Are High-Security Checks Worth It?

by Jimmy Fong
Since Buy Now, Pay Later (BNPL) solutions ballooned during the pandemic, there’s been no signs of slowing down. According to research reported by The Ascent, about 27% more people were using BNPL services in 2021 than in 2020.
Everyone, from consumers to retailers down to traditional lenders, wants a taste.
But these groups aren’t the only ones seeking to benefit from the BNPL model. Fraudsters are too. And this is more of a concern in BNPL than in some more traditional sectors.
Because unlike fraud specialists in other industries, BNPLs must implement fraud prevention without sacrificing frictionless customer experience – a key strength in the industry. Otherwise, they risk a high churn rate, reputation damage, and revenue loss.
Let’s see how to detect and prevent BNPL fraud while retaining the seamless customer experience.
Any and every fraudulent activity related to BNPL activity is, technically speaking, BNPL fraud. This includes friendly/first party fraud, never-pays and fake fronts, for example. In other words, BNPL fraud can be conducted by consumers, professional fraudsters, merchants or even BNPL companies themselves.
However, the most common types of BNPL fraud by far, and those that concern us in this article, are cases where professional and amateur fraudsters target BNPL companies.
BNPL fraud takes many guises, which we’ll see in more detail below. Very often, however, it works by having someone pretend they are someone else, and double down by making a false claim.
This could be linked to their intention to do something in the future, or they could claim something has happened.
For example:
And so on. There are some highly intelligent people conducting scams and fraud out there, and they are always looking for new avenues to make money. A sector as young as BNPL, with less of a clear legal landscape as others, is very attractive to such individuals.
Book a demo and learn how we have lowered fraud rates by 50% and saved costs on automated checks by 6% for a leading BNPL provider
Book a demo
Fraudsters like to take advantage of new and emerging sectors, as they are likely to come with gaps to their defenses and legislation hasn’t always caught up with them.
As the BNPL industry enjoys explosive growth, so does the population of fraudsters trying to attack it. Between 2020 and 2021, BNPL fraud grew by 66%.
About BNPL specifically, there is also the following:
1. Real-time credit decisions: BNPL providers have to approve purchase decisions as soon as consumers complete their transactions. And while this lightweight process makes life easier for shoppers, it also paves the way for bad actors to make large purchases and escape with the loot with the least resistance.
2. Delay in repayment: BNPL providers allow users to spread their purchases across installments. This is to guarantee the convenience and ease BNPL is known for. Unfortunately, bad actors often exploit this lengthy repayment method by hacking accounts to make unauthorized transactions, paying just 25% base value, and skipping the remaining payments.
3. Absence of formal credit checks: Most BNPLs use alternative credit scoring checks rather than standard checks utilized by big banks and credit card companies. Instead, they use internal algorithms to determine creditworthiness based on the available information. When not done well, this opens up opportunities for fraud risks like account takeovers, synthetic identity theft, and never-pays.
Fraudsters see your BNPL company as a lucrative target for the above reasons. But what risks do they pose?
Opening a BNPL account is a breeze.
In most cases, buyers can sign up by simply submitting copies of documents (e.g. a driver’s license). Scammers can easily acquire that information through data breaches, forgery or phishing.
Unfortunately, the KYC & AML for most BNPLs aren’t enough to stop scammers from perpetuating this method. So they’re able to successfully create accounts with stolen data, thereby having access to a default line of credit all new accounts enjoy.
Closely related to new account abuse is synthetic identity fraud, a $6 billion problem often happening at the enrollment stage.
Here, fraudsters combine accurate and false personal information to create a new identity. They can pair a real Social Security Number with a fictitious name, address, and date of birth.
This hybrid method makes detecting and fighting fraudsters challenging.
Also, synthetic fraud activities can pass as “good” consumer behavior. For example, a Federal Reserve analysis showed that 70% of suspected synthetic identity accounts temporarily exhibited normal consumer patterns. And so, whenever these accounts defaulted on payments, their BNPL service providers simply wrote the fraud off as “bad debt”.
Just as you cherish user accounts with excellent payment history and high lending limits, fraudsters love them too!
As a result, they leverage credential stuffing, phishing, and SIM swapping to hijacking user accounts via via account takeover fraud, which allows them to steal personal data and make illegal purchases with victims’ BNPL accounts.
A fraudulent chargeback is when a mischievous owner claims they never made a transaction and asks the provider to return the funds to their account. An innocent version of this is when a family member (e.g., a child) of a BNPL account owner completes a transaction without the owner’s consent.
In both cases, the result for the BNPL will be the same, as you’ll have to cover chargeback costs, as well as handling and processing fees.
As a BNPL provider, you rarely get to conduct customer due diligence on merchants’ financials due to the need for speed. But this oversight often translates to a money laundering risk known as transaction laundering.
Transaction laundering occurs when an undisclosed business uses an approved merchant’s credentials to process transactions for another, secret, store selling illegal products and services.
Never-pay fraud is a consequence of other fraud risks, particularly new account abuse, ATOs, and synthetic identity fraud.
When fraudsters create accounts with stolen identities or hack someone else’s, they can easily make huge purchases without paying back. Sometimes, bad actors will steal cards and use them to access BNPL services.
This more elaborate type of BNPL fraud sees fraudsters sign up with a merchant using a BNPL account, and later change their payment method on the merchant’s site to a stolen or otherwise illegally acquired credit card.
Because chargeback liability falls onto the BNPL company rather than the merchant, merchants tend to apply lower fraud defenses when BNPLs are involved. Having signed up (or even completed a couple of purchases) using a BNPL payment scheme, the fraudster will be seen by the merchant as a known, trustworthy user, at which point they can switch payment methods to conduct credit card fraud and other types of fraud.
BNPL fraud can be prevented using technologies such as real-time monitoring for BNPL, rule-based assessment and data enrichment.
Let’s take a closer look.
Rule-based risk assessment involves using insights from historical data to identify potential fraud attacks and make safe credit decisions. And while internal data (e.g. transaction amount and velocities) is a great place to start, fraudsters are becoming more aware of how internal rules systems work.
Also, your fraud knowledge might be regional, mainly if you operate in one market. This might stall your risk assessment as fraudsters targeting your company could be from other countries where an unfamiliar scam technique is the norm.
For this reason, you need to improve your risk assessment process with holistic, live data sources.
SEON customers counter BNPL fraud risks by leveraging default rules, adding their custom rules, or even relying on machine learning rule suggestions:
Say a fraudulent user is trying to register on a SEON BNPL customer’s site. Here’s how the SEON dashboard could deliver their risk score based on the customer’s set rules.
The high fraud score tells the company they’re dealing with a fraudster, automatically blocking the registration.
To stay competitive and profitable, you need to remain vigilant against potential BNPL fraud threats.
Real-time data enrichment lets you learn more about users and make better risk assessments without asking customers to fill in extra fields. It also gives you a 360° view of user actions during account creation, onboarding, login, or checkout, helping you watch users closely.
Here’s how SEON simplifies crucial data enrichment processes.
This module generates a risk score associated with a single email address based on deep social and digital profiling and domain verification through an email risk API.
With it, you can quickly spot and flag suspicious users just from their email addresses:
[With a risk score of 0, it’s safe to say this user’s email address is legitimate]
You can also batch-check multiple email addresses at a go:
[With these risk scores, you shouldn’t be worried about the legitimacy of these users’ email addresses]
This module generates a risk score associated with a user’s IP address.
With it, you can accurately figure out if a user is trying to mask their location with a VPN, Tor, or proxy. Just paste an IP into the IP address field and click on Submit:
[With a risk score of 0, it’s safe to say this user actually lives in California, USA]
This module gathers extra information through external data sources like Bank Identification Numbers (BIN). This helps by detecting if a card is virtual or not, as well as the country of the issuing bank.
All you need to do is paste the first six digits of a card BIN into the platform and hit Submit:
[Since this user has an invalid credit card, you should further scrutinize them]
This module combines open and reachable data to investigate a phone number in depth, returning several useful data points. You can use this module to flag fraudsters based on their phone numbers:
[With a risk score of 0, it’s safe to say this user’s phone number is legitimate]
The higher a user’s fraud score is, the more suspicious you should be about them. And if the score is above a reasonable limit, you can flag them or even automatically block them.
Note that the fraud scores normally generated by the data enrichment modules are based on SEON’s default rules. However, if you’re not pleased with them, you can fully modify them or add new ones via the Scoring Engine page.
In fact, everything about SEON’s rulesets and risk scoring is transparent, granular and customizable, from tweaking existing rules and adding brand new rules linked to hundreds of different data points to the way each rule impacts the score, and what happens from there.
Further, you can make data enrichment a breeze by simply integrating SEON’s APIs directly into your onboarding flow, which does the above checking for you. In addition to reviewing customer data, you can review all transactions from a bird’s-eye view or search directly for specific transactions. Through this, you can immediately block a suspicious action before it’s too late.
Read how Mokka a leading BNPL provider, projected to have lowered fraud rates by 50% and saved costs on automated checks by 6%
Read More
SEON’s data enrichment doesn’t only strengthen your onboarding process to ward off bad actors. It also leverages device fingerprinting into a more effective fraud detection tool, further improving your risk assessment process.
As we’ve seen, fraudsters often hijack legitimate users’ accounts via credential stuffing, phishing, and sim swapping. You can stop these attempts by using SEON’s device fingerprinting to collect thorough insights about suspicious tools, setups, and settings on users’ desktop and mobile devices – so you easily avoid ATOs, multiple signups, and bot attacks.
Whichever workflow you use, data enrichment – when combined with device fingerprinting and machine learning – simplifies and scales your fight against BNPL fraud.
BNPL is believed by many to have a very bright future. In fact, Precedence Research estimates that the market size will expand by 43.8% by 2030, to reach $3268.26 billion.
This is good news for the sector – but also for fraudsters, who will doubtlessly continue to devise ways to target both companies and consumers linked to it.
In terms of what to expect, we have spotted trends related to the below:
Leave fraud risks unaddressed, and you risk losing market share to BNPLs who fight fraud in an effective, customer-friendly manner.
A ML-powered fraud prevention tool can stop that from happening. With SEON’s data enrichment modules to obtain alternative data signals and device fingerprinting, you detect bad actors quickly without chasing away legitimate customers and prospects.
These features have helped companies like FairMoney stop fraudsters in their tracks, making Juris Rieksts, their Head of Risk, rave about SEON:
SEON’s end-to-end fraud prevention comes with free support and a 30-day trial. To see in practice how SEON can help your BNPL, book a demo today.
Sources
Showing all with `` tag
Click here
Jimmy Fong is the Chief Commercial Officer of SEON. His expertise in payments saw him supervise the acquisitions of companies by Ingenico, Visa and American Express. Jimmy’s enthusiasm for transparent sales and Product-Led-Growth companies drives SEON’s global expansion strategy, and he interviews both fraud managers and darknet fraudsters in our podcast to stay on top of the latest risk trends. Yes, it’s also him wearing the bear suit on our YouTube channel.
The top stories of the month delivered straight to your inbox