New methods of tackling Buy Now Pay Later (BNPL) fraudsters

New methods of tackling Buy Now Pay Later (BNPL) fraudsters
Martin Rehak, CEO of Resistant AI, discusses the new ways in which organizations can combat Buy Now Pay Later (BNPL) fraud.

Fraudsters are finding faster and more sophisticated ways of taking advantage of the increasingly popular Buy Now Pay Later (BNPL) services. While digital consumers enjoy the benefits of buying items they can’t necessarily afford immediately – from gift vouchers to mortgages – criminals are quick to find loopholes in this relatively straightforward process of instantly obtaining free credit online.

A surge in account takeovers

In 2020, we saw a reported 200% increase in account takeovers in digital commerce. In February 2021, the Compilation of Many Breaches (COMB) data breach exposed 3.2 billion users. Cybercriminals posted the victims’ accounts to a searchable online database that hackers and fraudsters could pay a small fee to access and create synthetic identities – where a criminal combines real and fake information to create a new identity – and commit first-party fraud for financial gain.

Account takeover can be particularly costly, especially when it involves established and reputable customers. Customer history and good reputation with a merchant is valuable, yet it can get stolen and misused. In the BNPL model, customers can secure approval in seconds and receive purchases having paid either nothing or a minimal amount upfront, a fraudster’s dream. These threats can result in additional measures to combat identity fraud, making the onboarding process cumbersome for the customer. What’s more, victims of identity theft can suffer from poor credit scores and identity validation issues, all of which needs to be avoided.

The BNPL provider’s conflict

A major conflict for BNPL providers lies in the balance of providing fast, simple service with a ‘soft’ credit check on consumers, versus protecting customer identities from criminals.

A further struggle is their reliance on top-drawer data by third parties as BNPL providers become dependent on multiple external data sources and services to validate their internal identification processes. And the more advanced the scoring, the greater their dependency on third parties. This exposes a gap for cybercriminals to fill.

Typical BNPL fraudster tactics

The BNPL fraudster will usually exploit:

  • misconfigurations in the online merchant’s CRM
  • vulnerabilities in the BNPL scoring code
  • dormant, rarely used accounts to access long-forgotten passwords.

With each information leak of names, addresses, phone numbers and emails, there is one crime, in particular, that is really taking off. Attackers use synthetic identities to apply for finance and then order items that they ‘accidentally’ arrange to be delivered to an innocent victim’s home. The criminals then collect the package, leaving the unsuspecting victim with the bill.

The technical challenge for BNPLs

BNPL organizations need to challenge the increasing sophistication of cybercriminals with their own high-level tools to mitigate risk and counter known and unknown fraud attempts. Specifically, so they can improve their credit-scoring algorithms and protect fraud detection layers against manipulation and third-party gaps.

How can they do this?

A new breed of adaptive AI financial automation add-on

BNPL organizations can add a protective layer to their existing fraud detection systems. Today’s new financial automation oversight engines combine AI with advanced statistical and machine learning techniques to monitor underlying systems, expose fraudulent transaction patterns and improve the effectiveness of risk-based decision systems. They also continuously adapt to new fraud patterns so BNPL businesses can establish more robust controls across multiple platforms.

The new financial automation oversight engines can help in three critical areas:

1. Multiple algorithms combine to detect weak patterns to flag fraud

They find inconsistencies and high-dimensional correlations in data, and flag them for further investigation. This enables the BNPL organization to detect advanced fraud and manipulation earlier and faster. The ‘accidental’ delivery of packages mentioned earlier is less likely to happen. For example, the system will alert if an IP address cluster in Nottingham is being used to order products to multiple addresses in Bristol.

2.They identify previously unidentified vulnerabilities and third-party gaps

The new breed of automation engine will flag multiple types of misclassification. For example, it will create an alert if a gift voucher purchase, usually associated with low-risk items such as chocolates and soaps, is suddenly being used for high-risk electronic items. A high-level criminal could be planning to buy electronics elsewhere or sell the vouchers on eBay.

3.They can identify multiple transactions that don’t include a physical item

This suspicious activity will also flag a misclassification to the BNPL organization.

Happier customers, happier BNPL organizations

The result is good news for customers, who are less likely to become victims of fraud or bothered by unnecessary flags – which is an equally big plus for BNPL organizations since 40% of consumers say they won’t shop again with a merchant who falsely rejects their order.


It also improves the working lives of BNPL analysts, while BNPL organizations can sign up new customers quickly and confidently – customers who will have a trusted experience, boosting brand reputation and building a loyal customer base. 

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

An image of BNPL, Fintech, New methods of tackling Buy Now Pay Later (BNPL) fraudsters

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

Hacking Cyber Security’s battle for workers

Andrew Marsh • 30th September 2022

Cyber attacks are increasing exponentially, cyber professionals are quitting, and ultimately, no one is replacing them. Worldwide, the cyber workforce shortfall is approximately 3.5 million people. We have a mountain to climb. While there are rising numbers of people with security degrees and qualifications, this falls way short of industry demand.

Getac becomes British Touring Car Championship official technology partner

Chris Gibbs • 29th September 2022

In competitive motorsports, the smallest detail can be the difference between winning and losing. Getac is the official technology partner to the British Touring Car Championships (BTCC) helping it achieve its digital transformation goals, putting a wealth of information at the fingertips of both race officials and teams alike, and helping deliver incredibly exciting racing.

The Time is Now for Digital Transformation

Paul Waddilove • 29th September 2022

According to a McKinsey research report, 70% of enterprises that had taken on digital transformation reported in 2020 that their momentum had stalled. It is worth understanding the reasons–culture or scale for example–causing the slowdown as the payoffs from digital transformation can be impressive. It can lead to more efficient operations, with enterprises enjoying autonomy...

Addressing the environmental impact of the data centre

David Watkins • 29th September 2022

David Watkins, solutions director at VIRTUS Data Centres , share how you may have seen the recent news that Thames Water has launched a probe into the impact of data centres on water supplies in and around London, as it imposed a hosepipe ban on its 15 million customers in a drought-hit area. Ensuring that...

How Can Businesses Ensure Efficient Management of COSU Devices

Nadav Avni • 29th September 2022

Nadav Avni, Chief Marketing Officer at Radix Technologies, shares how when it comes to speeding up queues and providing instant information, nothing beats corporate-owned, single-use (COSU) devices. When put in kiosk mode, these devices become efficient digital assistants that collect and share information.

The Cloud – Debunking the Myth

Guy Parry Williams • 26th September 2022

Mid-sized businesses are head down, wrestling with constantly evolving operational challenges, from skills shortages to supply chain delays and raging inflation. Management teams lack the time and often confidence to explore technology innovation and, as a result, too many companies are missing vital opportunities to cut costs, boost efficiency and reach new customers.