“Buy Now Pay Later” offers are extremely enticing to customers, as it allows them to gain access to goods and services without having to pay the full cost upfront. It’s no surprise that retailers want to leverage these offers to attract more business and keep customers happy.
Unfortunately, fraudsters flock to these deals just as much as customers - and often for the same reasons; access to goods and services with little to no money down.
Merchants - and the BNPL providers themselves - must know what threats they face and how to prevent them. The best way to do that is to understand what this type of fraud is and how fraudsters exploit it.
To help you understand what you’re up against (and how to prevent it), we cover the following:
Read on to learn more about what BNPL fraud is, how it occurs, and how to safeguard your business.
Buy Now Pay Later fraud is any type of fraudulent activity related to a BNPL offer. In most cases, fraudsters take advantage of or exploit BNPL payment options to commit various forms of payment fraud.
BNPL fraud can be conducted by consumers that find a loophole in a BNPL offer; sometimes without even realizing what they are doing is ‘fraud.’ This is the most common case, which is a form of first-party fraud. The customer uses their own identity to buy goods and services, with no intention of paying it back because - when push comes to shove - most BNPL providers lack the ability to collect funds.
It can also be conducted by amateur and professional fraudsters looking to repeatedly exploit BNPL offers intentionally to gain free items and generate substantial profit. Sometimes, fraudsters will then resell the items to increase their earnings. While this may not be the most commonly used method, it often carries the most devastating financial impact to BNPL providers and retailers.
Who is Liable for Losses with BNPL?
Typically, the BNPL provider - which acts as both the payment processor and lender - is liable for non-repayment from the customer.
Ultimately, whoever authorized and facilitated the payment is liable. In most cases, this is the BNPL provider - a third-party service provider that manages the BNPL offers for the merchant.
However, if the merchant were to operate this promotion themselves, they would be liable themselves.
How does BNPL Fraud Occur?
Criminals are constantly trying to access goods and services without paying the full price (or at all), and are always looking for ways of achieving this.
To fraudsters, a BNPL system is appealing because it offers them the chance to gain access to an item while only paying a fraction of the cost. They can then keep the item (having saved significantly on the overall cost), or they can resell the item, making a handsome profit.
Ultimately, BNPL schemes are popular with fraudsters for several reasons you’d expect:
- Real-Time Approval: BNPL systems - with a focus on selling - are designed to be quick and painless. While this entices customers to buy, it doesn’t leave time for diligent customer verification, allowing fraudsters to squeak through before they can be detected.
- Structured Repayments: Repayment of BNPL works on delayed installments that are paid out over time, and in most cases, these have a long grace period at the beginning of the contract. This gives criminals a long - and clearly defined - window of opportunity.
- Inadequate Due Diligence: Many BNPL systems are focused more on conversion than risk prevention, and they are designed to make the user experience seamless and frictionless. This often comes at the expense of security and can lead to exposure.
Fraudsters seek out services with weak identity verification and user authentication systems in place, as it makes it easier to create accounts and make purchases. While an additional authentication step may add some friction to the user experience, it’s a very small price to pay to keep most fraudsters from targeting your platform in the first place.
Unfortunately for risk management teams, fraudsters can perform Buy Now Pay Later fraud in a myriad of ways; and since BNPL offers and systems have different rules and restrictions, they are vulnerable - and can be targeted - using different methods.
Let’s look at a few common ways fraudsters exploit BNPL systems in general:
- A fraudster creates a new account with stolen credentials with the intent to exploit a BNPL offer.
- A fraudster takes over another user’s legitimate, existing BNPL account.
- A fraudster redirects goods purchased via a BNPL account to a different address, without paying for the items they’ve acquired.
- A fraudster uses a BNPL account to launder funds by engaging in money muling, with the intent to obscure the original source of the funds.
- A merchant intentionally makes false chargeback requests, which the BNPL provider is on the hook for.
As you can see, the brunt of the attacks are coming from fraudsters that are intentionally seeking out - and taking advantage of - Buy Now Pay Later offers. A smaller number are merchants themselves that are exploiting the system in a variety of other, more nuanced ways.
BNPL providers need to be extremely careful when crafting their offers, closing any loopholes they can. They also need to be diligent in verifying users and authenticating purchases, as they end up on the hook for losses.
Now that we’ve covered the basics, we’ll dig deeper into the different types of BNPL scams that fraudsters exploit.
Although Buy Now Pay Later fraud involves any fraud that exploits a BNPL system, this can be achieved through a variety of different fraudulent practices. Below, we explore the common tactics criminals use to commit BNPL fraud scams:
The non-repayment fraud strategy is fairly simple to implement; and therefore commonplace. Essentially, a fraudster makes a purchase with no intention of repaying the debt.
Buy Now Pay Later systems are the perfect target for non-repayment fraud, as they offer customers delayed payments, meaning their first payment isn’t due for months (or even a year). This delay creates a huge window of opportunity for fraudsters who know they have 3 months to a year before the BNPL provider expects their first payment.
2. Fraudulent Repayment
In some cases, BNPL fraudsters don’t actually avoid repayment; they just don’t pay out of their own pockets.
In this version of a BNPL scam, fraudsters use stolen payment credentials to make their BNPL repayments. The BNPL provider is still being paid, but eventually, the cardholder is going to put a stop to this and request a refund. The BNPL provider will likely end up out that money.
In some cases, these payments can go on for a long period of time before they are noticed, increasing the window the fraudster has to escape before they are investigated. Since there appears to be nothing wrong from the organization's end, this type of fraud can remain undetected for a long period of time, making it hard to root out.
Here, both the BNPL provider and the stolen cardholder are victimized; but ultimately the BNPL provider is on the hook for the value of the goods and services. This also skews acquisition and sales metrics for the retailer, causing lost sales (and sometimes lost product). In essence, one crime is being used to settle the debt of the other, making it harder to detect the original crime.
3. New Account Fraud
Sure, the odd individual could take advantage of a single BNPL offer by gaining access to a free item and intentionally avoiding repayment. Whether they gain a promotional gift card of $20 or a new living room couch, both certainly amount to fraud.
However, the larger BNPL fraud threat facing organizations is fraud rings that are intentionally exploiting BNPL offers by cashing in on it multiple times using duplicate accounts. To make this possible, fraudsters need to create numerous accounts and then cash in on the BNPL offer repeatedly, exponentially increasing their profit.
If it occurs infrequently, a single item (even an expensive one like a couch) can be written off as a cost of doing business. But malicious attacks that repeatedly exploit BNPL offers can lead to significant fraud losses.
4. Account Takeover Fraud (ATO)
No one likes to do extra work - not even fraudsters. Rather than creating a new account (or the fake identity and credit history that go with it), fraudsters simply take over accounts of existing users; users that already have an established credit history with the organization.
Instead of having to worry about identity verification - one of the largest barriers to committing this crime - fraudsters can simply access someone’s existing account; one that’s already cleared KYC procedures. These fraudsters circumvent identity verification, which is the first line of defense for organizations looking to prevent BNPL fraud. Because of this, companies will need to rely on other tools to detect and prevent this type of BNPL abuse.
Retailers should monitor account logins for new devices or IP addresses, as fraudsters rarely have access to the account holder’s device or location. Most importantly, examine all account changes, including password changes, username changes, and more.
Better yet, create rules that look for a very specific series of user activity that ATO fraudsters would use for a BNPL offer. For example, you could create a rule that looks for any instance where (1) a user logs in from a new device or IP address, (2) a user makes a password change, and (3) the user makes a BNPL purchase. This will flag behavior on your platform that fits this pattern, and help teams catch this activity before it occurs.
5. Synthetic ID Fraud
Even user authentication will struggle to catch all of these cases, as synthetic fraudsters will almost always be able to authenticate they are the user. The fact is, they ‘are’ the account holder; they just aren’t who they say they are.
6. Family Fraud
Online marketplaces and services are designed to be fast, intuitive, and easy to use; that’s what draws customers to them. Accounts automatically sign a user on from a recognized device, providing seamless access. However, this frictionless user experience comes at a cost, as family members, friends, and others can have access to someone’s device - and potentially their account.
For retailers using BNPL offers, it’s important to keep in mind that your users’ family members are often within reach of their devices. Whether it’s intentional or not, family members and friends can use this access to commit fraud. In most cases, this is often done within the household; a child gains access to a credit card and (intentionally or not) they make purchases for themselves, pretending to be the cardholder.
While this can be teenagers that are acting out and buying themselves a new pair of pants, it can also be much more complex when it comes to online purchases. In 2020, a child made $20,000 worth of donations to a number of prominent streamers on Twitch, a video game streaming platform. While not all of these crimes are intentional or malicious, they have serious consequences and can rack up hefty sums of money - which can mean serious losses for marketplaces.
It’s also important to remember that this type of fraud is often opportunistic. It’s not planned and carefully executed, it’s occurring in the moment based on a limited window of opportunity. Because of this, there will rarely be warning indicators that could signal that this is about to occur.
7. Triangulation Fraud
If criminals perform it correctly, BNPL is actually the perfect use case for the application of triangulation fraud, making it a popular tactic. When it’s all said and done, the provider ends up liable for the amount.
In traditional triangulation fraud, criminals pose as a seller to an unsuspecting buyer. That buyer makes a purchase from the fraudster with a legitimate card, which the fraudster pockets. The fraudster turns around and purchases the item they’ve just ‘sold’ on a legitimate marketplace, using a stolen credit card. They ship the order to the buyer, who is none the wiser. The fraudster makes off with the funds the buyer gave them, having made the purchase with stolen funds.
Now compound this with a system that allows the fraudster to only pay a portion of the cost of the original item. The fraudster now has far less friction in a BNPL system for committing this type of fraud. With lower entry points on purchases, they can theoretically get more value out of every stolen card they have before it’s flagged.
For example, you could create a rule that looks for a change in shipping address followed by a minimum of three purchases. You could also look for accounts that make a series of orders where the shipping address is changed after the point of purchase, and where none of the addresses match. The rule could flag the activity for review, or it could stop the activity altogether, preventing the fraudulent activity from happening.
Buy Now Pay Later services offer a very specific type of payment service; with unique features and challenges. Fraudsters exploit it for different reasons than they exploit other payment systems, and it’s important to be aware of this when devising an action plan.
Despite the fact that fraudsters perform BNPL fraud in a variety of ways, they all aim to exploit similar things about how the BNPL system operates. By honing in on how fraudsters exploit this system, BNPL providers (and the retailers selling their products and services) can best prevent BNPL fraud from happening.
Unfortunately, Buy Now Pay Later agreements offer very little in terms of a transaction record; which gives risk analysts very little to go off. Once the sale is complete, there is little activity until the payment cycle starts and the first payment is due. Typically, by the time the first payment is due, the fraudster’s already made off with the goods and is nowhere to be found.
Because of this, organizations need to look at specific ways to combat these threats. Below, we cover some of the top methods for preventing BNPL fraud:
Although retailers don’t need to know much about potential customers, organizations are responsible for knowing who they are conducting business with. A very clear shift occurs when a potential customer becomes a legitimate customer, and that shift is only completed through customer onboarding. While not the most important step, verifying users during onboarding is often the first step, as it’s typically the first interaction you have with a customer.
Without knowing who customers are, it’s impossible to prevent - or recover losses from - fraud. When it comes to BNPL fraud in particular, retailers need to rely heavily on verifying and validating users when they make accounts, ensuring that users are both an authentic person and who they say they are.
Organizations need to have clear identity verification processes during user onboarding that follow all relevant KYC requirements. Ensure Customer Due Diligence and (when necessary) Enhanced Due Diligence are followed. New users should be screened and ID documents will need to be verified. Ideally, this will root out most attempts at fraud from ever coming to fruition, and will also deter fraudsters from targeting your platform (instead going for an easier target).
Despite best efforts, some savvy fraudsters will pass ID verification checks. Some fraudsters will even find other ways around identity verification, instead opting to take over existing user's accounts. Since fraudsters can get through - and around - onboarding protections, organizations must have other preventative measures in place.
With the user now on your system, the next best way to prevent BNPL fraud before it occurs is never to let the user complete a BNPL purchase in the first place. The best way to do that is to authenticate a user before allowing a BNPL purchase to go through. Thus, user authentication is one of - if not the most important - methods of preventing BNPL fraud for retailers and BNPL providers.
Ultimately, user authentication is the last defense organizations have to actually prevent fraud from happening. After this stage, the crime has been committed and their best hope is recovery. Establish secure user authentication methods that validate a user is the account holder before completing any BNPL offers, including multi-factor authentication, biometric verification, facial recognition, and more.
User authentication is more important than ever to BNPL providers, will end up liable for losses when the fraudster doesn't pay up. Since BNPL providers aren’t responsible for user onboarding, this is the only check they have before completing a purchase and falling victim to fraud.
Traditional transaction monitoring - while still useful - won’t be quite as fruitful as it would be in other cases. By nature, BNPL fraud means you’ll likely have a single transaction activity (the initial purchase of the offer), followed by a delayed period of inactivity by the user.
However, while there may not be regular transactions, there is still plenty of other behavior available to monitor and analyze - behavior that can offer insights about potential BNPL fraud.
Risk analysts look at transactions because it’s an ‘event’, an activity that occurs between the customer and the BNPL provider. And while there aren’t many transactions in BNPL, there are still a lot of ‘events’. That is, there is still a variety of activities the user performs on your platform that can be monitored, analyzed, and evaluated.
It’s more important than ever to leverage this activity monitoring to detect and prevent BNPL fraud, looking at activity other than transactions to root out potential misuse of BNPL offers.
Account logins can be extremely insightful, offering information about the user’s device, the user’s IP address, and the length of the session. Some of these can be immediate flags; for example, if the device’s IP address is from a sanctioned country. Others may not be so obvious at first, but would be clear from examining patterns of behavior; for example, if logins occur from multiple devices and IP addresses, this could be a sign that it’s not an individual user, but a fraud ring operating an account.
Ultimately, the more information you have, the better. While traditional fraud relied on examining the transaction itself, modern organizations have far more indicators at their disposal. It’s kind of like looking at only a quarter of a painting; and thinking you’ve seen the whole thing. If you’re examining only transactions in your efforts to detect and prevent BNPL fraud, you’ll fall short. When considering monitoring solutions, it’s essential that risk and compliance teams are empowered to look at more than just transactions.
Leverage True Activity Monitoring to Stay One Step Ahead of Fraudsters
It’s no wonder online marketplaces love BNPL offers; they attract new customers and enable customers to make purchases they otherwise wouldn’t make. However, BNPL offers are especially attractive to fraudsters, as it gives them a large window of opportunity to access goods at less than full (or even no) cost.
While BNPL fraud can be conducted in a variety of ways, it’s all about exploiting the core elements of how these offers are structured. In most cases, fraudsters take advantage of a deferred payment structure, where the initial payment is delayed months (or even years).
Since there is little transaction history (or activity for that matter) for marketplaces to monitor, they rely much more heavily on identity verification and user authentication solutions to stamp out BNPL fraud. BNPL providers and retailers need to perform robust customer onboarding to ensure fraudulent accounts aren’t opened in the first place, and then employ authentication to ensure future activity is only performed by that user.
Schedule a demo today to learn how Unit21 can help you stamp out BNPL fraud.