Bad Santa: 'Buy Now, Pay Later' a hit with consumers and cybercriminals alike

Buy Now, Pay Later (BNPL) will help fuel a USD 1 trn ecommerce bonanza this holiday season. But that's only if cyberthieves don't make off with all the profits. We learn from Armen Najarian, CMO and CIO at Outseer, how to put BNPL fraud on ice

BNPL platforms like Zilch, Afterpay, Klarna, and Sezzle have helped merchants and others strike gold by enabling consumers to buy practically anything – gaming consoles, booze, rent and utilities, etc. – and then pay it off in split monthly payments, often interest frees. 

As an unregulated form of credit, BNPL spiked right along with COVID-19 as consumers shifted many purchases to digital channels. And it shows no signs of slowing down. According to the BBC, more than 17 million consumers in the UK have used Buy Now Pay Later options. And in the US, BNPL purchases are expected to top USD 100 billion for full-year 2021, up from just USD 24 billion in 2020. Worldwide, CB Insights projects BNPL purchase volumes could grow as much as 10-15x by 2025. 

But none of this comes without risk, of course. Already, as much as a third of all consumers who have used Buy Now, Pay Later services have fallen behind on one or more payments, with 72% seeing their credit card score decline. And now, fraudsters are finding clever ways to exploit this innovative form of financing.  

Winter storm warning: BNPL set to explode this Christmas

The potential for loss was always going to be significant with BNPL. Customers receive goods before paying a dime – making it an irresistible lure for consumers and fraudsters alike. 

According to CNBC, cybercriminals are increasingly leveraging stolen login credentials to hijack BNPL-enabled accounts, leaving the unsuspecting victim to pay the bill. They're also finding ways to game the BNPL account enrollment process to defraud merchants and other companies. As it turns out, some businesses don't conduct formal credit checks at enrollment, instead ‘relying on internal algorithms to determine creditworthiness based on the information they have available to them.’

Throw in the 4 in 10 Americans and the 1 in 10 Brits planning to use BNPL this Christmas, and that could spell all kinds of trouble. Account takeover (ATO) attacks now account for more than USD 16 billion in annual loss. And account enrollment fraud using compromised identity information to gain access to personal loans contributes to annual losses of more than USD 57 billion. Moreover, according to the FBI, at least USD 6 billion of that can be attributed to the use of synthetic identities, which is least likely to be flagged by traditional measures and constitutes one of the fastest financial crimes. 

That could prove disastrous if better protections aren't put in place as BNPL volumes boom this holiday season and beyond. 

Stopping the Grinch from pinching your profits

Tackling these threats won't be easy. But anti-fraud solutions employing machine learning, data science, and shared global intelligence can dramatically reduce losses stemming from BNPL fraud – including illicit logins, enrollments, transactions, and more.  

By authenticating users behind the scenes, these solutions prevent fraudulent access or activity before it happens while still providing a seamless, frictionless flow for legitimate customers. In fact, today's most robust solutions have been shown to prevent 95% of all fraud loss with a small 5% intervention rate.  

Organisations seeking an extra layer of protection can also source options that enable them to enrol new account holders using biometric facial detection capabilities to prevent fraudsters from opening new accounts with stolen or synthetic identity information. The technology powering this capability leverages FIDO2-compliant biometric facial detection to validate a live human face against a government-issued ID, and facilities document verification against third-party databases. 

‘Ho, ho, ho’ or ‘No, no, no’?

Microsoft's plans to include a built-in BNPL function in its Edge browser notwithstanding concerns over Buy Now, Pay Later couldn't come at a more pivotal moment. 

Worldwide, BNPL platforms, FSIs, and their merchant customers will be tempted to throttle back fraud protections during what's expected to be a holiday ecommerce bonanza worth nearly USD 1 trillion. Let's all hope savvier organisations embrace technologies that enable them to enhance the enrollment and transaction experience for legitimate shoppers while leaving BPNL fraud out in the cold.  

About Armen Najarian

Armen Najarian is CMO and Chief Identity Officer at Outseer, a leading technology company in the fight against payments fraud. He is responsible for the overall strategy and execution of the business. Before joining Outseer, Najarian's most recent roles included CMO positions at Agari and ThreatMetrix, the latter of which he established as the definitive category leader for digital identity solutions.

About Outseer

Outseer, an RSA company, empowers the digital economy to grow by authenticating billions of transactions annually. Our payment and account monitoring solutions increase revenue and reduce customer friction for card-issuing banks, payment processors, and merchants worldwide. Leveraging 20 billion annual transactions from 6,000 global institutions contributing to the Outseer Data Network, our identity-based science delivers the highest fraud detection rates and lowest customer intervention in the industry.