Buy Now Pay Later (BNPL) Frauds – Risks & Prevention

By Debasis Mohanty . November 17, 2021 . Blogs

As a popular trend, Buy Now Pay Later (BNPL) continues to delight both online (and offline) shoppers across the globe. It comes as no surprise that global BNPL services continue to grow at a healthy rate of 39% and are attracting attention from major players like Amazon, PayPal, and Square. Not to be left behind, major banks like Goldman Sachs are foraying into the BNPL space with its recent acquisition of the Fintech startup, GreenSky for $2.2 billion.

This article from Wall Street Journal estimates that BNPL transactions are projected to grow to 4.5% of eCommerce payments in North America by the year 2024.

Why does BNPL attract so many consumers? The devastating economic impact of the COVID pandemic means that many consumers (especially the younger workforce) continue to live on the ” paycheck-to-paycheck” mode. Effectively, the BNPL facility allows them to spread their repayments over many months, thus making it easier.

However, the flip side is that digital fraudsters are beginning to break into BNPL schemes and “dupe” both consumers and merchants. What are the common frauds associated with BNPL schemes, and how can retail merchants prevent them? Let us explore this possibility.

BNPL Frauds & Risks

While the BNPL model has its share of opportunities and risks for financial institutions, online frauds are easily among the biggest risks faced by them. Just like traditional payment options, there is no dearth of fraudsters trying to make a high-value purchase using stolen credit cards (or identities). Unlike ‘traditional’ modes of determining credit risks, BNPL service providers do not have any time in assessing the credit rating of online consumers.

Here are the common types of frauds that occur with BNPL schemes:

  • Chargeback Frauds

This type of fraud happens when merchants offer BNPL facilities to shoppers only against a ‘small’ initial payment. Typically, a fraudster creates a ‘fake’ account with the merchant and makes a purchase against a stolen credit card number. The actual customer notices the fraudulent transaction (once they receive the credit card statement), following which they initiate a chargeback.

Alternatively, fraudsters can use their own payment card for making the purchase and then simply deny the transaction. The downturn of this fraud is that genuine consumers could be charged for a purchase they never made, while the BNPL provider is levied with a chargeback fee.

  • Account Takeovers

In account takeover, fraudsters use automated bots (or brute force attacks) to exploit weak account passwords and hack into existing accounts of BNPL customers. They can then simply make a purchase and change the product shipping details. The short and frictionless buying process makes it easier for fraudsters to complete all account transactions in a quick time

Secondly, this form of fraud could include a ‘family fraud,’ where any family member could sign into another member’s account and complete a purchase.

  • Never Pay Frauds

Also known as first-party frauds, fraudsters can also use their own identities to make a BNPL purchase with no intention of ever paying back. The difference is that they use fake (or synthetic) identities to go through fraud and KYC checks and make purchases.

Apart from using stolen identities, fraudsters provide none (or little) information about themselves during the entire transaction. For example, they may use a temporary phone number (that can be easily disposed of) or a fake drop-off location (instead of an actual delivery address).

  • Creating New Accounts with Default Line of Credit

To attract new consumers, BNPL companies enable them to simply sign up on their online platform by providing their identity or address proofs. Fraudsters can get these proofs using data breaches or stealing mails, and then use them to create fake accounts for making BNPL purchases.

With most BNPL vendors offering a default line of credit for new consumers, fraudsters can exploit this convenience by even converting this available credit into cash.

How do BNPL companies prevent such frauds that can be damaging to their consumers and their business?

How to Prevent BNPL Frauds    

While most BNPL companies are accepting the financial liabilities of such frauds, consumers still hold a negative perception of the merchants and hold them responsible for the fraud.

Hence, it is always in the best interest of the BNPL company to separate genuine customers from fraudsters and block purchase orders (that have an element of fraud). This could include indicators like transactions being done from a new device (or IP addresses) or frequent changes in shipping addresses.

Here are some ways in which BNPL service providers can minimize (if not prevent) frauds:

  • Customer Authentication

The first and foremost measure is to authenticate every consumer detail including personal details, email addresses, phone numbers, and shipping addresses. For instance, data enrichment tools can be deployed for identity checks.

This basic measure is feasible for small-time retailers who cannot afford to invest in a large-scale anti-fraud software solution. Biometric authentication and fake document checks are additional ways to detect fake identities.

  • Anti-fraud Controls

Enabled by Artificial Intelligence (AI) technology, anti-fraud control tools are effective at protecting consumers and stopping fraudsters. This includes security features like:

  • Automated risk engines that can check external data points and third-party vendors to verify each shopper.
  • External identity checks (including credit checks) for verifying customer identity and address.
  • Authentication checks using one-time-passwords (or OTPs)
  • Applying 3D Secure (or 3DS)

This is designed to prevent chargeback frauds, particularly on high-value transactions. To enable 3DS, BNPL merchants need to partner with issuing banks so that they can transfer any liability (occurring due to fraud) to the bank.

Most banks charge a high 3DS fee, hence BNPL merchants must screen transactions and send only ‘suspected’ ones for 3DS verification.

  • Preventing Account Takeovers

To prevent account takeovers of genuine consumers, BNPL companies can include a variety of automated checks such as credential stuffing or restricted account session times.


As the Buy-Now-Pay-Later or BNPL payment mode becomes more popular and mainstream, BNPL companies must continue to watch out for digital fraudsters devising new ways to compromise their system. To attract new consumers to their fold, the BNPL industry sector needs to balance “speed and convenience” with safety.

As a technology-driven solution provider, Verinite has been instrumental in accelerating the adoption of digital payments for its banking and financial services customers. Get in touch with us to know more.

Debasis Mohanty

Debasis heads the delivery for all client engagements at Verinite. He has a long track record of delivering high quality, responsive, secure and cost-effective business and technology solutions in BFSI domain. Outside his work, he is an amateur animator, a sports enthusiast, a voracious reader and a Trivia buff.

Want to get in touch with us?

Got Questions? We got you covered just contact us for further assistance