Whilst the popularity of Buy-Now-Pay-Later products garners a remarkable level of traction worldwide, there has been an equal rise in the number of cybersecurity instances associated with this form of payment.
To convey the various aspects of fraud that both BNPL users and providers should seek to avoid, Jimmy Fong has supplied this guest-authored piece to The Fintech Times. Jimmy is the serving CCO of the cybersecurity software company SEON, whose technology combines social signals with digital footprint data to wean out false accounts and prevent fraudulent transactions from taking place.
Jimmy has over 13 years within the online payments and fraud space as part of fraud tech pioneers CyberSource (acquired for $2 billion by Visa), GlobalCollect (acquired by Ingenico for $1 billion) and latterly InAuth (acquired by American Express for $250 million). His passion is mixing nerdy obsession over technology and hyper-commercial growth.
Buy now, pay later (BNPL) services are growing at a rate of 39%, with major players like PayPal, Amazon and Square all acquiring existing BNPL companies in multi-billion dollar deals and challenger banks like Revolut and Monzo developing their own offerings. Klarna remains by far the biggest player in the space, with nearly a million app downloads in the UK alone, twice as much as its next biggest competitor, the established retailer Argos. It looks like far from being a new or niche form of financial technology, BNPL is firmly in the mainstream.
But wherever money goes, fraud will follow. We know from speaking to former and practicing fraudsters that they have already worked out and are sharing methods for defrauding BNPL schemes, and although statistics on how much fraud is happening on BNPL platforms aren’t available yet, they are likely to be significant and growing. So how are BNPL companies and their customers being defrauded, and how can it be stopped?
What is BNPL fraud?
Many types of BNPL fraud are no different to other kinds of eCommerce fraud. A fraudster will create a profile using a synthetic ID and enter stolen credit card details, the BNPL company will take the payment and ship and item to an address where the fraudster can collect the item for resale. After the original cardholder notices the suspicious payment and initiates a chargeback the BNPL company will be hit by a chargeback fee. Klarna’s policy is to accept the risks of any fraud, so that the companies who offer it as a payment method won’t be affected and will still be paid in full.
Account takeovers are also a possibility: fraudsters can find the login details for an existing BNPL customer and use that account to make purchases, something that is particularly easy when consumers use the same login details across multiple websites.
Their policy of accepting the risks from fraud means that BNPL companies are going to take the brunt of its harm, which makes it an attractive system to use for retailers whose bottom lines are under a constant barrage of fraud attacks. Klarna has broadly similar AI-enabled anti-fraud measures to those we have developed for our solution, though we don’t know the details on whether they use powerful tools like data enrichment and device fingerprinting to supplement their identity checks. This does take some of the burden off smaller retailers who might not be able to afford high-end anti-fraud software, but it also means that retailers have to trust that their BNPL provider has the best security measures available.
How to secure BNPL
Fraud becoming prevalent on BNPL platforms is going to contribute to the ‘too good to be true’ reaction that some people have when hearing about the service and could drive down the flow of new users until it becomes less viable. As with so many other industries in a digitised, highly connected world, BNPL needs to be fast and frictionless, allowing as many people as possible to be approved and move through the sign-up process as quickly as possible. Balancing speed and security is difficult for any industry, but for BNPL it will be crucial.
This is why real-time data enrichment solutions like ours are particularly suited to the BNPL space. They allow merchants and BNPL providers can carry out checks on every customer in the background, assembling hundreds of data points from anything from whether they use a VPN to how old their Facebook profile is, building a complete picture of every customer to be able to apply adaptive friction – giving customers who exhibit common signs of fraud more security checks than those who show clear evidence of being a real person. For the many instances in which it can’t be immediately determined whether a transaction is coming from a legitimate or fraudulent source then adaptive difficulty can be deployed – this would send borderline cases further security checks, filtering out fraudsters.
The industry has entered the mainstream, but that doesn’t mean that the BNPL marketplace will look the same in five years as it does today. If established companies like Klarna are able to stay afloat while they are being assailed by new competition and a press backlash, then they will be able to maintain their position on top of the industry. If they don’t address problems like fraud then the companies who do what they do in a safer, more customer-friendly way will take their market share, which is why BNPL companies and the merchants who use them all need to look seriously at the latest AI-enabled fraud-fighting technology.