Skip to content
All Blogs

How to detect and prevent increasing BNPL fraud

Author: Jim Murphy


Growing up, I remember many brick-and-mortar retailers offered layaway as a service for their customers. In particular, you’d see long lines at the layaway counter a few months leading up to the holidays. I also remember watching Wimpy from the 1930’s Popeye cartoons saying, “I'll gladly pay you Tuesday for a hamburger today.” The concept of buying an item now and paying later has been around for a very long time.

Fast forward by a few decades and we see the emergence of a new customer service offering of “Buy Now Pay Later” (BNPL), which is increasing at a rapid pace. For example, PayPal reported a 400% year-over-year jump in users of its BNPL solution during the Black Friday and Cyber Monday sales period in 2021. According to Precedence Research Group the BNPL market size was USD $125.1 billion in 2021, with the expectation that it will grow to USD $3.3 trillion by 2030.

What exactly is BNPL?

Just as it sounds, the consumer can purchase an item and pay in installments at a later date. Some BNPL plans include interest and late fees while others don’t. It’s similar to a credit card, though the interest rate is typically much lower.

How does it work? The consumer visits a retailer’s website and selects items they’re interested in purchasing. Once they check out, and depending on the retailer, they may have a BNPL option. If they don’t already have a BNPL account, they’ll have to provide some basic information to apply for the account. Some retailers may submit a soft credit inquiry to check the consumer’s credit and provide an immediate response on whether the application is approved or not. The application process in most cases is short and doesn’t take very long to complete. Once approved, the consumer needs to make the required installment payments that were outlined at the time of purchase.

Is BNPL too good to be true?

Providing a BNPL option to consumers is a great opportunity to elevate the customer experience while generating revenue. Unfortunately, it also comes with a degree of associated risk. Fraudsters have taken note of how lucrative BNPL has become, and are making every effort to take advantage of the lower approval requirements – subsequently defrauding companies out of millions of dollars. There are several ways they go about this through the following fraud schemes:

  • New account opening
  • Account takeover
  • Fraudulent chargebacks
  • Never pay fraud
  • Use of stolen or synthetic identity
  • Trojan horse fraud

For this post, I’ll focus on the most common BNPL fraud use cases which are new account opening and account takeover.

New account opening: In new account opening fraud, the fraudster uses the personal information (PI) from either a stolen or synthetic identity to open a new account. In many cases, the PI has been purchased from the dark web. Since minimal information is required and only a soft inquiry is made, it’s very likely that the new BNPL account will be approved. The fraudster starts to purchase high-end items and has merchandise shipped to a different mailing address. In some cases, the fraudster may make a small initial payment, possibly with a stolen credit card. In other instances, no payment is ever made. The retailer is left with stolen merchandise and no one to pursue for payment as the identity was fake.

Account takeover: For account takeover fraud, the fraudster has been able to obtain the consumer’s credentials from social engineering, phishing attacks, or purchasing the information from the dark web. Once the fraudster gains access to the BNPL account, they’ll make changes to the physical mailing address, password, and/or email address to take control of the account. The fraudster will then start to order high-end items and have them sent to the new mailing address. The consumer is usually in the dark on what has transpired until they receive a notification from the BNPL firm that they’re late in making a payment. As with new account application fraud, the retailer and the account holder are the victims of this crime.

So why is it so easy for a fraudster to commit BNPL fraud?

First, obtaining a BNPL credit line is very quick and easy, with a near-instant approval/disapproval. Once the approval has been granted, it paves the way for the fraudster to commit the fraud with no further obstacles.

Secondly, the payment process is completed over several installments. This gives the fraudster ample time to commit the fraud multiple times. In some cases, they may make a minimal payment. However, at the end of the day, the fraudster has the merchandise in their possession and never pays in full.

Lastly, many BNPL firms do limited credit checks or none at all for a new application. As stated, the process was meant to be quick and easy for the consumer with very few checks and balances up front to verify the consumer and stop the fraudster.

How can BNPL fraud be detected and prevented?

Some of these types of fraud can be a little more complex, so the typical use of black box technologies utilizing business rules often isn’t effective. The best way to detect, and better yet prevent, BNPL fraud from occurring is using a multi-faceted approach that includes artificial intelligence, machine learning, behavioral biometrics, and anomaly detection - all in real-time.

For instance, if a fraudster attempts to sign into someone else’s BNPL account it’s likely their behavior will be different than the owner of the account. Their typing speed, copying and pasting PI, different IP address, time of day, etc. won’t be the same. Any potential changes that would be made by the fraudster can be shut down before any fraudulent activity occurs.

The same goes for new account opening. A fraudster is going to look and act much differently than a regular consumer. The goal for the fraudster is to create the new account as quickly as possible and order high-end merchandise, while a genuine consumer may poke around the website to shop and eventually land on purchasing an item. In either case, the use of a combination of fraud solutions will solve for BNPL fraud while providing a frictionless experience for the legitimate consumer.

Behavioral biometrics can identify abnormal behaviors, while anomaly detection will discover hidden data patterns such as bot and DDoS attacks. Layering on machine learning and AI enables detailed profiles of legitimate vs fraudulent behaviors to detect and prevent fraud in real-time.

What is a BNPL firm to do?

A BNPL firm has multiple choices when it comes to fraud detection and prevention.

The first is to do nothing and continue to operate as usual while looking at fraud as simply the cost of doing business. The second, and one that I would recommend, is to install frictionless technology such as behavioral biometrics behind the retailer’s digital channels to detect as well as prevent BNPL fraud from occurring. Behavioral biometrics can determine if the person is the established account holder by comparing how the person has interacted in the past (mouse movements, swiping on a mobile app, typing speed, etc.) and comparing that data to the most recent interaction. If the behavior isn’t a match, the retailer can choose to stop the transaction from occurring. Likewise, if the behavior matches that of known fraudulent interactions it can trigger further action.

Account takeover and new application fraud schemes are nothing new, especially with the fraudster utilizing stolen or synthetic identities to commit BNPL fraud. BNPL firms need to decide how to best tackle the BNPL fraud scheme. They need to weigh the cost of fraud to their organization and stockholders, reputational risk, as well as the potential friction on their customers. In my mind, utilizing behavioral biometrics is the best solution to solve for these potential pain points!

Subscribe to our blog for regular updates!