fraud management solutions

Merchants Are Attracting Holiday Shoppers With the Gift of Buy Now, Pay Later. But These Schemes Are a Gift for Fraudsters Too

We’re in the last quarter of 2022, and merchants are hoping for a lucrative holiday season. To help consumers spend in current times of high inflation, more ecommerce platforms are offering buy more, buy-now-pay-later (BNPL) financing schemes. While BNPL financing encourages consumers to increase credit lines and boost the bounty for merchants, they also raise the bounty for fraudsters.

Read on to find out how the rise of BNPL is increasing instances of fraud. We explain why BNPL schemes are such an attractive target, how machine learning is integral in fighting the onslaught of cybercriminals, and what merchants can do to mitigate fraud attacks and data breaches for a more secure shopping experience for their customers.

The State of Play for Consumers, Merchants, and Fraudsters

Lions and tigers and BNPL, OH MY!! Despite the comforts of sitting by the fire watching Dorothy and Toto and other holiday favorites this holiday season, there is danger lurking around the corner for BNPL users in the form of unexpected debt.

Shoppers are finding ways to overcome economic uncertainty and inflation this holiday season with easy access to new lines of credit in the form of BNPL. This burgeoning credit option means that mobile shopping with leading brands like Adidas, Airbnb, Amazon, Expedia, H&M, Instacart, and Urban Outfitters, to name just a few, has never been so unrestricted.

BNPL platforms are making it easier than ever to shop and to forget the dangers of rising credit card debt. This form of financing offers its users installment plans. Typically, a purchase is divided into multiple equal payments, with the first due at checkout. The remaining payments are billed to the customer’s debit or credit card until the purchase is paid in full with interest rates ranging from zero to 30 percent (ouch!).

According to Globe Newswire, 20 percent of shoppers will use BNPL this holiday season. That’s good news for merchants, credit card companies, and, unfortunately, fraudsters. Fraudsters follow consumer behavior and market growth patterns, and as BNPL lending has increased, bad actors have been following the money—between 2020 and 2021, BNPL fraud grew by 66%. According to CNBC, the popular BNPL platforms Klarna, Afterpay, and Affirm all reported rising fraudulent activity leading up to the holiday period in 2021, and it’s unlikely the situation will be any different in 2022.

All this bad news puts increasing pressure on IT entities to find ways to fight fraud, and experts are integrating two technologies into existing fraud management solutions: artificial intelligence and machine learning. The trouble is fraudsters are also using these technologies for their own purposes.

Related: “Why Buy-Now-Pay-Later Is a Boon and a Bust In the Fight Against Chargebacks”

What Is BNPL Fraud?

BNPL fraud occurs when criminals use stolen information to create fake accounts, or they take over accounts in what’s known as an ATO (account takeover). BNPL is so vulnerable because the checkout process of many BNPL platforms lacks sufficient verification making them easy targets for fraudsters. Another reason that BNPL platforms are targets of cybercriminals is their structure. Because payments are spread across several transactions, there is more surface area for cybercriminals to infiltrate BNPL accounts.

There are two types of BNPL fraud: synthetic identity fraud and ATOs.

Synthetic Identity Fraud

With synthetic identity fraud, scammers use pieces of stolen data to create a false identity. They use that false identity to buy goods through a BNPL provider, often paying just the first installment to get the product they want. According to McKinsey & Company, this type of fraud is considered to be the fastest-growing form of financial crime in the United States.

Account Takeover Fraud

ATO fraud occurs when a criminal obtains the login information for a BNPL account. This is easy to do either by buying the data on the dark web or through a phishing expedition where the user is tricked into revealing the information. Once the fraudster has the login, they’re free to rack up debt until the BNPL account owner realizes their account has been hijacked.

What Can Merchants Do to Protect Themselves and BNPL Account Holders?

Businesses must balance their own security while protecting the users from fraud and a bad payment experience. But part of the reason BNPL is so vulnerable is that BNPL firms bypass formal credit checks, unlike the big banks and credit card companies.

According to Kevin Gosschalk, founder and CEO of American fraud-prevention start-up Arkose Labs, who CNBC interviewed, Fintechs like Afterpay and Klarna are “fast-growing, early-stage companies. They have much lower controls than the big banks that have been around for many years on the security side, so it makes them a good target.”

Gosschalk also noted that another reason BNPL systems are targeted is their popularity — “it’s much easier to go unnoticed when there’s a sea of other people applying for credit,” said Gosschalk.

So, what can merchants do to make sure BNPL schemes are not a weak chink in their fraud management armor? The best protection is to use fraud management software that incorporates rule-based technology with artificial intelligence and machine learning.

For more on machine learning, read “Machine Learning 101—What Merchants Need to Know About Fraud Protection

Choosing Fraud Management Software

The fight against fraud for most ecommerce merchants starts with fraud management software. Many payment providers integrate fraud technology into their solutions. Unless a merchant has an expert IT team devoted to fraud management, it’s best to find a solutions provider because their solutions are fast and easy to install.

We go into detail on choosing a fraud management provider in our next article, “For Optimal Fraud Management, Integrate Machine-Learning Technology—Here’s How to Choose a System that Works for You,but here’s a synopsis of what merchants should know.

Why Machine Learning Technology Is So Crucial

Static or rule-based fraud protection systems were the first generation of fraud detection technology. These tools are still used, for example, card verification, IP address geolocation, and 3-D Secure. However, these systems tend to be reactive rather than proactive, which means they are racing to stay one step ahead of fraudsters, who are adept at infiltrating rules-based tools.

For more on 3-D Secure, read “News Flash: Merchants Using as Their Gateway Provider Have Until October 2022 to Find New Processor for 3D Secure 2.0 Protection

Machine learning systems are designed to be proactive rather than reactive. These systems adapt in real time to the data they receive with no human intervention. Through iteration, they change what they perceive as “anomalies” and trigger preventive action. Moreover, these systems can make use of vast coffers of big data to hone their intelligence.

Thus, the best fraud management systems combine rules-based technology and machine learning. They are universal, have multiple layers of protection, are easily integrated into existing systems.

Related: “Customers Are Now the Biggest Fraud Threat to Merchants—How to Fight Friendly Fraud

Bottom Line for BNPL Fraud

Fighting BNPL fraud, or any fraud for that matter, does not have to be a revenue and time-consuming prospect for merchants. In fact, merchants should only manage their fraud management system in-house if they have a dedicated team of machine learning and rule-based systems experts, and even then, it could detract from their core competencies.

An easier option is to outsource services and choose a recommended payments and fraud management software provider. Most payments providers integrate fraud management into their services, which simplifies management.

Cartis Payments integrates a suite of chargeback and fraud prevention tools that can be paired with Cartis’ payment processing. Contact Cartis today to fight BNPL fraud and protect your customers and your business.