in this type of fraud if there’s something to be gained from doing so.
As an emerging payment method, BNPL doesn’t yet have the robust regulations and standards in place that help to protect more established methods, which contributes to a greater BNPL fraud risk Additionally, there’s not yet a lot of data available that can be used to identify and prevent BNPL fraud.
How does BNPL fraud work?
BNPL fraud takes a number of forms, depending on who is perpetrating the crime and who their intended victim is. It could involve a fraudster pretending to be a legitimate customer in order to gain access to their account, or it could be as simple as non-repayment.
The main aspects of BNPL that make it vulnerable to fraud are:
- Real-time decisions - BNPL is designed to be quick and frictionless for the customer, which encourages them to use the service and increases the chance of a conversion. However, this makes it hard to conduct thorough identity verification and authorization, which helps fraudsters
- Delayed repayment - as BNPL purchases are paid off in installments over several weeks, there’s a clearly defined window of opportunity for malicious actors to commit fraud and escape undetected
- No credit checks - unlike other types of finance, most BNPL providers don’t conduct proper credit checks on customers. Instead they run a soft check to establish the customer’s creditworthiness. While this is good for customer experience, it creates more opportunities for fraudsters to slip through the net
What are the different types of BNPL fraud risk?
Here are the most common types of BNPL fraud that merchants should be aware of:
Account Takeover Fraud
Fraudsters use takeover tactics, such as stealing usernames and passwords through phishing, to gain access to a customer’s account. They can then place orders to their addresses under the guise of a legitimate customer until the genuine account owner notices.
Synthetic Identity Fraud
Fraudsters can create synthetic identities by combining data that’s freely available on people’s online profiles with false personal details e.g. a fake name and date of birth with a real social security number. They can then pose as a legitimate customer to place orders using BNPL, with no intention of making their payments, and no way to find out who they really are. BNPL providers will usually write these defaulted payments off as bad debt.
New Account Fraud
It’s very easy to open an account with a BNPL provider. Any fraudster can sign up using information stolen through hacking or data breaches and, currently, the Know Your Customer (KYC) and Anti-Money Laundering (AML) checks used by most BNPL providers aren’t robust enough to detect them. After that they can place as many orders through their new accounts as possible before they get shut down.
Non-repayment fraud simply involves the buyer placing orders with no intention of paying back the loan. By combining any of the above methods, the fraudster can do so with a completely fake or stolen identity, so there’s no risk of them being caught.
Trojan horse fraud
In a trojan horse scam, a fraudster creates a BNPL account using fake credentials,
places an order with a merchant, but then changes their payment method to a stolen card.
Family fraud occurs when a relative, usually a child, makes an unauthorized purchase on their parent’s account, which is only discovered later. This could be accidental or deliberate.
Refund abuse and friendly fraud
Friendly fraud can involve customers requesting a refund for a product that they then don’t return. They might also falsely claim that they don’t recognize the transaction to initiate a chargeback and then keep the product and the money.
Who is responsible for BNPL fraud?
In most cases, BNPL providers will accept liability for any fraud that occurs on an account hosted on their platform. That’s because, ultimately, the party that authorizes the payment is responsible, and the BNPL provider acts as both the payment and lender.
What is the impact of BNPL fraud?
While the provider is most likely to bear the burden of the financial loss, BNPL fraud has other negative effects.
For customers, the impact is clear: fraudulent purchases using their account and card that they won’t always be able to reclaim; stolen personal details that leave them vulnerable to further fraud; damaged credibility and creditworthiness that could prevent them from being able to use finance options in future.
For merchants, the biggest risk if they fail to prevent BNPL fraud is reputational damage, which could impact relationships with customers, suppliers, and even your BNPL provider.
For example, if a fraudster manages to hack into the account of one of your customers and uses it to place orders, that customer will, understandably, consider your site to be compromised and stop shopping with you. Likewise, your BNPL provider won’t want to expose themselves to the risk of further losses by offering their services through your website.
How to prevent BNPL fraud
It’s vital that merchants take adequate measures to reduce their risk of BNPL fraud in order to protect themselves and their customers.
To do so, you need to establish a comprehensive BNPL risk management strategy that combines prevention and detection techniques to guard against multiple threats.
Ensuring your customers are who they say they are should be your first line of defense against BNPL fraud. Conducting mandatory KYC checks on any customer that wants to open an account or make a purchase is the best way to prevent fraudulent behavior. At a minimum, these checks should require the customer to provide an ID card, documentation such as proof of address, face verification, and biometric data. You should also implement Enhanced Due Diligence checks where necessary, which require more stringent verification for customers with a higher risk profile.
Advanced authentication methods, like 3D-secure (3DS), are a great way to verify a cardholder’s identity while ensuring a positive customer experience and, as they’re at the point of payment, your last line of defense. 3DS requires multi-factor authentication, which relies on any combination of passwords, usernames, single sign-on, SMS, and biometrics to confirm the identity of the customer before authorizing their payment.
BNPL transaction monitoring
Any diligent merchant should keep an eye on their transaction data to look for suspicious patterns that indicate fraudulent activity. For example, red flags could be logins from multiple devices and IP addresses, multiple payment attempts using the same card, or attempts using details that have been reported as stolen.
This data forms the basis of any rule or machine learning-based fraud prevention, by giving your fraud detection system accurate and up to date information that it can use to spot fraud trends. The more data you have, the better.
Address verification confirms that the addresses supplied by your customers when attempting a payment are genuine. During an AVS check, the card network or bank cross-references their details with authoritative data sources to validate the address. They can then let the merchant know whether the address matches the one they have on file for that customer.
All merchants should deploy AI and machine learning tools in the fight against fraud. These tools are far more effective and efficient at fraud detection than human agents, as they can review masses of transaction data in seconds to spot and prevent fraudulent activity. What’s more, they’re always improving and becoming more accurate, meaning more bad actors are stopped and more legitimate customers are authorized.
Detect BNPL fraud with Checkout.com
With Checkout.com, it’s easy to implement the BNPL fraud prevention measures detailed above.
Our Fraud Detection Pro solution keeps an eye on our entire network to spot emerging trends and stay one step ahead of the fraudsters. Meanwhile, its robust tools, including dynamic machine learning and flexible rules, work together to stop fraud while improving acceptance rates. You also get access to comprehensive analytics that you can use to continually optimize your fraud fighting performance.
Find out more about Checkout.com’s Fraud Detection Pro.
SHARE THIS POST
Most recent articles
Return to Home
September 12, 2023
Merchant Category Codes (MCC): what are they and why they’re important
September 12, 2023
Save now, buy later: what it is, how it works, and how it benefits merchants