How Buy Now, Pay Later is being targeted by fraudsters

Consumers are increasingly utilising Buy Now Pay Later (BNPL) payment options to make online purchases. Indeed, several e-commerce companies reported huge uptakes in sales, via BNPL, over the festive period, most notably around 2021’s Black Friday and Cyber Monday retail peaks.


PayPal reported an increase of nearly 400% of consumers using its new BNPL payment option, and Klarna reported a 141% increase in US sales over the period, compared to Black Friday 2020. As a result, BNPL is currently the fastest growing e-commerce payment solution of recent years, now accounting for 2.6% of global e-commerce sales (excluding China).

BNPL has been labelled the younger generations credit card due to its popularity amongst millennials and Gen Z shoppers. However, with this increase in activity, the fraud rate has also increased – current data shows that fraud rose by 66% in 2021 compared to 2020.

So, while companies offering BNPL are seeing an increase in purchases and revenue, the payment option is also attracting fraudsters, who are always on the lookout for loopholes in payment systems and often target new systems to make a profit at a retailers’ expense.

There is currently no regulated system in BNPL products to carry out credit checks on a customer’s personal financial circumstances. As a result, fraudsters are masquerading as genuine customers and setting up fake accounts when they make their first purchase, paying one instalment, then closing the account once they have received their goods.

Another more well-known type of fraud that is affecting BNPL is account takeover fraud (ATO). Fraudsters gain access to genuine customer accounts and use their cards to make payments, or to test stolen cards. It has been reported that attempted ATOs nearly tripled over Black Friday and Cyber Monday last year (2021). New companies and payment platforms are attractive targets because they have less fraud knowledge and historical data to combat many instances of ATO, which are unlikely to be picked up by new systems.

However, it is not all bad news and many BNPL providers are following best practice. For example, it is currently Klarna’s policy to accept responsibility for any fraud, so merchants or retailers who offer their solution as a payment method are not left exposed and get paid in full for their sale. This makes BNPL a sensible payment method option for some retailers from a risk perspective.

It is also important to note that BNPL has not led to the creation of new types of fraud, and the types of fraud that effect BNPL are often no different from general e-commerce fraud. As a result, onboarding and authenticating customers still plays a significant role in fraud prevention. That said, some BNPL companies remain reluctant to increase or change their credit checks during the onboarding and authentication process, because they do not want to turn away genuine customers. This is a familiar conflict: customer security vs customer satisfaction.

Another layer of security that has had a positive impact on preventing attempted e-commerce fraud is 3-D Secure authentication (3DS). However, much of the fraud that BNPL is susceptible to can avoid 3DS checks, by a fraudster hacking into an account and changing the authentication details (such as someone’s phone number).

SIM swapping is also a popular method of gaining access to someone’s account and beating 3DS. While 3DSv2 has been an option since last January (2021), 3DS will not be decommissioned until October 2022 (at the earliest), so fraud will continue to effect businesses which offer BNPL as a payment option. 3DSv2 is specifically designed for smartphones and will ask customers for biometric authentication, before allowing a payment, so this will help in the long term.

In the future, biometric authentication could provide additional checks and therefore offer more protection, while building on BNPL’s key selling points of convenience, speed, and user experience.

That said, with e-commerce fraud on the rise, with current growth estimating a rise of 18% next year, it is vital that companies who offer BNPL as a payment method and their partners are prepared and equipped with the latest fraud-fighting technology, as well as an increased data authentication/validation processes to ensure they do not fall victim to fraudsters.

Don't miss