Cyber Monday has arrived, and it is expected to be the highest online sales day in the U.S. for merchants with revenue anticipated to reach over $11 billion. Record sales are undoubtedly being helped by the myriad of flexible payment options available to consumers, specifically the Buy Now Pay Later (BNPL) craze that is sweeping the globe.
The BNPL financing model has become immensely popular with consumers (myself included). Having the option to make large purchases and pay them back in easy installments over time is quite appealing for many shoppers. BNPL has been called a great financial management tool by some by allowing consumers easier payment options without incurring additional debt. BNPL also gives people with limited or no credit the option to purchase items where they might not qualify for a credit card, but the best part is that, in many cases, payments are interest-free.
BNPL has become popular with all generations, with use of these services exploding during the pandemic. The fastest growth was seen among Gen Z, with adoption increasing six-fold in just the last two years, according to Cornerstone Advisors.
The BNPL industry is hot, and not only with consumers. Merchants who offer BNPL payment options at checkout have seen a 14% increase in revenue from online sales. The increasingly competitive market has even caught the attention of technology giants such as Amazon and Apple. Amazon partnered with BNPL provider Affirm to provide customers with more flexible payment options at checkout, and Apple partnered with Goldman Sachs to provide short-term installment plans through the Apple Pay payment platform. Square acquired BNPL provider Afterpay, immediately bringing more than 16 million users and nearly 100,000 merchants onto its platform.
Cybercriminals Go Shopping for Free Bargains
While BNPL providers have rose to the occasion in making payments easier and more affordable for consumers, they have also caught the attention of cybercriminals looking to take advantage of their user-friendly experience. It is this frictionless process which BNPL providers are renowned for, perhaps giving the appearance of being a “less secure” option than their big bank counterparts, that make them targets for fraud.
One of the most common type of fraud affecting BNPL providers is new account opening fraud. Cybercriminals create stolen or synthetic identities to open new accounts which are subsequently used to make purchases. As there is no intention of loan repayment, the BNPL provider ultimately loses money by covering the upfront cost of the purchase to a merchant.
BNPL providers also run a high risk of account takeover fraud whereby a cybercriminal uses stolen credentials to “take over” a good customer account to purchase goods. With a list of stolen passwords and credential stuffing tools or automated scripts, cybercriminals can readily launch automated attacks to break into BNPL accounts at speed.
Using Behavior to Detect BNPL Fraud
The BNPL model presents new fraud defense challenges, and it is imperative to have robust identity proofing practices in place to mitigate risk. Compromised identity information is far too pervasive and available to attackers, thus relying on data as an identity proofing mechanism is not sufficient. Device ID or IP/geo-location based solutions have increasingly lost their effectiveness as well as cybercriminals can easily take over a device or spoof their location. In addition, users frequently change their devices. New models come out, mobile devices break, and devices like a home laptop can be shared among multiple users. Regular device changes fail the requirement for identity proofing to be fixed and stable. In the case of new account opening, device ID on its own is not able to identify a good or bad applicant as a new customer does not have a prior relationship or profile with the organization.
Behavioral biometrics can help BNPL providers mitigate the risks from multiple fraud use cases. By analyzing behavioral attributes such as how data is entered, the speed at which it is entered, data familiarity, application fluency, navigation patterns and other inputs, behavioral biometrics can quickly differentiate between a good customer and a bad actor.
As BNPL providers highly value the user experience, the addition of fraud controls must not create additional friction for customers. In the report, Don’t Treat Your Customer Like a Criminal, Gartner highlights how organizations are using behavioral biometrics and analytics to improve fraud detection, lower false positives and remove friction in the customer journey. Access the report today.