What is BNPL Fraud? How Do Scammers Manipulate This Popular Payment Option?
The “Buy now pay later” model, commonly abbreviated to "BNPL," has become a mainstay of modern eCommerce. It is so popular with consumers, in fact, that its overall market valuation is expected to reach $3.98 trillion by 2030.
If you want to learn more about this topic, we wrote a whole blog post a while back explaining the ins and outs of the BNPL phenomenon, which you should check out first:
Learn more about BNPLThere are a lot of great benefits to the BNPL model for both merchants and consumers. However, there’s also a dark side to understand as well. There’s the risk posed by BNPL fraud, for instance, which is also on the rise.
Recommended reading
- Increase in Fraud in APAC Highlights Need for Solutions
- The Top 10 Prepaid Card Scams to Watch Out For in 2024
- How do Banks Conduct Credit Card Fraud Investigations?
- What is Synthetic Identity Theft? How Can Merchants Stop it?
- What is SIM Swapping Fraud & How Does It Work?
- Key Credit Card Fraud Statistics to Know for 2024
What is BNPL Fraud? How Does it Work?
- Buy Now Pay Later Fraud
Buy now pay later fraud, or BNPL fraud, refers to any fraudulent activity in the “buy now pay later” space. In other words, it’s a scam by which a fraudster abuses a BNPL payment option to conduct a payment fraud attack.
[noun]/bī • nou • pā • lā • tər • frôd/BNPL fraud incidents could cover a range of third-party criminal attacks. BNPL fraud may also result from dishonest behavior on the part of merchants or the BNPL providers in question.
To offer a few examples, BNPL fraud can occur in any of the following ways:
- Fake BNPL accounts can be created with stolen credentials.
- Legitimate BNPL accounts can be taken over by fraudsters.
- BNPL goods can be redirected to false addresses.
- BNPL payment methods can be used to launder money or conceal the payment’s originating source.
- Fake merchant accounts could initiate false chargeback requests, which would then revert to the BNPL company itself.
- BNPL purchases that are ineligible for a return may be disguised to appear legitimate or may be returned well outside of the return limit.
There are literally dozens of ways in which the BNPL payment process could be abused. We’ll examine some common tactics in more detail below, but we couldn’t begin to cover every threat source here.
The problem is that fraudsters are extremely resourceful, fast learners. They’re adept at leveraging new technologies and consumer preferences, and they deploy extremely sophisticated technology to do so.
Why is BNPL Popular With Fraudsters?
Just like consumers, fraudsters follow trends. Whatever is popular with consumers will, by extension, be popular with criminals.
Why? Well, setting aside common reasons for fraud like psychology and socioeconomics, the simple fact is that it’s easy.
Emerging payment technologies have less established regulation than conventional payments. There is not a lot of accurate data available, making it harder to identify and fight. Finally, fraudsters love BNPL because it’s a popular and fast-growing consumer channel.
For a more nuanced view of these assertions, consider the following:
We’ll explain how to spot a case of BNPL fraud further down, but for now, let’s go over the various trends that fraudsters use to take advantage of the BNPL market.
8 Common BNPL Fraud Tactics
To conduct a BNPL transaction, a consumer must typically create an account with the payment service provider (PSP) in question. This opens the door for several scenarios that could fall under the umbrella of buy now, pay later fraud:
#1 | Account Takeover
By using account takeover tactics to compromise a user’s account, bad actors are able to engage in BNPL fraud on any site that accepts that provider. Because payment is delayed, the actual consumer may not notice the fraud for weeks.
#2 | Synthetic Fraud
Fraudsters can use stolen information to engage in synthetic buy now, pay later fraud. This adaptation of synthetic fraud means that the fraudster literally “invents” a fake persona that can be used to create a new account and complete purchases.
#3 | Family Fraud
This occurs when a relative of the authorized buyer has access to the account. A child, for instance, can make an unauthorized purchase on a parent’s device, which the parent only discovers later.
#4 | New Account Fraud
Opening a new BNPL account is easy. New account fraud occurs when a fraudster adopts a false identity to create a new account. This often occurs at the banking level, with fraudsters using stolen or synthetic identities to secure new credit or debit cards, which they can use to make purchases.
#5 | Non-Repayment
This is a very straightforward scheme. In essence, the buyer makes a purchase with no intent of repaying it. Non-repayment scams can be a standalone incident, or can combine one or more of the tactics on this list to make several purchases without intending to pay them back.
#6 | Trojan Horse Fraud
Often a direct result of ATO or synthetic fraud, trojan horse fraud happens when a fraudster creates an account with fake or stolen user credentials and changes the payment method to another hijacked account. In this way, the fraudsters can make any number of purchases through BNPL, without ever paying for a single transaction.
#7 | Sim Card Swapping
A SIM swap scam is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification. Specifically, it works when the second factor or step is a text message, or a call placed to a mobile phone. BNPL accounts can easily be targeted this way, with bank details just a few clicks away.
#8 | Return Abuse
In conventional eCommerce, limitations on a cardholder’s available funds or credit can sometimes provide a valuable check against overspending. With BNPL, a buyer may feel less restricted by the amount of money they have on hand…at least at the time of purchase. However, they may later buyer’s remorse, and start returning goods (even without valid reason).
For merchants, the good news here is that most providers will accept liability for BNPL fraud that occurs on their platforms. After all, it was their account, on their platform, which was compromised.
Is Anything Being Done About BNPL Fraud?
For all the reasons listed above, BNPL fraud cases have become a major concern. As BNPL continues trending upward, fraud is going to continue to rise in lockstep. Some fraud attacks are so successful that scammers have even taken to boasting about their exploits online.
Clearly, something needs to be done. But what? And by whom?
Well, The US Consumer Financial Protection Bureau (CFPB), for one, has taken some action. The agency has laid out plans to regulate BNPL companies like Klarna, Quadpay, and Affirm due to rising concerns that their fast-growing financing products are harmful to consumers.
The CFPB points out that BNPL providers do not give data to credit reporting agencies. The agency argues that, because of this, lenders might have an incomplete picture of a borrower's liabilities, including BNPL loans at rival companies. This could lead consumers to be approved for lines of credit for which they do not really qualify.
However, whether or not this potential regulation is passed, there will be a substantial threat posed by criminal fraudsters. What this means is that you should shift focus to your fraud detection and prevention efforts.
Signs of BNPL Fraud to Watch for
It’s in your best interest to screen BNPL orders for potential fraud. The best indicators are tied to customer behavior. Below are some examples of likely BNPL fraud indicators:
New Buyers
Has the customer ever shopped with you before? Or is it a totally new customer intent on making a purchase for the first time?
Unusual Purchasing Patterns
For returning customers, does their current purchase reflect their past behavior? In other words, is this purchase unusual for that individual user?
Unfamiliar Devices
Customers typically shop from a small cluster of personal devices. An unfamiliar device may suggest an unauthorized buyer.
Transaction Velocity
Did a buyer submit numerous transactions in a short period? It may be a fraudster attempting to get as much value as possible before being discovered.
Shipping Mismatches
Does the shipping address match what’s on file for the buyer? Or could you be shipping goods to a criminal?
None of these indicators are “proof” of buy now, pay later fraud. However, if a customer trips multiple indicators, it may be a good idea to reach out and try to verify the individual’s identity.
How to Prevent BNPL Fraud
In order to successfully insulate your business from BNPL fraud, it’s best to form a strategy that addresses every type of fraud, rather than just one. When used in tandem, a plurality of fraud detection methods can more effectively lower risk, and improve relationships with consumers and payment providers.
A Multi-Layered Strategy is Best
Here’s the bottom line: embracing buy now, pay later options can be a great benefit for both consumers and merchants. But, even though the potential for buy now, pay later fraud is minimal… it’s still a concern.
We recommend carefully reviewing service providers’ policies regarding fraud liability and other concerns outlined above. Although the chargeback process doesn’t apply in these transactions, the degree of liability imposed on you could be impacted by the terms you agree to.
Don’t forget, even with numerous fraud detection and fraud prevention tools at your service, there’s still no guarantee that you’re fully protected. You’ll still run up against two key limitations.
First, a tool is only as effective as your strategy allows. Having multiple tools to fight fraud won’t be enough. For best results, a multi-layered fraud strategy will help you make the most of the tools at your disposal.
Second, not all fraud originates with a criminal. Conventional fraud detection tools have no impact on threats like friendly fraud. You’ll need additional help to deal with this and other threats to your revenue. Here at Chargebacks911®, we specialize in preventing post-transactional fraud that criminal fraud tools like those listed above can’t reach. We work alongside other technologies to provide comprehensive, multilayered fraud defense. Continue below and get a free ROI analysis today.
FAQs
What is buy now, pay later fraud?
Buy now pay later fraud, or BNPL fraud, refers to any fraudulent activity in the “buy now pay later” space. In other words, it’s a scam by which a fraudster abuses a BNPL payment option to conduct a payment fraud attack.
What is the problem with buy now pay later?
Frankly, there are literally dozens of ways in which the BNPL payment process could be abused; we couldn’t begin to cover them all. Fraudsters are extremely adept at using consumer favorites against them and deploy extremely sophisticated technology to do so. As BNPL is a relative newcomer to eCommerce, we’re still learning how and why merchants are targeted… and how to fight back.
What happens if you don't pay back BNPL?
Failure to repay BNPL loans can lead to late fees, fines, and even damaged credit if the non-repayment persists.
Who regulates buy now pay later?
BNPL is fairly unregulated, for now. However, the US Consumer Financial Protection Bureau (CFPB) has laid out plans to regulate BNPL companies like Klarna, Quadpay, and Affirm due to rising concerns that their fast-growing financing products are harmful to consumers. The CFPB points out that because BNPL providers do not give data to credit reporting agencies, lenders might have an incomplete picture of a borrower's liabilities, including BNPL loans at rival companies.