BNPL Fraud: Big Trouble Ahead?
It’ official: Buy Now, Pay Later (BNPL) is a major hit with consumers and retailers alike. But fraudsters may be its biggest fans.
Over the past year, BNPL platforms such as Afterpay, Sezzle, Affirm, and Klarna have helped consumers make $100 billion in purchases for everything from Xboxes, to baby food, to utility bills, and then pay it off in fixed installments, often with zero interest. That’s a $76 billion increase in just 12 months.
Nearly every US retailer from Target, to Big Lots, to American Eagle now offers BNPL options, And according to CB Insights, this new form of payment could top $1 trillion in yearly purchase volume as early as 2025. But that could be low-balling it.
So far at least, BNPL has mostly been marketed to credit-challenged Millennials and Gen Z as an alternative to credit cards-something that’s quickly attracting regulatory scrutiny. But today, merchants, banks, and even card issuers are actively expanding into new forms of BNPL that cater to wealthier consumers who don’t bat an eye at $1,300 home exercise equipment or a $3,000 mattress. In 2022, Buy Now Pay Later services will increasingly move into B2B financing, as well.
In the inflationary moment we’re living in, many will find this kind interest-free financing, coupled with BNPL’s loose credit requirements, irresistible to just about anyone-especially cybercriminals.
Buy Now, Pay Never?
Let’s face it: The potential for loss was always going to be sizable with BNPL. Receiving goods before ever paying a dime is tempting for anyone. In the age of account takeover (ATO) and synthetic identity fraud, it can be a fraudster’s dream come true.
According to Fortune, fraudsters are flocking to channels like Telegram to share tips on infiltrating BNPL customer accounts using compromised login credentials in order to go on illicit shopping sprees. To hear victims tell it, a BNPL account takeover (ATO) can be far more ruinous than many might imagine.
If such attacks become widespread, the fact that as many as 4 in 5 US consumers may have used BNPL this past holiday season suggests the potential for serious trouble in the months ahead.
As it stands now, ATOs fueled by data breaches increased 850% between Q2 2020 and Q2 2021. Throw in a nascent industry still finding its footing, and that figure is likely to spike. The reputational damage to BNPL service providers could be disastrous.
What’s more, fraudsters are also leveraging synthetic identity information to hijack the BNPL enrollment process in order to defraud merchants and other companies directly. Synthetic Identity Fraud is a $6 billion problem that the FBI calls one of the fastest-growing forms of financial crime. How much worse can it get in an industry that can be lax about credit checks?
Stopping Bad Guys, Not BNPL
For all the data points about BNPL growth rates, there’s another reason this innovative form of finance is set to explode. Today, BNPL still accounts for just a small percentage of retail sales-which suggests the potential for enormous growth for years to come. Unfortunately, that’s also true of fraud.
By comparison, card-not-present (CNP) fraud accounts for over half of all gross fraud losses worldwide-despite hardened defenses and highly-regulated credit practices. According to the Aite-Novarica Group, loss from CNP fraud is expected to top $17.2 billion by 2023. In an environment like this, BNPL could get mauled by ever-more sophisticated attacks that have nowhere to go but up.
In order to protect themselves, organizations across the BNPL ecosystem will need to implement defenses against new risks and evolving attack modalities beyond traditional CNP fraud-without sacrificing convenience and choice for consumers.
Today’s most robust payment authentication and anti-fraud solutions leverage machine learning, data science, and shared global intelligence to prevent as much as 95% of all fraud loss for CNP and other digital payments models. And increasingly, these capabilities are being extended to provide continuous authentication throughout the digital payments journey, from enrollment, to shopping, to payment, to managing BNPL transactions.
If it’s done right, Buy Now, Pay Later’s cybercriminal fanboys could be in for a rude awakening-while BNPL’s growth potential gets even bigger.