Voice of the Industry

Buy Now, Pay Later – fraud's new greenfield

Thursday 7 July 2022 10:08 CET | Editor: Mirela Ciobanu | Voice of the industry

BNPL is a hit with consumers and businesses alike. But it also raises the risk of fraud – and as Callsign’s Amir Nooriala notes, bad actors are grabbing a piece of the action for themselves.

In a world beset by economic challenges, Buy Now, Pay Later (BNPL) has been something of a boon. Seemingly overnight, decades of movement from layaway plans to the convenience of credit cards were virtually reversed, to the extent that it’s become a billion-dollar proposition, accounting for 2.1% of all global ecommerce transactions in 2020.

With sums like that involved, it was inevitable that the sharks would come sniffing. And – as merchants have unfortunately found – BNPL has proven to be a prime platform for fraudsters and scammers to launch their attacks.

Consumers’ first choice – or Pandora’s box?

For consumers, BNPL has been a winner. Convenient and inclusive. the option of delayed payments has resonated with many customer demographics and for some, it’s become the default option for purchasing. For businesses, BNPL has a proven track record in attracting and retaining new customers driving up conversion rates and building loyalty. It also offers lower transaction fees compared to card purchases.

But those same businesses can find that BNPL opens the door to a whole raft of fraud and scam vectors.

BNPL generally requires an account, making it potentially vulnerable to Account Takeover Fraud (ATO) – particularly if the authentication methods aren’t secure. And because payment is delayed, the genuine account owner may not notice the fraudulent activity for weeks. Even if the bad actor isn’t trying to make fraudulent purchases, it’s another vector for harvesting valuable data to be sold on.

Another concern is chargebacks. A customer whose account has been compromised will inevitably claim (and receive) a refund. Or a customer may claim that they didn’t make the transaction or didn’t receive the goods or service; with most regulators favouring the customer, the end result is, unfortunately, the same for the merchant.

There’s also a risk from new account fraud. Bad actors routinely use stolen credentials to create new accounts – either mapped onto a real person, or a synthetic ID pulled together from several real people. This negatively impacts both the BNPL organisation and the provider of the goods.

And while credit checks help reduce fraud levels, a continuous stream of soft declines from fraudsters can quickly drive up issuer fees.

Tact or friction

Although BNPL presents a new growth medium for fraud propagation, the good news is that all of these fraud types are well known. And that means defences exist against them.

But whichever approach a business takes to combat fraud, however, it has to be deployed in a tactful, considered manner that adds as little friction as possible to the user journey. Too many step-ups or false positives can be as damaging as allowing fraud, and no business welcomes the prospect of cart abandonment – which, left unchecked, can be as high as 70%.

Positive news for businesses

The key to successfully combatting fraud in the BNPL space is to turn the focus around 180°: rather than actively try to detect fraud, the approach that will deliver the best results for all is to focus instead on positive identification.

ATO can be effectively combatted by not relying on security methods that bad actors find easy to bypass, such as passwords or out-of-band OTPs. An intelligence-based approach that examines factors such as Device ID and location can form an effective barrier against bad actors, particularly when layered with inherence factors such as behavioural biometrics.

In particular, the highly advanced behavioural biometrics employed in a solution such as Callsign represents a strong defence against bad actors. Keyed to a user’s unique patterns of swipes, keystrokes, and even how they hold their device, Callsign’s unique digital Muscle Memory Technology confirms it is the genuine user. Those unique characteristics are impossible for a criminal to replicate, meaning that they’ll be denied access even if they have obtained the legitimate credentials of the genuine user.

In the same way, behavioural biometrics also provides a strong defence against fraudsters using bots or scripted attacks by detecting unusual transaction velocities – bad actors entering credentials faster than any human, or rapidly attempting multiple purchases. Returning devices used by fraudsters can be quickly spotted; combined with cross-browser device ID, these technologies can also close the door to fraudulent chargebacks and friendly fraud.

BNPL is here to stay

BNPL has rapidly insinuated itself into daily life for many businesses, it is a powerful asset in staying competitive. But with fraudsters circling in the water, those who are looking to adopt or develop BNPL schemes need to put watertight mechanisms in place to protect their customers from fraud. The traditional, analogue approaches won’t do that; digital technologies demand digital solutions.

A solution such as Callsign that passively considers both UX and security can give organisations a robust defence against all of the frauds associated with BNPL. Built around a passive, positive identification approach, it also means that the risks from fraud can be mitigated without adding undue friction to the customer journeys.

It could mean the critical difference between the ‘pay later’ aspect benefitting the customers and the merchant, rather than a fraudster. That’s positive news for everyone.

This editorial was first published in our Financial Crime and Fraud Report 2022, which showcases the innovation and development of the best practices and instruments used by financial institutions in their fraud prevention activities, to improve the digital onboarding process of their customers while fighting against financial crime.

About Amir Nooriala 

A knowledgeable and engaging panellist, moderator, and speaker, Amir Nooriala is Callsign’s Chief Commercial Officer. His broad expertise across financial services, identity, and fintech is rooted in his extensive experience – including working as CSO and COO at OakNorth and Ops and Tech MD at BGC, as well as key roles at Barclays Investment Bank, Accenture, and Cisco Systems. Beyond Callsign, Amir is a champion for social mobility in the UK, being a long-serving trustee of the charity Making the Leap and the UK Social Mobility Awards (UKSOMOs). 

About Callsign 

Callsign has a simple vision: we want to make digital identification seamless and secure. Our unique positive identification approach balances high security and user experience, allowing customers to interact online safely, with minimal friction, while ensuring that bad actors are blocked to protect customers’ identities and business interests.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: digital identity, online authentication, fraud prevention, BNPL, ecommerce, behavioural biometrics
Categories: Fraud & Financial Crime
Companies: Callsign
Countries: World
This article is part of category

Fraud & Financial Crime


Discover all the Company news on Callsign and other articles related to Callsign in The Paypers News, Reports, and insights on the payments and fintech industry: