Buy now, pay later (BNPL) services are on a trajectory to reach $687 billion by 2028, up from $334 billion in 2024 — and it’s not surprising since they allow customers to afford more by splitting purchases into smaller, often interest-free installments. 

Unlike traditional credit cards that require extensive credit checks and offer revolving credit lines, BNPL providers typically perform soft credit checks during transaction time and approve customers for specific purchase amounts. BNPL is known for having quick approval processes (often only a few seconds) and integrating with point-of-sale systems for faster transactions but fewer security checkpoints. 

Unfortunately, the low barrier for approval (compared to traditional credit cards and loans) that makes BNPL attractive for customers also makes it lucrative for fraudsters. To protect your business against BNPL fraud, it's important to understand what it is, the different types of fraud, and the strategies to prevent it. 

What is buy now, pay later (BNPL) fraud?

BNPL fraud occurs when bad actors exploit BNPL payment systems through deceptive practices. They often take advantage of the quick approval processes and limited credit verification requirements that make BNPL services appealing to legitimate customers.

How fraudsters exploit BNPL systems

Fraudsters typically target vulnerabilities in both the application process and ongoing account management. For instance, they might create multiple accounts using stolen identities or take over legitimate accounts through credential stuffing attacks. Several factors make online fraud through BNPL services especially popular for fraudsters:

• Low barriers to entry: The minimal verification requirements and straightforward new account signup process make it easier to create fraudulent accounts.
• Immediate gratification: Fraudsters can obtain goods quickly, often before any red flags appear in the system.
• Multiple providers: The variety of BNPL companies creates numerous opportunities for fraud, allowing criminals to spread their activities across different platforms.
• Limited cross-platform communication: The lack of centralized fraud monitoring across BNPL providers makes it difficult to detect patterns of abuse.
• Growing market: The rapid expansion of BNPL services globally means fraud prevention systems are still playing catchup.

How BNPL fraud impacts retailers

The financial implications of BNPL fraud for retailers extend far beyond the obvious lost merchandise and chargeback fees. When fraudulent transactions occur, retailers also face immediate indirect costs, including processing fees and administrative costs of investigating each incident. 

These indirect costs are often more difficult to quantify, yet can have a larger impact across the business, such as loss of sales due to decreased customer trust. 

7 common types of BNPL fraud risk

While BNPL fraud includes any type of fraud that exploits BNPL systems, bad actors can commit fraud scams in a variety of ways. Below are the most common types:

1. Account takeover fraud

With account takeover (ATO) fraud, fraudsters gain access to legitimate customer accounts through credential stuffing attacks using stolen username and password combinations, phishing schemes, and malware that captures login credentials. They don't have to worry about identity verification as they take over a user account that has an established credit history with the organization. Once they're inside an account, they can make unauthorized purchases, change delivery addresses, and steal stored payment method information. 

One of the most common indicators of ATO fraud is changes to shipping addresses so that fraudsters can redirect goods to their location. Other red flags include multiple failed login attempts, unusual purchase patterns, and sudden changes to contact information. 

2. New account fraud

New account fraud involves creating BNPL accounts using stolen or synthetic identities. This type of fraud exploits the quick approval processes and limited verification requirements of BNPL services. Often, fraudsters are looking to take advantage of new account offers, whether that's a $30 gift card or a new television. Larger fraud incidents involve multiple accounts cashing in on new account offers. 

3. Synthetic identity fraud

Synthetic identity fraud is when a fraudster combines real and fake information to fool the basic verification processes. For example, bad actors often combine valid Social Security numbers with fake names and mailing addresses to create seemingly legitimate identities that get past know your customer (KYC) checks. They then make small initial purchases to establish credit history, often across multiple BNPL providers. Once these synthetic identities have established what can be considered a pattern of normal behavior, fraudsters use them to commit larger-scale fraud that can be difficult to trace back to the perpetrators.

4. Multi-accounting fraud

Multiple account fraud schemes operate on a larger scale, with fraudsters creating numerous accounts as part of coordinated fraud operations. These operations are particularly damaging because they can scale quickly across multiple platforms and often target high-value items for resale. 

Distributing their activity across multiple accounts and providers means they can avoid fraud detection systems that might flag suspicious behavior on a single account. This approach allows them to maximize their fraud potential before any individual account is flagged for suspicious activity.

5. Non-repayment fraud

Non-repayment fraud happens when a bad actor places an order without the intention to pay, making it particularly challenging for BNPL providers and retailers to recover losses. Fraudsters typically do this with a fake or stolen identity so they can't be traced or caught. 

6. Repayment fraud

Repayment fraud involves paying for the goods — but instead of using their own money,  fraudsters use stolen payment credentials. Though the legitimate cardholder will file a chargeback for the fraudulent charges at some point, it might take a while. The end result is that the retailer winds up losing out on the cost of the merchandise and the amount of the chargeback. 

7. Return fraud

As retailers try to find a balance between preventing fraud and optimizing the customer experience by making returns as painless as possible, fraudsters are exploiting this by returning counterfeit items while keeping authentic products. They make fraudulent purchases across multiple BNPL providers to make it harder to detect because each provider only sees a portion of their activity and they’re less likely to be caught. This type of fraud takes advantage of the communication gaps between retailers and BNPL providers.

How to prevent BNPL fraud

Effectively preventing BNPL fraud requires a multi-layered approach. We provide some recommendations below. 

Identity verification

Strong identity verification serves as the first line of defense against BNPL fraud. If you know who a person is, you can more likely prevent fraud and recover from any fraud losses. Today's document verification systems are often powered by AI to detect fraudulent IDs, manipulated documents, and synthetic identities. KYC checks should require customers to provide an ID, proof of address, face verification, and biometric data. 

Authentication methods

Some bad actors will find ways to bypass identity verification by taking over someone's account. In these scenarios, authenticating the user before a purchase can help prevent fraud. Consider multi-factor authentication (MFA), facial recognition, and biometric verification. 

BNPL transaction monitoring

Real-time monitoring for transactions can detect when transactions look awry and should be flagged as potential fraud. Retailers can use pattern recognition, network analysis, and machine learning models to detect anomalies and spot fraudulent activity. Additionally, device intelligence solutions like Fingerprint can flag potentially suspicious activity to BNPL providers, such as device information and VPN usage, that can help fraud teams make better decisions about whether to require additional authentication before approving a credit application or transaction. 

Key takeaways for preventing BNPL fraud

As fraudsters get more sophisticated and evolve their tactics, effectively protecting your business from BNPL fraud requires multiple strategies working in tandem. Learn more about BNPL fraud and what to consider when choosing a BNPL provider for your online business.