Buy Now Pay Later Fraud (BNPL): Risks & Prevention

Since Buy Now Pay Later (BNPL) solutions ballooned during the pandemic, growth has shown no signs of slowing. Global market share has hit 3% and reaches as high as 25% in countries like Sweden.

Everyone — from consumers to retailers and traditional lenders — wants a piece of the pie.

But fraudsters want a taste, too. Unlike other sectors, BNPL providers must implement fraud prevention without sacrificing the frictionless experience that is the industry’s key strength. If you let in too many fraudsters or bad debtors, you risk high churn, reputation damage, and even business closure due to insufficient funds.

What Is BNPL Fraud?

Any fraudulent activity related to buy now, pay later systems is, technically speaking, BNPL fraud. Both payment processors and merchants are diversifying the ways in which consumers can make their online purchases, but these new payment products come with their own fraud hazards. The increasingly popular buy now, pay later system is no different, and indeed offers its own unique risk challenges that require targeted solutions.

In general, the structure of the BNPL payment ecosystem sees fraud in two main silos: fraudsters that attack the payment system themselves using tactics common across all forms of digital payments, and fraudsters that exploit the onboarding processes of BNPL providers and merchants.

How Does BNPL Fraud Work?

Fraudsters exploit the fact that BNPL providers often have relaxed customer due diligence to keep the user journey fast. It typically involves someone pretending to be someone else to secure a microloan they have no intention of repaying.

Common tactics include:

• Stolen Credentials: Signing up for new accounts using data from breaches or phishing.
• Drop Addresses: Ordering goods to a neutral location before disappearing.
• Merchant Exploitation: Fake merchants using approved credentials to process illegal transactions.

Identifying High-Risk BNPL Customers: 7 Key Risks

Fraudsters see BNPL as a lucrative target due to real-time credit decisions and the absence of formal credit checks. Here are the key categories of high-risk customers:

1. New account abuse: Scammers acquire information through data breaches or phishing to create accounts with stolen data, accessing the default line of credit all new accounts enjoy.
2. Synthetic identity fraud: Fraudsters combine accurate and false personal information to create a new identity. This hybrid method makes detecting and fighting fraudsters challenging.
3. Account takeovers (ATOs): Criminals leverage credential stuffing and phishing to hijack existing user accounts with excellent payment history and high lending limits.
4. Fraudulent chargebacks: A mischievous owner claims they never made a transaction and asks the provider to return the funds. The BNPL must cover chargeback costs and processing fees.
5. Transaction laundering: This occurs when an undisclosed business uses an approved merchant’s credentials to process transactions for a secret store selling illegal products.
6. Never-pays fraud: Individuals sign up for your BNPL service and manage to disappear without repaying the full amount they owe. This is often a consequence of stolen identities.
7. Trojan horse fraud: Fraudsters sign up with a BNPL account and later change their payment method to a stolen credit card. Because chargeback liability falls onto the BNPL, merchants apply lower defenses.

Why Are Fraudsters Targeting BNPL?

The success of buy now pay later systems is the exact reason they are targeted. BNPL offers convenient low-friction onboarding and an increased purchase timeframe. While this creates spending power for legitimate users, these conveniences represent obvious toeholds for fraudsters to climb over security walls.

Explosive industry growth has led to a massive increase in the population of fraudsters. This high transactional volume makes it easier for criminals to stay hidden. Additionally, providers may have less financial impetus to tighten security if it risks adding friction that prevents good customers from reaching checkout.

The BNPL microloan system prioritizes getting customers to checkout with minimal friction. This results in fewer security checkpoints, making it easier for fraudsters to sign up, compromise logins and take over accounts. The extended repayment timeframe also gives bad actors more time to escape with their misdeeds.

These BNPL safety pitfalls typically come in three forms:

• Real-time credit decisions: Providers approve purchases as soon as transactions are completed. This lightweight process allows bad actors to make large purchases and escape with the least resistance.
• Delay in repayment: Bad actors exploit installment methods by hacking accounts, paying only the 25% base value and skipping all remaining payments.
• Absence of formal credit checks: Most BNPLs use alternative credit scoring rather than standard bank checks. When not done well, this opens doors for account takeovers, synthetic identity theft and never-pays.

How to Prevent BNPL Fraud

The key to detecting high-risk BNPL customers is to monitor transactions and start gathering data as soon as possible. This should happen at the onboarding stage using digital footprint analysis to find out a wealth of information without any friction.

Augment Risk Assessment With Real-Time Data Enrichment

Real-time data enrichment lets you learn more about users without asking customers to fill in extra fields. It gives you a 360° view of user actions during account creation, onboarding, login or checkout. By using single data points, you can complete the picture:

• IP address: Aside from geolocation, this reveals if a user is masking their location with a VPN, Tor node or proxy.
• Email address: Learn if the domain is trustworthy, whether it’s connected to social media accounts and if the handle matches the customer’s name.
• Phone number: Investigate if it is a mobile or landline, if it is in the right country or if it is a virtual SIM card.
• Card number: A BIN lookup lets you know if a card is prepaid or from a known operator pointing to the right country.

Use Custom Rules to Detect High-Risk Customers

Feeding enriched data into an AML transaction monitoring solution allows you to identify risky users through specific custom rules:

• Rule #1: User has no registered social media profiles. Registered social media and web platform profiles are a strong indicator of whether you’re dealing with a real person or not.
• Rule #2: IP points to suspicious data. Fraudsters attempting to hide their IP addresses often use VPNs, Tor or datacenter proxies. This helps reduce account takeovers and remove friction for loyal customers.
• Rule #3: Sudden increase in spending. Looking at sharp increases in spending can spot potential chargeback fraud and money laundering. It flags customers who may be planning to disappear after an expensive purchase.

How Does SEON Help

SEON provides a unified fraud prevention and AML compliance solution built for speed and scale. By connecting 900+ first-party signals across digital footprints, device intelligence and behavioral data, the platform automates real-time decisions across the entire customer journey. This allows BNPL providers to identify high-risk users at onboarding and recover revenue through automated chargeback evidence packages without adding friction.

Sources

• Tearsheet: Fast approval fertile for stolen and synthetic identities: BNPL’s fraud problem
• The Motley Fool: Study: Buy Now, Pay Later Services Continue Explosive Growth
• Help Net Security: How Buy Now, Pay Later is being targeted by fraudsters
• eMarketer: BNPL is the latest fraud target—and providers should act quickly to avoid losses
• GlobeNewswire: Buy Now Pay Later Market Size to Hit US$ 3268.26 Bn by 2030
• Fortune: Artificial Intelligence Is Giving Rise to Fake Fingerprints. Here’s Why You Should Be Worried

Frequently Asked Questions