Transaction Monitoring for Buy Now Pay Later

Companies offering BNPL financing have made an undeniably disruptive splash in industry. Every industry. 

Despite the very visible dip in Klarna’s valuation from some $45.6 billion to $6.7 billion, there are still a multitude of companies worldwide looking at that remaining $6.7 billion with inspiration in their eyes.

Today, the BNPL payment model is being applied to verticals well outside traditional ecommerce, and targeted at an untraditional, underbanked market. Soon, everything from healthcare to insurance to NFTs will have BNPL financing options, and competitors would do well to take note of how much market share they lose to such offerings.

Inevitably, companies offering BNPL will also discover the security vulnerabilities and exploits that go hand-in-hand with the payment model. Let’s take a closer look.

Why Is Transaction Monitoring a Problem for Buy Now Pay Later?

Compared to a traditional online transaction, BNPL offers a much larger attack surface – that is, the parts of your digital commerce infrastructure that are vulnerable to fraudsters. This is a particular pain point for BNPL providers, as they assume all the liability for chargebacks.

This gives confidence to merchants who accept BNPL payments but also necessitates security that is as close to airtight as possible, so the BNPL’s bottom line isn’t rippled by excessive chargeback costs.

For companies offering such an option, the potential attack surface is lengthened over time. Rather than having to monitor just one transaction at a single checkout interval, BNPL involves multiple payments over time, and time in between the payments for potential misdeeds. 

Also inherent to the BNPL ecosphere is the concept of financial viability. Looking at statistics associated with churn and cart abandonment (higher friction means higher abandonment rates), many ecommerce marketplaces will prioritize a low-friction CX over maximum security.

These companies want to cast the widest net they can over the potential customer base, so the gateways to both registration and submitting a payment method are not as regulated as, say, acquiring a bank-backed loan. Because of this, BNPL environments are more susceptible to:

• New account abuse and various forms of synthetic identity fraud, where fraudsters will use stolen ID credentials to register for a new account, make an unauthorized purchase, then abandon the account whenever it is discovered, with the provider responsible for any chargebacks incurred.
• Account takeovers (ATO) are a particular problem in BNPL, particularly if an account is hacked while in the middle of a repayment process. This is because, having received at least one valid payment, the BNPL is more likely to trust that user to continue repayments and progress as a valued customer. An ATO on an existing account can potentially lead to a number of stolen, unpaid-for goods.
• Fraudulent chargebacks, which sometimes overlap with friendly fraud. These occur when a customer claims that they either never bought the item(s) or that it was not up to par. Though every commercial sector is susceptible to friendly fraud, because BNPL purchases happen over time, the customer has more opportunity to change their mind or decide to misrepresent reality.
• BNPL trojan horse attacks, which are rather more complicated. Here, fraudsters take advantage of a lower-security BNPL digital onboarding process to register, develop the account into an apparently good user, and start using stolen card credentials to make purchases at a much later date. Without regular security touchpoints, this kind of attack can go undiscovered, with large financial consequences – as, at that point, the BNPL has been fooled to consider this account trustworthy.

Finally, a note on the more official side of transaction monitoring, when certain fintechs are forced to track in real time all transactions and submit Suspicious Activity Reports (SARs) to the authorities for all red flags: Though AML compliance and similar legislation are not at the moment a concern for most BNPLs, the legal landscape is changing fast, and this is likely to become more relevant moving forward.

Fortunately, the below solutions and technologies will allow you to comply with government-mandated transaction monitoring, too.

How to Protect Payments From BNPL Fraud

The first step towards securing payments (and ROI) in a BNPL system is real-time risk monitoring.

Rather than just analyzing transactions at the point of onboarding or purchase, real-time fraud detection, including transaction monitoring, is crucial in a system where a fraudster can turn a good account into a bad one seamlessly.

Solutions like SEON monitor transactions and calculate a risk score based on live data. To create a security gateway that wants to exclude BNPL fraudsters, risk rules that use data enrichment to target the behavior of BNPL fraudsters are crucial. 

Strategies and Tools for Fighting BNPL Fraud

Fraud solutions like SEON offer modular risk assessment tools, with different modules being more applicable to different fraud scenarios. Real-time transaction monitoring leveraged against incoming user traffic that has BNPL fraudsters in its sights might include:

• Digital footprinting: Every account will require a valid email address at the time of registration, and this single data point can turn into a great deal of insights about the applying user. An email address or phone number, particularly when coupled with another data point like a physical address, can be enriched into an extremely detailed digital footprint. This footprint is easily scrutinized for signs of human-ness, as opposed to an automated bot programmed to make particular transactions, looking at a range of data points that are hard for fraudsters to spoof, like a social media presence or an Airbnb account. 
• IP address analysis can return similarly suspicious markers if an IP is known to originate from a VPN, Tor or suspicious proxy, or if the IP’s originating country is markedly different from the physical address submitted on registration, or from the issuing bank’s. 
• BIN checks and comparisons, monitoring the submitted payment credentials for signs of risk. This data point, when enriched, returns such information as knowing whether a card is a virtual card – a very high risk, and a common calling card for fraudulent transactions. 
• Custom velocity checks that monitor the behavior of a user can also be set to alert the security team when a user’s details change. Thus, if a fraudster successfully hacks an account and updates their “fullz”, a fraud team can be alerted instantly.
• Device fingerprinting is a fraud prevention staple, helping to catch suspicious users spoofing their devices to appear legitimate, as well as returning fraudsters who are attempting multi-accounting and brute force account breaches.

These rules will stop a great number of known fraud strategies, but the best-protected companies will be those that stay aware of their vulnerabilities in the face of ever-changing criminal technology.

Even for threats not yet seen, SEON’s customizability allows fraud teams to create custom rules around a growing number of data points, so your security can always keep up with the dangers du jour.

Top 3 Custom Rules for Transaction Monitoring in Buy Now Pay Later

SEON’s fraud-fighting power can be customized to suit specific needs at scale. Let’s take a look at SEON in action to see exactly how simple it can be to put your company on the path towards BNPL fraud-free.

To determine the legitimacy of a new user, rules that check IP, email, and phone data help to develop confidence. SEON performs fast, deep dives, looking at risk signals without introducing any friction to the customer journey.

#1: Sudden Increases in Transaction Volumes

An alarming risk signal from an existing “good” user account is when their buying habits take a sudden left turn.

Unexpected, uncharacteristic buying patterns can be a sign that a user’s account has been hijacked – a huge potential loss for the BNPL provider.

In the above screenshot, SEON’s Admin Platform is used to set up a custom parameter to detect such anomalous behavior, where the transaction amount suddenly increases by over 200% in a single day.

#2: Multi-Accounting Red Flags

BNPLs prioritize low-friction shopping environments, informed by data that suggests more friction leads to more churn and cart abandonment prior to checkout. This low friction extends to the onboarding phase, which can often have fewer hurdles than a traditional payment provider’s onboarding.

Rather than let this setup welcome multi-accounting fraudsters, perhaps for the purpose of making one purchase with no intention of ever paying back the BNPL, SEON is used here to detect particular signals from the registered email address.

These signals would include suspicious hardware and software combos, impossible screen resolutions and unknown versions of hardware. On top of this, a multi-accounter will be caught by the similarities in their setups. The more data points you screen for, the less likely they are to spoof entirely new setups successfully.

#3: Anomalous Location Data

Sometimes, simple reasoning can tip you off that there may be a fraudster in your system. Is a customer based in the US suddenly having their purchases delivered elsewhere?

Are there multiple accounts in your system, with different PII, sending deliverables to the same unusual location?

Custom rules that compare locations and IPs are an easy way to minimize fraud. Above, we have set up a custom rule that escalates transactions involving high-risk countries – in our example, Russia.

Depending on your setup and needs, such a rule can be made to increase or lower their fraud score, always flag them for manual review, or even block them outright.

How SEON Helps BNPLs with Transaction Monitoring

SEON is already an effective tool to catch malicious actors at onboarding, checkout and across the customer journey.

Companies using SEON to monitor their transactions can be assured that anomalous and suspicious behavior or credentials will be caught.

Additionally, though BNPL systems present a much wider attack surface for fraudsters to poke holes in, this does not mean that SEON’s resources have to be stretched to cover it.

The flexibility of SEON allows it to bend and stretch, catlike, to plug holes that are unlikely shapes or that you didn’t even know existed. This way, you can keep an eye on your bottom line through the profit-yielding transactions themselves, but also during the weeks between payments, when your back is turned.

Related Articles for BNPL Transaction Monitoring

• Buy Now Pay Later (BNPL) Fraud: Risks & Prevention
• How to Prevent Account Takeover for Buy Now Pay Later Companies