New methods of tackling Buy Now Pay Later (BNPL) fraudsters

New methods of tackling Buy Now Pay Later (BNPL) fraudsters
Martin Rehak, CEO of Resistant AI, discusses the new ways in which organizations can combat Buy Now Pay Later (BNPL) fraud.

Fraudsters are finding faster and more sophisticated ways of taking advantage of the increasingly popular Buy Now Pay Later (BNPL) services. While digital consumers enjoy the benefits of buying items they can’t necessarily afford immediately – from gift vouchers to mortgages – criminals are quick to find loopholes in this relatively straightforward process of instantly obtaining free credit online.

A surge in account takeovers

In 2020, we saw a reported 200% increase in account takeovers in digital commerce. In February 2021, the Compilation of Many Breaches (COMB) data breach exposed 3.2 billion users. Cybercriminals posted the victims’ accounts to a searchable online database that hackers and fraudsters could pay a small fee to access and create synthetic identities – where a criminal combines real and fake information to create a new identity – and commit first-party fraud for financial gain.

Account takeover can be particularly costly, especially when it involves established and reputable customers. Customer history and good reputation with a merchant is valuable, yet it can get stolen and misused. In the BNPL model, customers can secure approval in seconds and receive purchases having paid either nothing or a minimal amount upfront, a fraudster’s dream. These threats can result in additional measures to combat identity fraud, making the onboarding process cumbersome for the customer. What’s more, victims of identity theft can suffer from poor credit scores and identity validation issues, all of which needs to be avoided.

The BNPL provider’s conflict

A major conflict for BNPL providers lies in the balance of providing fast, simple service with a ‘soft’ credit check on consumers, versus protecting customer identities from criminals.

A further struggle is their reliance on top-drawer data by third parties as BNPL providers become dependent on multiple external data sources and services to validate their internal identification processes. And the more advanced the scoring, the greater their dependency on third parties. This exposes a gap for cybercriminals to fill.

Typical BNPL fraudster tactics

The BNPL fraudster will usually exploit:

  • misconfigurations in the online merchant’s CRM
  • vulnerabilities in the BNPL scoring code
  • dormant, rarely used accounts to access long-forgotten passwords.

With each information leak of names, addresses, phone numbers and emails, there is one crime, in particular, that is really taking off. Attackers use synthetic identities to apply for finance and then order items that they ‘accidentally’ arrange to be delivered to an innocent victim’s home. The criminals then collect the package, leaving the unsuspecting victim with the bill.

The technical challenge for BNPLs

BNPL organizations need to challenge the increasing sophistication of cybercriminals with their own high-level tools to mitigate risk and counter known and unknown fraud attempts. Specifically, so they can improve their credit-scoring algorithms and protect fraud detection layers against manipulation and third-party gaps.

How can they do this?

A new breed of adaptive AI financial automation add-on

BNPL organizations can add a protective layer to their existing fraud detection systems. Today’s new financial automation oversight engines combine AI with advanced statistical and machine learning techniques to monitor underlying systems, expose fraudulent transaction patterns and improve the effectiveness of risk-based decision systems. They also continuously adapt to new fraud patterns so BNPL businesses can establish more robust controls across multiple platforms.

The new financial automation oversight engines can help in three critical areas:

1. Multiple algorithms combine to detect weak patterns to flag fraud

They find inconsistencies and high-dimensional correlations in data, and flag them for further investigation. This enables the BNPL organization to detect advanced fraud and manipulation earlier and faster. The ‘accidental’ delivery of packages mentioned earlier is less likely to happen. For example, the system will alert if an IP address cluster in Nottingham is being used to order products to multiple addresses in Bristol.

2.They identify previously unidentified vulnerabilities and third-party gaps

The new breed of automation engine will flag multiple types of misclassification. For example, it will create an alert if a gift voucher purchase, usually associated with low-risk items such as chocolates and soaps, is suddenly being used for high-risk electronic items. A high-level criminal could be planning to buy electronics elsewhere or sell the vouchers on eBay.

3.They can identify multiple transactions that don’t include a physical item

This suspicious activity will also flag a misclassification to the BNPL organization.

Happier customers, happier BNPL organizations

The result is good news for customers, who are less likely to become victims of fraud or bothered by unnecessary flags – which is an equally big plus for BNPL organizations since 40% of consumers say they won’t shop again with a merchant who falsely rejects their order.

READ MORE: 

It also improves the working lives of BNPL analysts, while BNPL organizations can sign up new customers quickly and confidently – customers who will have a trusted experience, boosting brand reputation and building a loyal customer base. 

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

Ab Initio partners with BT Group to deliver big data

Luke Conrad • 24th October 2022

AI is becoming an increasingly important element of the digital transformation of many businesses. As well as introducing new opportunities, it also poses a number of challenges for IT teams and the data teams supporting them. Ab Initio has announced a partnership with BT Group to implement its big data management solutions on BT’s internal...

WAICF – Dive into AI visiting one of the most...

Delia Salinas • 10th March 2022

Every year Cannes held an international technological event called World Artificial Intelligence Cannes Festival, better known by its acronym WAICF. One of the most luxurious cities around the world, located on the French Riviera and host of the annual Cannes Film Festival, Midem, and Cannes Lions International Festival of Creativity. 

Bouncing back from a natural disaster with resilience

Amber Donovan-Stevens • 16th December 2021

In the last decade, we’ve seen some of the most extreme weather events since records began, all driven by our human impact on the plant. Businesses are rapidly trying to implement new green policies to do their part, but climate change has also forced businesses to adapt and redefine their disaster recovery approach. Curtis Preston,...