In late-February 2022, a survey from TransUnion found that about 100 million adults in the United States had used a buy now, pay later (BNPL) service at least once in the previous year.
We have written before about the fraud opportunities that BNPL opens. Account takeovers, refund fraud, application fraud — TransUnion’s data can point to 100 million opportunities for such scams.
With BNPL, it’s often the merchants and the retailers who bear that fraud risk. Some understand the full extent of those risks. Many do not.
At the beginning of the year, Featurespace Founder Dave Excell predicted how BNPL’s rise would add a new wrinkle to global fraud prevention in 2022.
Below, Steve Goddard Featurespace Subject Matter Expert, describes what challenges are emerging from BNPL’s booming popularity, and what merchants and retailers can do to manage its risks.
BNPL creates several layers of risks for retailers
With BNPL, there are plenty of low-hanging fruits for fraudsters to pick:
- Account takeovers. If someone gets access to a customer’s BNPL profile, they can ring up fraudulent charges with relative ease.
- First-party fraud. A fraudster can also just open a BNPL account themselves and make purchases with no intention of paying back the money.
- Application fraud. Ostensibly, there are background checks to prevent first-party fraud in BNPL. But it’s not hard for a fraudster to falsify information, or use stolen information, to make their application appear less risky.
Even when someone opens a line of credit through a BNPL provider in good faith, there are opportunities for fraud. Imagine a customer makes a few luxury purchases and decides to defer payment with a BNPL plan. A few weeks go by, and the bill comes due but the customer failed to set aside the cash needed to make that payment. This is when retailers start to see fraudulent returns.
What’s more, we are beginning to see cases of collusion fraud, Dave Excell told Pymnts in March 2022. Collusion fraud happens when merchants and consumers work together to create fake online stores, set up BNPL payments, then have the consumers place fake orders. The BNPL provider fronts the payment for the fraudsters, who split the proceeds then disappear before the bill comes due.
OK, but these are all scams someone can run on credit card providers, right? There’s nothing new here, is there?
There’s not, and that’s part of what makes BNPL fraud so frustrating.
Credit card providers, however, have regulatory protections, and their customer intake processes are robust. That’s how the world has made card payments secure over the past several decades. BNPL, by contrast, is relatively unregulated. The customer vetting process is much leaner than for a credit card.
This makes retailers vulnerable to fraud typologies that we already know how to combat.
We have written before about how machine learning helps financial institutions develop a type of immune system for current and future threats. Within that metaphor, BNPL scams are simply variants of old pathogens.
It’s apparently time for a booster shot.
Fighting BNPL fraud with machine learning
Before we get to the immunity booster, however, it’s important to understand what therapies are already being deployed for BNPL fraud.
First, there is the vetting process that happens when a customer signs up for a BNPL service, which is essentially a light credit check.
Ashley Usher, Chief Integration and Information Officer at Fortis Payment Systems, tells Payments Dive that the laxness of this vetting structure introduces vulnerabilities. “The lack of credit checks allows fraudsters to purchase merchandise through stolen credit cards and even avoid completing the divided payments altogether,” Usher says.
In a February 2022 piece, CSO UK Editor Michael Hill spoke to several industry experts who suggested a multi-tier structure of confirmations was necessary to secure BNPL platforms. Those could include:
- Stronger identity management.
- Better customer verification upon enrollment.
- Verification per transaction.
Still, a wider view is necessary if financial institutions want to be able to anticipate BNPL fraud. “Retailers need to have an end-to-end automated fraud risk scoring and management system to monitor and manage transactions,” Forrester VP and Principal Analyst Andras Cser told Hill.
Featurespace built the ARIC™ Risk Hub for precisely this type of fraud. The machine learning models that power ARIC Risk Hub can inspect an individual customer’s purchase history — what they bought, when they bought it, how frequently they’ve made their purchases, the value of the goods — and compare that data against other transactional behaviors.
The machine learning models can learn the types of behaviors that are normal for each customer, and which behaviors should get flagged as suspicious. Machine learning models that operate at this depth and at this scale can reveal connections between people and patterns of behaviors that would otherwise remain hidden.
This innovation is what allows retailers, and their payment partners, to anticipate fraudulent activity and respond early, just as our bodies do during an immune response.
You can read our full list of 2022 predictions here.