The key to stopping Buy Now, Pay Later fraud

Daniel Belda, Director of Market Strategy – Payments at Ekata, depicts how Buy Now, Pay Later providers can prevent and even stop fraud by using historic fraud trends to predict future patterns

Buy Now, Pay Later (BNPL) - or providing ‘instant credit’ at the point of sale - isn’t new, but has grown rapidly in line with pandemic-related ecommerce growth. In addition to helping customers alleviate financial pressure and merchants meet online shopping demand, BNPL also serves untapped market segments, including people who lack access to traditional credit channels (particularly in underdeveloped credit markets), and younger generations who don’t trust or have access to traditional credit cards. While BNPL currently only reflects a small portion of the USD 8 trillion US payment cards market, CB Insights expects it to grow 10-15x by 2025.

The risks BNPL providers face

Despite rapid adoption, BNPL comes with risks for the provider. Like traditional providers, BNPLs face credit risk when someone wants to make a BNPL repayment, but can’t, perhaps due to inconsistent work or not enough income. They also face fraud risk when someone attempts to purchase goods or services using stolen identities and credit cards, with no intention of making repayments.

Unlike traditional lenders, BNPL providers must also make credit decisions in the time it takes customers to complete a transaction. The quick decision speed makes this process an attractive target for fraudsters, as they can access tangible goods with a lower likelihood of initial detection. Fraud in BNPL materialises in two ways:

• Fraudulent Chargebacks generally occur when the BNPL requires a payment immediately as part of the transaction. Either a true owner realises that a fraudster stole their credit card to make payments, or an opportunistic fraudster uses their own credit card and denies making the transaction. Chargebacks from stolen credit cards occur most frequently and, consequently, require the most attention.
• ‘Never Pay’ Frauds occur when fraudsters use their own identity data in combination with stolen, synthetic, and/or fake data to pass through both fraud and credit checks with no intention of making repayments on the purchase. The fraudster’s aim is to give away as little of their own data as possible and only provide personal data that is disposable or untraceable. For example, a fraudster may provide a phone number (from a prepaid, disposable phone) to pass a one-time password check and a dropoff address for delivery (not linked to an actual, traceable address).

In both instances, many BNPLs take on the liability from the merchant - resulting in a loss/write-off for the BNPL whenever fraud occurs.

How BNPL providers can stop fraud

A key difficulty in identifying fraud is separating it from credit risk scenarios where the customer is unable to repay. While BNPL providers may be able to validate whether a default is credit - or fraud-related by individually contacting each defaulter, this approach is challenging and doesn’t scale.

Instead, BNPL providers should check to ensure all data elements provided are valid. For example, ensuring the email is in fact a genuine email or that the address is a private residence and not a dropoff point. In addition, third-party validation that the name on a transaction is actually the resident at the delivery and billing address provided is a simple check to identify fake or synthetic identities. A standard practice with BNPL transactions is to also check the phone number and/or email using a one-time password. This helps to prove ownership of the data elements provided. Behind-the-scenes identity verification makes this possible while maintaining a frictionless customer experience.

BNPL providers can also reduce chargeback fraud by applying 3D Secure (3DS) on high-risk transactions. This passes the liability on chargebacks to the issuing bank and allows a BNPL to focus on the population where the likelihood of stolen identities is lower. However, 3DS comes with an associated cost, as banks require a fee for this service, and lower authorisation rates can cause cart abandonment and lost business. To reduce costs, BNPL providers can apply simple validation prior to sending transactions for 3DS to ensure they’re only sending obviously fake information (instead of information from good customers).

In addition, using historic fraud trends to predict future patterns of chargebacks and never pay frauds can reduce fraud risk over time. Simple rules that place transactions into reject, accept, or manual review buckets can provide next steps based on classification.

Effective rules require data that can separate good transactions from fraudulent ones. Leveraging internal data (transaction amount, type, and velocities) is a good starting point. However, third-party data sources will provide a more holistic network of activity in a given vertical, region, or globally. To strengthen machine learning models - the final step in stopping BNPL fraud - providers can use device data, identity data, and behavioural biometrics.

As BNPL continues to grow in popularity, fraudsters will find more sophisticated ways to exploit it. With an understanding of the risks involved and how to counter them, providers can shift their focus from stopping fraudsters to helping good customers.

About Daniel Belda

About Ekata