Buy now, pay later.

These four words are taking the e-commerce sector by storm.

Consumers are insistent on having the option to complete payments in installments versus a one-time lump sum.

But, merchants must be aware that some features of buy now, pay later (BNPL) services leave them vulnerable to fraud. This article covers how BNPL services leave merchants vulnerable to fraud and how they can protect themselves.

What is Buy Now, Pay Later?

BNPL allows customers to split purchases into smaller payments. And there are many services to choose from, such as PayPal’s Pay Later.

The use of these services is growing in popularity among online shoppers. In fact, in 2021, BNPL purchases increased by almost 50% in less than one year. And their popularity is only expected to grow further.

Online Merchants adopt buy now pay later services because they increase a shop’s conversation rate by incentivizing customers who might otherwise be on the fence to buy. They are also immediate, and remove friction at the check-out process

But, they should also be aware of the fact that it makes them vulnerable to fraud

How are merchants who use Buy Now, Pay Later vulnerable to fraud?

Just as BNPL services are booming, so is the rate of financial fraud.

Fraudsters take advantage of BNPL customers and merchants alike. In fact, abuse tactics aimed at BNPL services saw a 54% year-over-year uptick in fraud attack rates.

So, e-commerce merchants must be aware of how fraud manifests in the BNPL context. And, they must know how to prepare and react.

How to combat Buy Now, Pay Later fraud

First, it is crucial to understand how BNPL opens up new opportunities for fraudsters.

Expanded Attack Surface

Merchants who use BNPL services are vulnerable to fraud because BNPL transactions have an expanded “attack surface”.

With payments spread across multiple installments, fraudsters have more opportunities to strike.

Risk profiling helps merchants identify how likely a customer is to be fraudulent at the initial payment phase. But, performing a one-time risk analysis is not enough to protect merchants across the entire attack surface.

By shifting to the use of ongoing risk profiling, merchants can combat the vulnerabilities of transactions with expanded attack surfaces.

In particular, merchants must perform complex risk scoring beyond the initial point-of-purchase.

BNPL Fraud prevention requires monitoring the “expanded attack surface”

Here are three examples of how monitoring the expanded attack surface helps merchants combat common BNPL fraud tactics.

Account Takeover

During an account takeover, a fraudster uses phishing or SIM swapping techniques to take over an existing, valid BNPL account. Then, the fraudster uses this account to make unapproved purchases. Often, this means the merchant ships the item before they realize the transaction was fraudulent.

Merchants can fight account takeover by confirming that a legitimate customer is still in control of their account using post-payment KYC automation.

One way to do this is through interaction monitoring. Merchants should monitor for any significant inconsistencies in their customers’ activity. For example: variations in a customer’s device use or geolocation might flag suspicious behavior or accelerated purchasing activity.

Synthetic Identity Fraud

Synthetic identities (IDs) are accounts created using forged or stolen information. Fraudsters use synthetic IDs to order goods using a BNPL service without any intention of paying for them.

Because users with synthetic IDs are hiding behind a fake identity, it is extra difficult to track them down.

But, again, merchants can mitigate this risk using a combination of risk profiling, interaction monitoring, and post-payment KYC which identifies the customer with minimal effect on conversion.

Friendly Fraud

Friendly fraud occurs when a customer orders via BNPL, but then initiates a fraudulent chargeback.

A merchant’s best defense against friendly fraud is to gather more information about their customer after the purchase.

Performing post-payment Know Your Customer (KYC) verifies a customer’s identity after the transaction process. There are many ways a merchant might perform post-payment KYC. For example, requesting selfie IDs or credit card scans from customers.

This evidence allows merchants to ensure that the transaction was actually approved by the cardholder. And, merchants can use this data to build a strong case against fraudulent chargeback claims that arise.

Strategies for Fighting Financial Fraud

Overall, to fight BNPL fraud, merchants must learn more about their customers. Merchants must be able to identify legitimate and fraudulent customers at each step of the transaction.

Some powerful strategies to do this are: ongoing risk profiling, post-payment KYC, and interaction monitoring. But, for many e-commerce merchants, managing these technical tasks in-house is both cost-prohibitive and inefficient.

FUGU is the first multi-tier fraud prevention service that offers protection across a transaction’s entire attack surface.

We provide a push-button solution to follow customers’ transactions and analyze their post-purchase behavior. By monitoring customer relationships across the lifespan of BNPL transactions, FUGU helps merchants combat fraud.