Identifying High-Risk Customers in Buy Now Pay Later

by Tamas Kadar
Fintechs, crypto exchanges, online casinos, loan companies, traditional financial institutions… These types of companies are all well aware of the importance of customer risk assessment.
In fact, they must comply with a number of regulations that put them under pressure to check user info, such as the:
And failing to perform an adequate risk assessment can cost them a lot. In 2019, US government agencies issued more than $19.8B in fines to organizations who made things too easy for financial criminals, whether knowingly or accidentally.
But customer risk assessment isn’t just reserved for banks these days. Any business dealing with online transactions knows that not all customers have the same value to the business. Some will become loyal and repeatedly purchase your goods or services. Others will end up costing you more than you earn, especially due to:
Put simply: you want every customer to be ideal for your business. In a perfect world it would mean only allowing people who intend to purchase your goods or services, but the definition can be extended by asking:
The first thing you want to do is ensure you’re dealing with a legitimate user. That means filtering out bots and fake traffic. And the most efficient method at your disposal here is to ensure the customer has a real digital footprint.
Digital footprint is essentially a trail of information that any user carries with them. It can be in the form of cookies, device and network configuration or their social media presence. We’ll dive into the concept in more detail below, but the important thing to note is that it’s especially useful to analyze digital footprint at the onboarding stage – when you let in new users onto your site.
An interesting question to ask for many departments. Marketers can use the information to create tailored offers, or to ensure they’re not giving out too many promotional codes and discounts (which helps curb bonus abuse).
Here again, looking at the digital footprint is important, but you also need to compare the information with your own historical data. Companies need to have a robust analytics solution in place, which can help them look at IP addresses, and device fingerprinting to log info about each configuration of software and hardware.
One of the highest risk factors is dealing with false identities. Customers who use stolen IDs are always bad news for your business. It means they are intentionally hiding who they are, more often than not in order to defraud your online business.
Answering the question of customers’ true identity is exactly the goal of KYC checks. KYC, or Know Your Customer, is a legal process which forces certain companies to gather info related to the user’s residential address, full name, and date of birth.
As we’ll see, there are different kinds of KYC checks, but all of them are equally useful for online businesses.
The first is a general practice that evaluates how likely a user is to break the law in the future. KYC verification, or Know Your Customer procedure, is one of the methods used for those risk assessments. KYC focuses on gathering important info about people at the beginning of a relationship, for instance when onboarding new users.
Other risk assessment methods include CDD (Client Due Diligence) and EDD (Enhanced Due Diligence), which focus more on monitoring where funds come from in the context of anti money laundering regulations (AML). Note that these anti money laundering checks must be performed and reviewed continuously, and that they cover both external and internal risks, meaning your customers as well as your employees.
Because KYC processes are a legal requirement, your risk management team should already know about them. But if you’ve never had to perform these checks, there’s no harm in employing the same methods to filter out bad customers.
At SEON, we tend to classify KYC into two different modes: light and heavy.
And ideally, your assessment process should be able to alternate between the two, based on the information you receive. This is what we call dynamic friction, and it can work whether you perform risk assessment manually, or automate it. Which leads us to the question of how long exactly it takes to assess risk.
Ideally, you want to look at the customer’s personal information (through KYC checks), the amount of money processed (high transaction values), and the geolocation, which can can be protective of customer identities (Switzerland), or known as tax havens, such as the Cayman Islands for instance.
This is probably the question that troubles most businesses who aren’t financial institutions. They understand that users want to move fast, whether it’s to sign up to a new service or to finalize a purchase. Churn, friction and obstacles are the enemies of online businesses, which leads companies to play a challenging balancing act between risk and security.
In fact, the words may conjure up memories of submitting a folder of personal information to open a bank account or to purchase a financial product like insurance protection or a loan. You’d sometimes have to wait for weeks before getting an answer.
But these days, it can actually be near-instantaneous, provided you’ve set up the right system in place.
Whether you are a small business or a global leader, the steps will be the same:
A concrete example: let’s say you are a small online shop that sells physical goods. Your risks will probably be related to chargeback rates. You calculate that each chargeback ends up costing you up to $70. Paying too many of them each month could sink your business.
In that case, the risk vectors will mainly be user detail, credit card numbers, and shipping address.
Traditionally, a large merchant with the right ops and staff headcount would, therefore, have a team that performs manual review for these three points. For instance, they would contact the user for more information, or use any data they have to validate the purchase.
Luckily, in the digital age, it’s entirely possible to automate these steps and to scale your risk assessment without draining your team’s time and resources.
One of the biggest misconceptions about knowing your customer is that it’s a lengthy, resource-heavy process. This can be true if you’re doing it manually, for instance by verifying every new customer who joins your site with a phone call. For transactions, the typical manual workflow would include opening numerous tabs in a browser to gather customer info from different background check websites.
But thanks to automated tools, anyone can use risk assessment solutions that work at scale, whether you process one transaction per day or one per minute. And some providers like SEON even offer a transparent pay-per-API request model, which means anyone can afford risk management with full control over their ROI.
Risk assessment and fraud prevention tools nicely dovetail together as their goals are essentially the same: to gather data and use it to calculate risk. Here is how that process looks from the perspective of SEON’s fraud detection tools.
As soon as visitors land on your website, SEON can begin gathering information. It may be about:
Gathering data is one thing, but it’s not enough to really know who your users are – especially if they’re lying or using stolen IDs. This is why you have the extra step to confirm the data quality, or to get the bigger picture with:
The final step is to decide if all that data points to a risky user or not. In the past, fraud managers would have to use their expertise and instinct. While this is still the case today, the process is vastly improved thanks to risk scores.
Each score is calculated with a number of rules. These can be prebuilt for your industry, manually created, or even suggested by AI. A simple rule would be to increase risk if a customer’s IP address is different from the shipping address. A complex one could be a velocity rule, which looks at the number of login attempts per minute, for instance.
The key is that businesses should be in control of risk mitigation. Is it worth being more strict, even if it increases false positives? Or would you rather let a few fraudsters pass and eat up the costs? Make sure you have the choice when you choose your fraud prevention tool.
In conclusion, we can see that organizations of all sizes have access to resources to assess customer risk – whether they are required to or not.
And while the manual review is a perfectly viable option, it does tend to be prone to human error, and unfortunately, it simply doesn’t scale in terms of numbers, or processes you can deploy.
Which is why automation is key. Whether you need to calculate the risk of one transaction or a thousand, you should have tools in place that can help assess risk in real-time, and with outstanding precision.
This is exactly the goal behind all our products at SEON, from our one-click data enrichment Chrome plugin to our all-in-one solution, we enable anyone to start doing business with the right customers only, and with complete peace of mind.
Click here
Tamas is the founder and CEO of SEON and an expert in all the technological aspects of fraud prevention.
Join over 6000 companies in getting the latest fraud-fighting tips