Buy Now Pay Later Fraud (BNPL): Risks & Prevention

Since Buy Now, Pay Later (BNPL) solutions ballooned during the pandemic, there’s been no signs of slowing down. According to research reported by The Ascent, about 27% more people were using BNPL services in 2021 than in 2020. 

Everyone, from consumers to retailers down to traditional lenders, wants a taste.

But these groups aren’t the only ones seeking to benefit from the BNPL model. Fraudsters are too. And this is more of a concern in BNPL than in some more traditional sectors.

Because unlike fraud specialists in other industries, BNPLs must implement fraud prevention without sacrificing frictionless customer experience – a key strength in the industry. Otherwise, they risk a high churn rate, reputation damage, and revenue loss. 

Let’s see how to detect and prevent BNPL fraud while retaining the seamless customer experience.

What Is BNPL Fraud?

Any fraudulent activity related to buy now, pay later systems is, technically speaking, BNPL fraud. Both payment processors and merchants are diversifying the ways in which consumers can make their online purchases, but these new payment products come with their own fraud hazards. The increasingly popular buy now, pay later system is no different, and indeed offers its own unique risk challenges that require targeted solutions.

In general, the structure of the BNPL payment ecosystem sees fraud in two main silos: fraudsters that attack the payment system themselves using tactics common across all forms of digital payments, and fraudsters that exploit the onboarding processes of BNPL providers and merchants.

How Does BNPL Fraud Work?

Like any system that accepts payments, part of the body of BNPL fraud includes digital payment fraudsters that use stolen user data, automated bots, and other account takeover (ATO) methods to make unauthorized transactions. To learn more about that large risk vector, read our dedicated article about payment fraud in BNPL, which discusses the relevant dangers, detection strategies, as well as mitigation of that problem.

Buy Now Pay Later Fraud - Types of Fraud

Aspects of BNPL fraud that don’t directly exploit payment infrastructures typically target BNPL-specific onboarding processes, which tend to fall on the more relaxed end of the customer due diligence spectrum, and can snowball into much larger problems. Otherwise, BNPL fraud can take the form of first-person, or friendly fraud which requires the use of human resources to address.

BNPL fraud takes many guises, which we’ll see in more detail below. Very often, however, it works by having someone pretend they are someone else, and double down by making a false claim.

This could be linked to their intention to do something in the future, or they could claim something has happened.

For example:

  1. A fraudster can sign up for a new account with a BNPL provider with stolen credentials.
  2. A bad actor can try to take over existing BNPL accounts belonging to legitimate customers.
  3. They can order various goods to be shipped to a drop address, which they don’t intend to pay for.
  4. They can use BNPL payment methods to launder money in order to hide its original source.
  5. Fake or fraudulent merchants could also involve themselves in false chargeback requests, which the BNPL companies absorb.

And so on. There are some highly intelligent people conducting scams and fraud out there, and they are always looking for new avenues to make money. A sector as young as BNPL, with less of a clear legal landscape as others, is very attractive to such individuals.

Worried about BNPL fraud?

Book a demo and learn how we have lowered fraud rates by 50% and saved costs on automated checks by 6% for a leading BNPL provider

Ask an Expert

Why Are Fraudsters Targeting BNPL?

The success of buy now, pay later systems are the same reason why they are being increasingly targeted by fraudsters. The BNPL microloan system offers users convenient low-friction onboarding, and increases the timeframe of the purchase process. While this system brings new and increased spending power to populations that find it easier on their lifestyles to stretch payments over months, these same conveniences also represent obvious toeholds for fraudsters to climb over security walls.

Buy Now Pay Later Fraud - Why its Hard

Over the course of 2023, BNPL payments are estimated to reach nearly $530 million, according to research conducted by ResearchAndMarkets. As the BNPL industry enjoys this explosive growth, so does the population of fraudsters trying to attack it. 

Not only does the massive amount of transactional activity mean that it’s easier to be a needle in a haystack, the success also gives the BNPL microloan providers less financial impetus to tighten security if it makes good customers less likely reach the checkout stage of their purchase.

Consider that the BNPL microloan system wants to get customers to the checkout stage with the minimal amount of security friction, and thus less time to consider if they really can afford it. This frequently means that securing a BNPL microloan has much fewer points where the user journey is stopped for security checkpoints, and thus less security overall. This can make signing up for accounts, compromising logins, and ultimately taking over accounts much easier for fraudsters. From there, a number of fraud techniques can then be carried out, discussed later. The extended time frame inherent to BNPL means that these same fraudsters have more time to get away with their misdeeds as well. 

These BNPL safety pitfalls can come in the form of:

1. Real-time credit decisions: BNPL providers have to approve purchase decisions as soon as consumers complete their transactions. And while this lightweight process makes life easier for shoppers, it also paves the way for bad actors to make large purchases and escape with the loot with the least resistance. 

2. Delay in repayment: BNPL providers allow users to spread their purchases across installments. This is to guarantee the convenience and ease BNPL is known for. Unfortunately, bad actors often exploit this lengthy repayment method by hacking accounts to make unauthorized transactions, paying just 25% base value, and skipping the remaining payments. 

3. Absence of formal credit checks: Most BNPLs use alternative credit scoring checks rather than standard checks utilized by big banks and credit card companies. Instead, they use internal algorithms to determine creditworthiness based on the available information. When not done well, this opens up opportunities for fraud risks like account takeovers, synthetic identity theft, and never-pays.

7 Types of BNPL Fraud Risks

Fraudsters see your BNPL company as a lucrative target for the above reasons. But what risks do they pose? 

1. New Account Abuse

Opening a BNPL account is a breeze. 

In most cases, buyers can sign up by simply submitting copies of documents (e.g. a driver’s license). Scammers can easily acquire that information through data breaches, forgery or phishing. 

Unfortunately, the KYC & AML for most BNPLs aren’t enough to stop scammers from perpetuating this method. So they’re able to successfully create accounts with stolen data, thereby having access to a default line of credit all new accounts enjoy. 

2. Synthetic Identity Fraud

Closely related to new account abuse is synthetic identity fraud, a $6 billion problem often happening at the enrollment stage.

Here, fraudsters combine accurate and false personal information to create a new identity. They can pair a real Social Security Number with a fictitious name, address, and date of birth. 

This hybrid method makes detecting and fighting fraudsters challenging. 

Also, synthetic fraud activities can pass as “good” consumer behavior. For example, a Federal Reserve analysis showed that 70% of suspected synthetic identity accounts temporarily exhibited normal consumer patterns. And so, whenever these accounts defaulted on payments, their BNPL service providers simply wrote the fraud off as “bad debt”. 

3. Account Takeovers (ATOs)

Just as you cherish user accounts with excellent payment history and high lending limits, fraudsters love them too!

As a result, they leverage credential stuffing, phishing, and SIM swapping to hijacking user accounts via account takeover fraud, which allows them to steal personal data and make illegal purchases with victims’ BNPL accounts. 

the process of bnpl fraud

4. Fraudulent Chargebacks 

A fraudulent chargeback (chargeback fraud) is when a mischievous owner claims they never made a transaction and asks the provider to return the funds to their account. An innocent version of this is when a family member (e.g., a child) of a BNPL account owner completes a transaction without the owner’s consent.

In both cases, the result for the BNPL will be the same, as you’ll have to cover chargeback costs, as well as handling and processing fees.

5. Transaction Laundering

As a BNPL provider, you rarely get to conduct customer due diligence on merchants’ financials due to the need for speed. But this oversight often translates to a money laundering risk known as transaction laundering. 

Transaction laundering occurs when an undisclosed business uses an approved merchant’s credentials to process transactions for another, secret, store selling illegal products and services. 

6. Never-Pays Fraud 

Never-pay fraud is a consequence of other fraud risks, particularly new account abuse, ATOs, and synthetic identity fraud.

When fraudsters create accounts with stolen identities or hack someone else’s, they can easily make huge purchases without paying back. Sometimes, bad actors will steal cards and use them to access BNPL services. 

7. Trojan Horse Fraud

This more elaborate type of BNPL fraud sees fraudsters sign up with a merchant using a BNPL account, and later change their payment method on the merchant’s site to a stolen or otherwise illegally acquired credit card.

Because chargeback liability falls onto the BNPL company rather than the merchant, merchants tend to apply lower fraud defenses when BNPLs are involved. Having signed up (or even completed a couple of purchases) using a BNPL payment scheme, the fraudster will be seen by the merchant as a known, trustworthy user, at which point they can switch payment methods to conduct credit card fraud and other types of fraud.

How to Prevent BNPL Fraud

BNPL fraud can be prevented using technologies such as real-time payment transaction monitoring, rule-based assessment and real-time digital footprint analysis.

 Buy Now Pay Later Fraud Strategies

Let’s take a closer look.

1. Implement Rule-Based Risk Assessment 

Rule-based risk assessment involves using insights from historical data to identify potential fraud attacks and make safe credit decisions. And while internal data (e.g. transaction amount and velocities) is a great place to start, fraudsters are becoming more aware of how internal rules systems work. 

Also, your fraud knowledge might be regional, mainly if you operate in one market. This might stall your risk assessment as fraudsters targeting your company could be from other countries where an unfamiliar scam technique is the norm. 

For this reason, you need to improve your risk assessment process with holistic, live data sources.

SEON customers counter BNPL fraud risks by leveraging default rules, adding their custom rules, or even relying on machine learning rule suggestions:

Say a fraudulent user is trying to register on a SEON BNPL customer’s site. Here’s how the SEON dashboard could deliver their risk score based on the customer’s set rules.

Fraud Score

The high fraud score tells the company they’re dealing with a fraudster, automatically blocking the registration. 

To stay competitive and profitable, you need to remain vigilant against potential BNPL fraud threats. 

2. Augment Risk Assessment with Real-Time Data Enrichment

Real-time data enrichment lets you learn more about users and make better risk assessments without asking customers to fill in extra fields. It also gives you a 360° view of user actions during account creation, onboarding, login, or checkout, helping you watch users closely.

Here’s how SEON simplifies crucial data enrichment processes. 

Email Address Data Enrichment

This module generates a risk score associated with a single email address based on deep social and digital profiling and domain verification through an email risk API. 

With it, you can quickly spot and flag suspicious users just from their email addresses:

Manual Check

[With a risk score of 0, it’s safe to say this user’s email address is legitimate]

You can also batch-check multiple email addresses at a go:

batch-check multiple email addresses

[With these risk scores, you shouldn’t be worried about the legitimacy of these users’ email addresses]

IP Address Data Enrichment

This module generates a risk score associated with a user’s IP address. 

With it, you can accurately figure out if a user is trying to mask their location with a VPN, Tor, or proxy. Just paste an IP into the IP address field and click on Submit: 

VPN Masking

[With a risk score of 0, it’s safe to say this user actually lives in California, USA]

BIN Data Enrichment

This module gathers extra information through external data sources like Bank Identification Numbers (BIN). This helps by detecting if a card is virtual or not, as well as the country of the issuing bank.

All you need to do is paste the first six digits of a card BIN into the platform and hit Submit: 

Card BIN

[Since this user has an invalid credit card, you should further scrutinize them]

Phone Data Enrichment

This module combines open and reachable data to investigate a phone number in depth, returning several useful data points. You can use this module to flag fraudsters based on their phone numbers:

Investigate a phone number

[With a risk score of 0, it’s safe to say this user’s phone number is legitimate]

The higher a user’s fraud score is, the more suspicious you should be about them. And if the score is above a reasonable limit, you can flag them or even automatically block them. 

3. Consider Custom Rules

Note that the fraud scores normally generated by the data enrichment modules are based on SEON’s default rules. However, if you’re not pleased with them, you can fully modify them or add new ones via the Scoring Engine page. 

In fact, everything about SEON’s rulesets and risk scoring is transparent, granular and customizable, from tweaking existing rules and adding brand new rules linked to hundreds of different data points to the way each rule impacts the score, and what happens from there.

Further, you can make data enrichment a breeze by simply integrating SEON’s APIs directly into your onboarding flow, which does the above checking for you. In addition to reviewing customer data, you can review all transactions from a bird’s-eye view or search directly for specific transactions. Through this, you can immediately block a suspicious action before it’s too late.

See how you can filter out junk users with device fingerprinting

Read how Mokka a leading BNPL provider, projected to have lowered fraud rates by 50% and saved costs on automated checks by 6%

Read More

SEON’s fraud prevention software doesn’t only strengthen your onboarding process to ward off bad actors. It also leverages device fingerprinting into a more effective fraud detection tool, further improving your risk assessment process.

As we’ve seen, fraudsters often hijack legitimate users’ accounts via credential stuffing, phishing, and sim swapping. You can stop these attempts by using SEON’s device fingerprinting to collect thorough insights about suspicious tools, setups, and settings on users’ desktop and mobile devices – so you easily avoid ATOs, multiple signups, and bot attacks. 

Whichever workflow you use, data enrichment – when combined with device fingerprinting and machine learning – simplifies and scales your fight against BNPL fraud. 

BNPL is believed by many to have a very bright future. In fact, Precedence Research estimates that the market size will expand by 43.8% by 2030, to reach $3268.26 billion.

This is good news for the sector – but also for fraudsters, who will doubtlessly continue to devise ways to target both companies and consumers linked to it.

In terms of what to expect, we have spotted trends related to the below:

  • Account takeovers: The more members of the public partake in BNPL payments, the more opportunities for ATOs. These attacks are on the rise across the full spectrum of online activity because there is much more to gain from them in recent years. In the case of BNPL, gaining access means being able to use credit pre-approved for a known, trustworthy user – which is very appealing to fraudsters.
  • Trojan horse techniques : As we’ve touched upon earlier, merchants tend to lower their defenses when they know it’s someone else who is at risk of chargebacks for a change. BNPLs bear the brunt of such decisions.
  • Biometrics hacking: For those BNPLs relying on biometrics-powered methods to authenticate their users, it can be a rude awakening: Biometric verification is hackable. For instance, a feature in Fortune published as early as 2018 explained how AI can generate fake yet convincing fingerprints. What’s more, biometric spoofing can even fool liveness detection, and deepfakes aren’t going anywhere.
  • Legislation loopholes: As more authorities take notice of BNPLs and put in place laws and consumer protection regulations, criminals will continue to be on the lookout to both take advantage of the ensuing confusion and any loopholes that are created.

Protect Your BNPL Market Share from Fraud

Leave fraud risks unaddressed, and you risk losing market share to BNPLs who fight fraud in an effective, customer-friendly manner. 

A ML-powered fraud prevention tool can stop that from happening. With SEON’s data enrichment modules to obtain alternative data signals and device fingerprinting, you detect bad actors quickly without chasing away legitimate customers and prospects. 

These features have helped companies like FairMoney stop fraudsters in their tracks, making Juris Rieksts, their Head of Risk, rave about SEON:

Head of Risk at Fairmoney

SEON’s end-to-end fraud prevention comes with free support and a 30-day trial. To see in practice how SEON can help your BNPL, speak with an expert today.


  • Tearsheet: Fast approval fertile for stolen and synthetic identities: BNPL’s fraud problem
  • The Motley Fool: Study: Buy Now, Pay Later Services Continue Explosive Growth
  • Help Net Security: How Buy Now, Pay Later is being targeted by fraudsters
  • eMarketer: BNPL is the latest fraud target—and providers should act quickly to avoid losses
  • GlobeNewswire: Buy Now Pay Later Market Size to Hit US$ 3268.26 Bn by 2030
  • Fortune: Artificial Intelligence Is Giving Rise to Fake Fingerprints. Here’s Why You Should Be Worried

Frequently Asked Questions

Do BNPL loans affect credit scores?

Depending on both the BNPL provider and the credit agency, BNPL microloans do now affect your credit rating. Some credit agencies may provide BNPL loan data, including defaulted payments as part of a holistic credit score, or as additional data alongside that score for the use of credit reference agencies and lenders.

What are the dangers of BNPL?

On the consumer side, the apparent spending power that BNPL microloans provide may result in more overspending. Around Christmas BNPLs tend to see an uptick in usage, but many of those customers end up making payments late, accruing interest rapidly. On the lender side, BNPL’s tendency to favor low friction over security makes them an easy target for account takeovers, with more time to get away with the crime. These ATOs then often lead to chargebacks and a huge drain on human resources.

Share article

Speak with a fraud fighter.

Click here

Author avatar
Jimmy Fong

Jimmy Fong is the Chief Commercial Officer of SEON. His expertise in payments saw him supervise the acquisitions of companies by Ingenico, Visa and American Express. Jimmy’s enthusiasm for transparent sales and Product-Led-Growth companies drives SEON’s global expansion strategy, and he interviews both fraud managers and darknet fraudsters in our podcast to stay on top of the latest risk trends. Yes, it’s also him wearing the bear suit on our YouTube channel.

Online Lending

Sign up for our newsletter

The top stories of the month delivered straight to your inbox