Buy now, pay later (BNPL) payments are booming. By 2025, BNPL will account for $680 billion worth of global ecommerce transactions. Already, four in five US consumers use BNPL on everything from clothing to cleaning supplies. And global tech giants like Apple are launching BNPL products to get a piece of the pie.

BNPL gives customers the buying power to boost your sales, which is great for ecommerce! But, apart from recent changes in the UK, the BNPL space is largely unregulated. Every provider operates differently, and they rarely share data or reports with merchants, causing uncertainty and mistrust. What are the fraud rates of these black box BNPL operations? Are your customers at risk?

Ravelin’s Fraud Researcher, Nelda Biltauere, led an investigation into BNPL. We sat down with her to shed some light on the risks, challenges and costs…

What is buy now, pay later?

“BNPL is a type of short-term financing that allows consumers to make purchases and pay for them in installments over time, often interest-free. Your business gets paid straight away. The BNPL provider deals with all the financing, loaning and everything else.

“Merchants have to pay on average a 5% fee for every transaction, which is a lot higher than around 1.5% for Visa or Mastercard. But BNPL solutions can improve sales, lift average order value, boost customer growth and increase customer satisfaction. So it’s worth it!”

Who has liability?

“BNPL providers have full liability for fraud disputes. This gives them the incentive to keep card not present fraud rates low. A Bain report said that 23% of merchants experience less fraud with BNPL. But it’s likely this figure is too optimistic. Many merchants don’t fraud screen their BNPL transactions, so aren’t aware of their BNPL fraud levels at all.

“And this liability only covers card not present fraud. When it comes to returns and lost non-fraud disputes, BNPL providers create an invoice for your business to pay at the end of every month. We’ll later discuss how this can cause a huge headache for your fraud team and incur unnecessary costs for your business.”

What does BNPL fraud look like?

“BNPL fraud often involves fraudsters exploiting weaknesses in the application process. Synthetic identity fraud and account takeover are two of the most common fraud types experienced by providers. But there’s also increasing triangulation fraud, refund abuse, and friendly fraud.”

Synthetic identity theft

“Synthetic identity theft involves a fraudster putting together an identity based on sets of data they can get easily on the surface web. They then place orders without any intention of paying the BNPL provider back.”

Account takeover

“Account takeover happens when fraudsters steal existing BNPL account details - so there’s a genuine user involved. The hacker finds real credentials, logs into the account and places as many orders as they can get away with.”

Triangulation fraud

“BNPL triangulation fraud schemes (a.k.a fraud-as-a-service or FaaS) involve fraudsters offering discounted prices for your products online. Customers pay an agreed amount, and the fraudster places an order using BNPL. After that, the fraudster will open a dispute with the provider. Because providers and merchants have separate systems, fraudsters can often easily receive the full funds without being discovered.”

Refund abuse and friendly fraud

“BNPL refund abuse and friendly fraud involve customers requesting money back from the provider, often keeping your products for free. Merchants have liability for non-fraud disputes. So your business has to pay for refunds and lost disputes via invoice. This leaves you vulnerable to non-traditional fraud types.

“In the UK, the FCA has just amended BNPL contracts. Now, a provider has to refund a customer straight away when they cancel their contract, regardless of whether the merchant gets the item back or not. I was pretty shocked by this. Customers could just get full refunds and keep items over and over again. Since there’s usually no reporting, as a merchant, you could have no idea you’re experiencing prolific returns abuse until you're given your monthly invoice. Your business loses the cost of items and has to foot the bill!”

Why is BNPL fraud increasing?

“BNPL installments create opportunities for fraudsters. If a BNPL provider doesn't require the first installment to be paid for a month, a fraudster can place as many orders as possible in that time with no intention of paying. By the time the BNPL provider requests the first payment, the fraudster is long gone!

“It’s also just become really accessible. TikTok videos of fraudsters offering FaaS discounts or hacking tutorials are everywhere. Young people see fraud as a fun and easy way to earn money, not as a criminal offense. Everything you need to commit fraud is now on the surface web. In just a few clicks you can get comprehensive PDF guides on how to commit BNPL fraud!”

Why is BNPL fraud a problem for merchants?

“The biggest problem? The gap between BNPL providers’ and merchants’ systems. Fraud teams have very little if any visibility over BNPL fraud. They don’t know the figures or have reports on fraud scores or anything. It’s all internal for BNPL providers.”

Poor communication and short timeframes for disputes

“There are no communication portals, so disputes are often dealt with through customer service emails. Your customer service team may not know how to deal with disputes, resulting in cases being closed in the customer’s favor. But if they do wish to respond, they often have as little as 48 hours or your business automatically loses the dispute. It’s a mess, a big mess. And this is all happening without any detailed reporting whatsoever!”

Merchants are reluctant to fraud screen BNPL

“A lot of these problems could be solved if merchants fraud screened their BNPL transactions. But it’s hard to convince business leaders that you need to! Every transaction screen costs money. So often senior management will think ‘why should we pay for transactions if BNPL providers have liability?’”

What advice would you give on how to manage BNPL fraud?

“I’d strongly advise you to fraud screen BNPL transactions. This will give you an idea of what percentage of BNPL card-not-present fraud you have. It will also provide additional security against account takeover and/or synthetic identity theft, reducing the risk of reputation damage. Ultimately, fraud screening transactions gives you greater visibility and allows you to perform detailed analysis on your BNPL transactions for both CNP fraud and non-traditional fraud types.

“Ideally, all BNPL providers should work on creating dispute resolution portals to make it easier for both customers and merchants. Along with clear reports on disputes and refunds issued directly via BNPL platforms.”

How do you think the BNPL payments & fraud landscape will develop in the future?

“Demand for BNPL from customers will go up as regulations come in. When BNPL starts to impact credit scores, customers will make the most of building positive credit scores with 0% interest. There might even be a shift away from credit cards. But at the same time, there are concerns about personal debt, so customers should still approach BNPL with caution.

“Regulations will help your fraud team. Providers will be obligated to share data like fraud rates. And hopefully more consistent fraud-screening processes will emerge.

“But fraud will likely get worse before it gets better. If BNPL use increases, so will the risk of all fraud types from account takeover to refund abuse. You should make sure you have the tools and strategy in place to defend your business. For more advice, don’t hesitate to contact us.”