Buy Now Pay Later (BNPL): The Rising E-commerce Payment Choice and Its Fraud Concerns

Shoppers seeking financial flexibility have been flocking to Buy-Now-Pay-Later (BNPL) as a convenient way to maintain a better lifestyle with rising inflation. Instead of putting out a lot of money upfront, they can make a first payment towards monthly installments — and that’s an attractive option for many consumers.

Because BNPL is such a readily available and popular payment option, fraudsters have learned to exploit its vulnerabilities to commit identity theft, account takeovers, synthetic fraud, and much more. As a result, BNPL payment fraud is one of the types of fraud that’s growing the fastest.

BNPL’s integration with social media and e-commerce has even opened the door for fraudsters to manipulate digital transactions and information dissemination. So what is the solution to detecting and preventing this fraud? Can merchants and customers both enjoy the BNPL experience without suffering fraud attacks? The answer is yes, and we’ll explain how in this blog post.

BNPL Trends and Growth

BNPL fraud has become a growing concern for fintech companies, financial services providers and financial institutions.

Just how big is BNPL? In 2020, the BNPL market surged to a global value of $87.2 billion, then to $125.09 billion the next year, and increased again to an estimated $179.5 billion in 2022. Following these trends, the BNPL market is expected to be worth $3.27 trillion by 2030.

Reaching underdeveloped credit markets and appealing to younger borrowers has been a major boon for countless BNPL providers. BNPL works as a way to circumvent traditional credit channels with higher interest rates and provides a flexible financing option for those without access to credit. But even as interest rates have increased, BNPL has continued its rise. Cyber Monday 2023 saw a 42% increase in BNPL spending from the previous year and is now worth $2 billion in the US alone.

This growth has major FIs and payment platforms increasing their involvement in BNPL and expanding to reach an even wider audience. In 2023, Citi launched instant-credit BNPL product Citi Pay and partnered with leading BNPL platforms like Shopify, FreedomPay, and ChargeAfter. Square focused on its Afterpay BNPL option following a 47% rise in transactions across just five days around Black Friday and Cyber Monday 2023. Affirm has agreed to offer BNPL loans at the point of sale for Amazon’s B2B marketplace. These BNPL trends all center around giving more customers access and innovating on current BNPL product offerings.

A concern of note for merchants offering BNPL is that 31% of those same shoppers incurred fees for late payments while 36% anticipated possible late payments the following year. That’s not the only concern for merchants, nor is it arguably even the one that’s top of mind. That distinction belongs to the rise of fraud attacks the expanding BNPL landscape has attracted.

What are BNPL’s fraud risks?

Between the speed of credit decisions, the delayed payments, and chargeback liability falling on the merchant, BNPL fraud attacks can be costly to endure.

BNPL is unlike other payment options for a few reasons. Most merchants do not offer the BNPL plan themselves. Instead, they work with BNPL providers like Affirm and Afterpay. That means marketplaces using third-party BNPL platforms also have to trust that platform’s fraud prevention is up to par. Merchants relying on lenient customer authentication solutions heightens the risk.

BNPL services often operate without traditional credit checks, which can make them appealing to consumers with lower credit scores or limited consumer credit history. However, this lack of rigorous assessment raises concerns about creditworthiness and potential default risks.

On top of that, BNPL’s recent integration into social media platforms adds a whole new arena where fraudsters can manipulate BNPL transactions and steal information.

To enhance consumer protection, it is essential to implement measures that balance easy access with responsible lending practices, ensuring that consumers can manage their BNPL commitments without compromising their financial stability and still enjoy a good customer experience.

BNPL providers must also adopt advanced AI-driven algorithms for real-time fraud detection. Evolving fraud trends can only be truly detected and mitigated by comprehensive fraud and risk platforms that blend enriched data, next-gen detection, and robust case management systems.

Most Common BNPL Fraud Attacks

Just as with other emerging payment methods, BNPL faces some common fraud attacks like friendly fraud, a first-party fraud where legitimate account owners dispute transactions they really made, leading to chargebacks and associated fees. These cyber shoplifting scams have existed for years on traditional online shopping platforms. But BNPL adds a new wrinkle as it opens the door for non-repayment frauds.

Chargeback fraud

Definition: Fraudsters make purchases using BNPL services and then falsely claim they never received the goods or dispute the charges.

Examples:

• A customer buys an expensive item using BNPL, receives the product, but then claims it was never delivered and requests a chargeback.
• Fraudsters use stolen credit cards or ones they have acquired with synthetic IDs to make purchases and then initiate chargebacks.
• Users make purchases with their own credit cards and later deny ever making the transactions.

With BNPL, just as with so many online shopping frauds, chargebacks are the most common threat.

Application fraud

Definition: Criminals provide false, manipulated, or stolen information during the BNPL application process to create fraudulent accounts.

Examples:

• A fraudster uses stolen personal information from data breaches to open a BNPL account.
• Criminals engage in forgery to create fake documents for account applications.
• Phishing attacks are used to gather information needed for creating fraudulent BNPL accounts.

Creating a BNPL account is near instantaneous, but payment due dates are delayed, providing a window for fraudsters to exploit. They can use stolen data from breaches, engage in forgery, or carry out phishing to open a new account. Once they have control of an approved user account, they can start buying on credit with no intention to ever pay—all while safely hiding from merchants looking for missed payments.

Synthetic identity fraud

Definition: Fraudsters create fake identities by combining real and fabricated information to open BNPL accounts and make fraudulent purchases.

Example: A criminal combines a valid Social Security number with fake personal details to create a synthetic identity, that they then use to open a fake account.

Fraudsters love mixing authentic and false personal details to fabricate a new identity. They might blend a real Social Security Number with fictitious name, address, and birthdate information to create a synthetic identity, opens a BNPL account, and makes purchases that will never be repaid.

New account fraud

Definition: Criminals successfully open new BNPL accounts using stolen or synthetic identities to make purchases with no intention of repaying.

Example: A fraudster uses either a stolen or synthetic identity to open a BNPL account, makes multiple purchases, and disappears without making any payments.

Synthetic fraud and identity theft are precursor crimes that fraud rings then leverage for the fraudulent new accounts.

Account takeover fraud

Definition: Fraudsters gain unauthorized access to legitimate BNPL accounts and make purchases using the victim’s credentials.

Example: A hacker uses stolen login information to access a user’s BNPL account and make several high-value purchases before the real account owner notices.

One of the most prevalent BNPL fraud types, account takeover fraud (ATO) occurs when fraudsters hijack an existing BNPL account for unauthorized transactions. This can involve directly seizing the BNPL account through a hack, commandeering one linked to an online retailer, or using phishing attacks to trick users into giving up access to their account.

Redirection Fraud

Definition: Fraudsters manipulate shipping information to redirect BNPL purchases to a different address.

Example: A criminal hacks into a user’s BNPL account, changes the shipping address for an upcoming order, and intercepts the delivered goods.

By understanding these common types of BNPL fraud, businesses can better protect themselves and their customers from financial losses and identity theft. Implementing robust identity verification processes, real-time transaction monitoring, and advanced fraud detection systems can help mitigate these risks.

How to Detect BNPL Fraud

As more lenders adopt the BNPL model, the risk of misuse rises, making it crucial for service providers to implement robust fraud detection systems. While the convenience of BNPL is clear, fintech platforms must ensure secure transactions to protect both consumers and lenders from potential financial losses.

Here are some best practices for detecting and preventing BNPL fraud.

1. Harness comprehensive data sources

The first line of defense against BNPL fraud is reliable access to the critical data. When you utilize third-party data connectors that tap into data breaches and dark web sources, you gain valuable insights into potential fraud. Advanced tools like DataVisor’s device intelligence and behavioral biometrics offer cutting-edge device fingerprinting technology to identify risky devices and capture suspicious user behavior throughout the application and checkout process.

2. Implement real-time data orchestration

Building on your access to comprehensive data, embrace real-time data orchestration solutions to centralize this information in one place. AI-powered real-time data orchestration platforms like DataVisor give BNPL providers centralized, 360°customer views for continuous transaction monitoring. With a clear understanding of each customer’s behavior, your fraud operations teams can make informed decisions in real time. Moreover, agile real-time decisioning platforms empower businesses to integrate rules, model scores, and policies seamlessly, allowing for rapid responses to emerging fraud patterns.

3. Customize rules and features

Take advantage of customizable rules and features. Tailoring fraud detection mechanisms to your specific business needs ensures exceptional performance in identifying and thwarting fraudulent activities. They also provide important flexibility to quickly develop new features based on emerging fraud patterns. Once your team develops these rules, you can quickly test them before deployment as well.

4. Utilize unsupervised machine learning

Stay ahead of evolving fraud patterns by employing unsupervised machine learning models. DataVisor’s patented unsupervised solution stands out as a real-time, production-grade tool capable of swiftly capturing emerging fraud patterns, safeguarding your business against constantly evolving threats.

5. Incorporate Generative AI into your fraud defenses

Generative AI’s automation abilities save significant time on tedious tasks to free your fraud team up for more fraud investigation work. With added Generative-AI tools like AI Co-Pilot, fraud teams can boost efficiency and cut down on manual reviews with automated rule tuning and rule descriptions.

By incorporating these strategies into your fraud prevention framework, you can effectively combat BNPL fraud and maintain the integrity of your e-commerce operations. Stay vigilant, stay informed, and stay one step ahead of fraudsters with the market leader in fraud prevention. To learn more, see BNPL Case Study: Raising the Bar for Customer Experience and Reducing Fraud with Machine Learning.