Buy Now, Pay Later Fraud (BNPL) allows consumers to make purchases at participating merchants and split the cost into installments that are typically spread over several weeks or months.

 

A new study by Juniper Research forecasts a massive surge in Buy Now, Pay Later (BNPL) users globally. They predict the number will climb to over 900 million by 2027. This is a staggering 157% increase from the estimated 360 million users in 2022. This explosive growth is attributed, in part, to the anticipated economic downturn, which is expected to drive consumer demand for more affordable credit options.

 

According to the Finder 2024 survey, around half of UK adults (50%) have used BNPL at some point, which equates to around 26.4 million people. This number is up from an estimated 19.1 million (36%) at the start of 2023.

 

ResearchAndMarkets highlights a growing demand for credit in Africa, fuelling the adoption of Buy Now, Pay Later (BNPL) services. A significant portion of the African population remains unbanked, making BNPL an attractive alternative for accessing credit. This trend is expected to continue in the medium term, driving BNPL growth across the region. The report maintains a positive outlook for the BNPL industry in the Middle East and Africa, predicting steady growth over the next 3–4 years.

 

However, this rise in popularity comes with a hidden cost, which is a rise in BNPL fraud. Unfortunately, as BNPL usage shoots up, fraudsters are finding new ways to exploit vulnerabilities within the system.

 

In this article, we cover the following:‍

• What is BNPL Fraud?

 

• 12 Tactics Employed by Criminals in BNPL Fraud

• What are the Risks of BNPL Fraud on the Consumer, the Merchant, and the BNPL Provider?

• How to Prevent BNPL Fraud15 methods BNPL providers and merchants can use to prevent BNPL fraud risks

‍Read on to learn more about what BNPL fraud is, how it occurs, and how to secure your business.

 

What is BNPL Fraud?

 

BNPL fraud includes any fraudulent activity related to splitting purchases into smaller, deferred payments. While BNPL offers convenience for consumers, it presents unique challenges for both payment processors and merchants. Unlike traditional payment methods, BNPL providers often have less stringent credit checks. It makes it easier for individuals with limited credit history or those seeking to avoid accruing debt to participate. 

 

Two Main Categories of BNPL Fraud

 

BNPL fraud can be broadly categorized into two areas:

1. Digital Payment Fraud: This mirrors fraud tactics common across other digital payment systems. Fraudsters employ stolen user data, automated bots, and account takeover (ATO) methods to make unauthorized BNPL purchases.

2. Exploiting Onboarding Processes: This type of fraud exploits weaknesses in the onboarding procedures of BNPL providers and merchants. BNPL onboarding processes are often less stringent than traditional credit applications. This makes them vulnerable to fraudsters seeking to create fake accounts or exploit lax customer due diligence. 

Interesting Read: Fraud Detection Using Machine Learning

 

What are the Tactics Employed by Criminals in BNPL Fraud

 

Let's look at some prominent examples. Each of these examples highlights specific compliance challenges:

• Identity Theft: Fraudsters create fake accounts using stolen credentials or fabricated information to make unauthorized purchases.

• Account Takeover: Criminals gain access to existing accounts to make fraudulent purchases. They make use of methods like phishing or credential stuffing.

• Merchandise Fraud: Fraudsters order goods intending to never repay or ship them to a drop-off address they don't control.

• Money Laundering: Criminals may use BNPL for money laundering by purchasing and returning goods to generate illegitimate cash flow.

• Fake Merchants and Chargebacks: Deceitful merchants may conspire with customers to generate fake purchases and then initiate illegitimate chargebacks, which the BNPL providers may absorb.

• Friendly Fraud: This type of fraud involves a lawful account holder purchasing to deny the charge later. Therefore, they keep the product and the money. 

• Trojan Horse Fraud: Fraudsters use a BNPL account to gain trust with a merchant and then switch to a stolen credit card for later purchases.

• New Account Abuse: Fraudsters exploit weak KYC/AML procedures to open accounts using stolen data or fabricated information

• Synthetic Identity Fraud: Fraudsters combine real and fake data to create seemingly legitimate accounts for fraudulent purchases.

• Transaction Laundering: Criminals might use BNPL to process transactions for illegal businesses disguised as legitimate merchants.

• Never-Pays Fraud/Non-Repayment: Fraudsters make purchases with stolen identities or hacked accounts with no intention of repaying.

• FamilyFraud

This kind of fraud could occur deliberately or accidentally, when a relative, usually a kid, makes an unauthorized purchase on their parent’s account.

 

Who Pays the Price for BNPL Fraud?

 

The responsibility for BNPL fraud often falls squarely on the shoulders of the BNPL provider itself. Since they act as both the payment processor and lender, the BNPL provider ultimately authorizes the transaction. This means they are typically on the hook for any fraudulent charges that occur on their platform.

 

What are the Risks of BNPL Fraud to the Consumer, the Merchant, and the BNPL Provider?

 

While BNPL providers face the most significant financial risk from fraud, the negative impacts extend far beyond that. Here's a breakdown of the consequences for each stakeholder:

Consumers:

• Financial Loss: Fraudulent purchases can drain a customer's account, leaving them liable for charges they didn't authorize. Recovering these funds can be a complex and frustrating process.

• Identity Theft: Compromised accounts expose personal details, making customers vulnerable to future scams and identity theft.

• Damaged Credit: Unresolved fraudulent activity can negatively impact a customer's credit score, hindering their ability to access future financing.

Merchants:

• Reputational Damage: Experiencing BNPL fraud can erode customer trust and damage a merchant's reputation. Customers may be hesitant to shop at a store perceived as insecure.

• Strained Relationships: Fraudulent transactions can also negatively impact relationships with suppliers and even the BNPL provider itself. Providers may be hesitant to offer their services to merchants with a high fraud risk.

 

BNPL Providers:

 

• Financial Losses: As mentioned previously, BNPL providers are typically responsible for reimbursing fraudulent charges. This can significantly eat into their profits.

• Increased Risk Exposure: High levels of BNPL fraud can make them less attractive to potential customers and investors.

By understanding these consequences, BNPL providers, merchants, and consumers can work together to implement powerful security measures and minimize the risk of BNPL fraud.

Further reading: How Businesses Mitigate Compliance Risk with Youverify Full Cycle AML Solution

 

How to Prevent BNPL Fraud Risks

 

The growing popularity of Buy Now, Pay Later (BNPL) services has unfortunately attracted fraudsters. 

 

Regulatory bodies are still grappling with the best approach to BNPL and its associated fraud risks. Currently, existing regulations like KYC/AML and data security laws apply to BNPL providers. However, the specific regulatory framework for BNPL fraud prevention is still under development. 

 

Here are 15 methods BNPL providers and merchants can use to prevent BNPL fraud risks:

 

1. Enhanced KYC Procedures: Implement stricter identity verification during account creation. This could involve document verification, facial recognition, and even biometrics to ensure users are who they claim to be.

2. Advanced Fraud Detection: Utilize artificial intelligence (AI) and machine learning to analyze user behavior in real time. These tools can identify suspicious activity patterns and flag potential fraud attempts.

3. Strong Authentication Tools: Go beyond passwords. Multi-factor authentication (MFA) and other measures add an extra layer of security, making it more difficult for unauthorized individuals to access accounts.

4. Data Security Protocols: Robust data security measures are essential. Encryption and access controls protect user information and comply with data privacy regulations.

5. Transparent Dispute Resolution: Establish clear and fair procedures for handling BNPL chargebacks. This fosters trust between consumers, merchants, and BNPL providers.

6. Real-Time Data Enrichment: Gain a 360-degree view of user activity by analyzing data points like emails, IP addresses, phone numbers, and Bank Identification Numbers (BINs) during account creation, logins, and transactions. This allows for flagging suspicious patterns.

7. Email Risk Scoring: Analyze social and digital profiles associated with email addresses to generate risk scores and identify suspicious users.

8. IP Geolocation: Verify a user's location and identify attempts to mask it with VPNs or proxies to prevent fraudulent activity.

9. BIN Analysis: Extract information from BINs to detect virtual cards and identify the issuing bank's location.

10. Phone Number Verification: Combine public and private data sources to comprehensively verify phone numbers, aiding in fraud detection.

11. Rule-Based Risk Assessment: Utilize historical data to identify red flags and guide credit decisions. However, incorporate external data sources as well to stay ahead of evolving fraud tactics.

12. Device Fingerprinting: Gain insights into users' devices and configurations to identify suspicious tools and settings associated with credential stuffing, phishing, and SIM swapping attacks. This helps prevent account takeovers, multiple signups, and bot attacks.

13. Collaboration with Regulators: Proactive engagement with regulatory bodies allows BNPL providers to stay informed of evolving regulations and demonstrate their commitment to compliance.

14. Address Verification: Confirm that the addresses provided by customers during BNPL transactions are genuine. Address verification services cross-reference user information with authoritative data sources to validate addresses.

15. Customization and Automation: Customize risk scores generated by data enrichment modules to fit specific needs. Scoring Engines allow BNPL providers to adjust existing rules, add new ones based on various data points, and define the impact of each rule on the overall score. Additionally, API integration automates data checks during onboarding processes, streamlining fraud prevention.

Interesting read: Identification, Verification, and Authentication

 

The Future of BNPL Fraud Prevention

 

By prioritizing compliance, BNPL providers can not only reduce the risk of financial penalties but also build trust with consumers and regulators. This encourages a healthy and sustainable BNPL market where responsible innovation goes hand-in-hand with strong consumer protection. 

Technological advancements, such as improved AI-powered fraud detection, offer further promise for strengthening fraud prevention within the BNPL ecosystem. As regulations mature and compliance measures become more powerful, the future of BNPL looks bright. Thus offering a convenient and secure payment option for both consumers and merchants.

 

How Youverify Can Help the Fight Against BNPL Fraud

 

Youverify offers a comprehensive suite of tools specifically designed to combat BNPL fraud. Our solutions empower you to confidently onboard legitimate customers, prevent unauthorized account access, and identify suspicious activity in real time. Don't let BNPL fraud erode your profits or damage your reputation. Schedule a demo today and discover how Youverify can help you secure your business from BNPL fraud.