Read the AITE Report! Maximizing the Potential of CNP: Collaboration via 3-D Secure is the Key

As the all-important holiday shopping season gets underway, “Buy Now Pay Later” (BNPL) apps and services are catching fire with consumers—as well as the fraudsters who prey on them. But who’ll get left holding the bag? 

BNPL platforms like Afterpay, Affirm, Sezzle and Flex have helped merchants and others hit pay dirt by enabling consumers to instantly buy everything from gaming consoles and booze to rent and utilities, and then pay it off in split monthly payments—often interest free. A kind of digital age twist on the age-old layaway, BNPL surged right along with the coronavirus as consumers shifted many purchases to digital channels amid the pandemic. 

And it hasn’t stopped since. According to Forbes, BNPL purchases are expected to climb 75% for full-year 2021, to nearly $100 billion in just the US. And Apple, PayPal, and others are betting big that BNPL will turbocharge brick-and-mortar purchases as well. 

But none of this comes without risk, of course. Already, as much as a third of US consumers who have used Buy Now, Pay Later services have fallen behind on one or more payments, with  72% seeing their credit card score decline. And now, fraudsters are increasingly finding clever ways to exploit this innovative form of financing.  

All Trust, Not Enough Verify? 

With instant loans such as BNPL, the potential for loss was always going to be high. For one thing, customers receive goods before paying a dime—making it an irresistible lure for consumers and fraudsters alike. 

According to CNBC, cybercriminals are increasingly leveraging stolen login credentials to hijack BNPL-enabled accounts, leaving the unsuspecting victim to pay the bill. They’re also finding ways to game the BNPL account enrollment process to defraud companies. As it turns out, some firms don’t conduct formal credit checks at enrollment, instead “relying on internal algorithms to determine creditworthiness based on the information they have available to them.”

That’s all kinds of bad news—just look at the numbers. Account takeover (ATO) attacks now account for more than $16 billion in annual loss in the US alone. And account enrollment fraud using compromised identity information to gain access to personal loans contributes to a whopping $57 billion in annual losses. According to the FBI, at least $6 billion of that can be attributed to the use of synthetic identities, which is least likely to be flagged by traditional measures and constitutes one of the fastest financial crimes in the US. 

That could prove disastrous if better protections aren’t put in place as adoption—and use for things like rent and big-ticket items—continues to grow.

Putting the Kibosh on BNPL Fraudsters

Tackling these issues won’t be easy, but anti-fraud solutions employing machine learning and shared global intelligence can dramatically reduce fraud loss that stems from them. 

Let’s look at our own anti-fraud product as an example. Powered by machine learning, data science, and real-time data from more than 6,000 partners spanning virtually every industry and geography, Outseer Fraud Manager protects account logins, enrollments, transactions, and more.  

By transparently authenticating users behind the scenes, we prevent fraudulent access or activity before it happens, providing a seamless, frictionless flow for legitimate users while reserving step-up verifications for the very few transactions, logins, or other activities that are truly high-risk. In fact, Outseer prevents 95% of all fraud loss with a small 5% intervention rate. That’s the best performance in the industry. 

Those seeking an extra layer of protection can also enroll new account holders using biometric facial detection capabilities to prevent fraudsters from opening new accounts with stolen or synthetic identity information. The technology powering this capability leverages FIDO2-compliant biometric facial detection to validate a live human face against a government-issued ID, and facilities document verification against third-party databases. 

Holiday 2021: Ho, Ho, Ho—or the Grinch Who Stole Christmas?

Concerns over BNPL are emerging at a critical time with Black Friday kicking off the season this week. BNPL platforms, FSIs, and their merchant customers will be tempted to throttle back fraud protections during what’s expected to be a $1.1 trillion bonanza in the US this year. 

Let’s all hope savvier organizations embrace technologies that enable them to enhance the enrollment and transaction experience for legitimate shoppers—while keeping BPNL fraud at bay. 

To learn how Outseer Fraud Manager can protect against BNPL fraud stemming from account takeovers and new enrollment fraud, schedule a demo today.

Armen Najarian

CMO + Chief Identity Officer

Armen is a 15-year Silicon Valley veteran with deep experience leading the marketing function for fast-growing fraud prevention, predictive analytics, and cybersecurity companies. His most recent leadership roles include CMO positions at Agari and ThreatMetrix, the latter of which he established as the definitive category leader for digital identity solutions.