Buy Now, Pay Later (BNPL) fraud can take various forms, and it typically involves fraudsters exploiting weaknesses in the application process. Here are some common methods and strategies used in BNPL fraud.
Some fraudsters will target the less stringent onboarding process of BNPL, which tends to fall on the more relaxed end of the customer due diligence spectrum and can end up snowballing into much larger problems. As the BNPL process is a point-of-sale financing option, it allows shoppers to apply as they’re checking out. The application process is quick and often doesn’t require a credit check, making it very likely for shoppers to get approved instantly. This makes it easy for fraudsters to use stolen or fake identities to open BNPL accounts and make fraudulent purchases.
Stolen Information and Account Takeover
BNPL platforms are a goldmine for fraudsters to exploit. Given that one-third of consumers who use BNPL cite the reason they use the service is that their credit cards are maxed out, fraudsters can see this as an opportunity to fly under the radar. They may assume these shoppers are reckless with their spending and may not diligently track their accounts, allowing the fraudsters to make multiple illegal purchases before the shopper flags their account.
Hackers may breach a BNPL provider’s database or a merchant’s website to target BNPL shoppers and use their accounts to make unauthorized purchases. They may also target shoppers with BNPL accounts directly by using phishing attacks, password breaches, or social engineering to gain access. Once they control the account, they can make fraudulent purchases.
Friendly fraud, also known as “chargeback fraud,” happens when a consumer makes a legitimate purchase using their own payment method and later disputes the charge with their payment provider, claiming that the transaction was unauthorized or fraudulent. Some shoppers may use BNPL to make legitimate purchases, often because they have reached their financial limit across other payment methods. With this, comes an increased risk in customers defaulting on their deferred BNPL payments. And as a result, merchants can expect a growing number of fraudulent chargebacks from customers attempting to avoid further debt.
Fraudsters will create synthetic identities by combining real and fake information. A fraudster may start by using a real Social Security number, obtained through a data breach, stolen records, or a child’s unused Social Security number. This real element gives the synthetic identity some legitimacy. They will then combine this with fake information, such as a fictitious name, date of birth, address, and other details, to create a new identity. The fake elements make it difficult to trace the identity back to a real person. Using the synthetic identity, fraudsters apply for BNPL services with various providers. These applications may include genuine-looking information that passes initial identity checks.
Once approved for BNPL accounts, fraudsters may start small, making legitimate purchases and payments to build a positive transaction history and credit record. This stage is often referred to as “credit grooming.” Once the synthetic identity has a sufficiently established credit history, the fraudster may use it to commit various types of fraud, including creating a mass BNPL fraud scheme that involves loan stacking.
Fraudsters may engage in social engineering techniques to manipulate customer service representatives into changing account details, such as the email address, phone number, or shipping address, to divert purchases to the fraudster’s control. Similarly, fraudsters can also target shoppers through social engineering schemes to gain unauthorized access to their BNPL accounts.
There are several approaches a fraudster can take to manipulate information from BNPL customers:
- Fraudsters contact shoppers claiming that they are owed a refund for an overpayment or a return. They ask for bank account details to process the refund, which they then use for unauthorized transactions.
- Fraudsters contact shoppers, pretending to be BNPL service providers, and convince them to change their payment information to a different bank account or credit card. This can result in funds being redirected to the fraudster’s account.
- Fraudsters may pose as customer service representatives from BNPL companies and contact customers to gather personal or financial information. They may claim there’s a problem with the customer’s account or transaction and ask for details like credit card information or login credentials.
- Fraudsters may send fraudulent emails, text messages, or phone calls that appear to be from a legitimate BNPL provider or retailer. These messages often contain convincing logos and language, enticing recipients to click on malicious links, disclose sensitive information, or make payments.
BNPL fraud using flipping is a form of fraud where individuals or organized groups exploit BNPL services to acquire goods or services without the intention of repaying, essentially using the service to “flip” the items for profit. Using identity theft, account takeover, or synthetic identity methods, fraudsters may make illegitimate purchases using BNPL financing, receive the goods, and then resell them to make a profit before they have to make any payments.