Harness the power of your data to reduce fraud
and increase payment acceptance
Tailor-made fraud protection
Detect and stop fraud faster with clear
Adaptive solutions for emerging threats
Defend against ATO, promo abuse and seller
Optimize conversion with agnostic
Manage PSD2 and take control of
Online payment fraud
Understand chargebacks, fees &
Machine learning for fraud detection
Models, risk scores & thresholds
Link analysis & graph networks
Draw deeper insights from data
Account takeover fraud
Prevention strategies & reputational
Uncover & stop hidden costs
PSD2 & SCA
3D Secure, TRA & exemptions
Global payment regulation map 2022
Track PSD2 & more with a full report
Deep dives on fraud & payments topics
The latest fraud & payments updates
API & developer docs
APIs, glossary, guides, libraries and SDKs
Discover the story about Ravelin
Join our dynamic team
Read more about our happy customers
Join our partner programme
Harness the power of your data to reduce fraud and increase payment
Detect and stop fraud faster with clear insights
Defend against ATO, promo abuse and seller fraud
Optimize conversion with agnostic authentication
Manage PSD2 and take control of authentication
Understand chargebacks, fees & detection
Prevention strategies & reputational risk
Uncover & stop hidden abuse
Read more about our happy custmomers
Buy now, pay later is exploding - what risks could this bring your business? We speak with Nelda Biltauere, Fraud Researcher at Ravelin, about BNPL challenges, costs & strategy.
Share this article:
Buy now, pay later (BNPL) payments are booming. By 2025, BNPL will account for $680 billion worth of global ecommerce transactions. Already, four in five US consumers use BNPL on everything from clothing to cleaning supplies. And global tech giants like Apple are launching BNPL products to get a piece of the pie.
BNPL gives customers the buying power to boost your sales, which is great for ecommerce! But, apart from recent changes in the UK, the BNPL space is largely unregulated. Every provider operates differently, and they rarely share data or reports with merchants, causing uncertainty and mistrust. What are the fraud rates of these black box BNPL operations? Are your customers at risk?
Ravelin’s Fraud Researcher, Nelda Biltauere, led an investigation into BNPL. We sat down with her to shed some light on the risks, challenges and costs…
“BNPL is a type of short-term financing that allows consumers to make purchases and pay for them in installments over time, often interest-free. Your business gets paid straight away. The BNPL provider deals with all the financing, loaning and everything else.
“Merchants have to pay on average a 5% fee for every transaction, which is a lot higher than around 1.5% for Visa or Mastercard. But BNPL solutions can improve sales, lift average order value, boost customer growth and increase customer satisfaction. So it’s worth it!”
“BNPL providers have full liability for fraud disputes. This gives them the incentive to keep card not present fraud rates low. A Bain report said that 23% of merchants experience less fraud with BNPL. But it’s likely this figure is too optimistic. Many merchants don’t fraud screen their BNPL transactions, so aren’t aware of their BNPL fraud levels at all.
“And this liability only covers card not present fraud. When it comes to returns and lost non-fraud disputes, BNPL providers create an invoice for your business to pay at the end of every month. We’ll later discuss how this can cause a huge headache for your fraud team and incur unnecessary costs for your business.”
“BNPL fraud often involves fraudsters exploiting weaknesses in the application process. Synthetic identity fraud and account takeover are two of the most common fraud types experienced by providers. But there’s also increasing triangulation fraud, refund abuse, and friendly fraud.”
“Synthetic identity theft involves a fraudster putting together an identity based on sets of data they can get easily on the surface web. They then place orders without any intention of paying the BNPL provider back.”
“Account takeover happens when fraudsters steal existing BNPL account details - so there’s a genuine user involved. The hacker finds real credentials, logs into the account and places as many orders as they can get away with.”
“BNPL triangulation fraud schemes (a.k.a fraud-as-a-service or FaaS) involve fraudsters offering discounted prices for your products online. Customers pay an agreed amount, and the fraudster places an order using BNPL. After that, the fraudster will open a dispute with the provider. Because providers and merchants have separate systems, fraudsters can often easily receive the full funds without being discovered.”
“BNPL refund abuse and friendly fraud involve customers requesting money back from the provider, often keeping your products for free. Merchants have liability for non-fraud disputes. So your business has to pay for refunds and lost disputes via invoice. This leaves you vulnerable to non-traditional fraud types.
“In the UK, the FCA has just amended BNPL contracts. Now, a provider has to refund a customer straight away when they cancel their contract, regardless of whether the merchant gets the item back or not. I was pretty shocked by this. Customers could just get full refunds and keep items over and over again. Since there’s usually no reporting, as a merchant, you could have no idea you’re experiencing prolific returns abuse until you're given your monthly invoice. Your business loses the cost of items and has to foot the bill!”
“BNPL installments create opportunities for fraudsters. If a BNPL provider doesn't require the first installment to be paid for a month, a fraudster can place as many orders as possible in that time with no intention of paying. By the time the BNPL provider requests the first payment, the fraudster is long gone!
“It’s also just become really accessible. TikTok videos of fraudsters offering FaaS discounts or hacking tutorials are everywhere. Young people see fraud as a fun and easy way to earn money, not as a criminal offense. Everything you need to commit fraud is now on the surface web. In just a few clicks you can get comprehensive PDF guides on how to commit BNPL fraud!”
“The biggest problem? The gap between BNPL providers’ and merchants’ systems. Fraud teams have very little if any visibility over BNPL fraud. They don’t know the figures or have reports on fraud scores or anything. It’s all internal for BNPL providers.”
“There are no communication portals, so disputes are often dealt with through customer service emails. Your customer service team may not know how to deal with disputes, resulting in cases being closed in the customer’s favor. But if they do wish to respond, they often have as little as 48 hours or your business automatically loses the dispute. It’s a mess, a big mess. And this is all happening without any detailed reporting whatsoever!”
“A lot of these problems could be solved if merchants fraud screened their BNPL transactions. But it’s hard to convince business leaders that you need to! Every transaction screen costs money. So often senior management will think ‘why should we pay for transactions if BNPL providers have liability?’”
“I’d strongly advise you to fraud screen BNPL transactions. This will give you an idea of what percentage of BNPL card-not-present fraud you have. It will also provide additional security against account takeover and/or synthetic identity theft, reducing the risk of reputation damage. Ultimately, fraud screening transactions gives you greater visibility and allows you to perform detailed analysis on your BNPL transactions for both CNP fraud and non-traditional fraud types.
“Ideally, all BNPL providers should work on creating dispute resolution portals to make it easier for both customers and merchants. Along with clear reports on disputes and refunds issued directly via BNPL platforms.”
“Demand for BNPL from customers will go up as regulations come in. When BNPL starts to impact credit scores, customers will make the most of building positive credit scores with 0% interest. There might even be a shift away from credit cards. But at the same time, there are concerns about personal debt, so customers should still approach BNPL with caution.
“Regulations will help your fraud team. Providers will be obligated to share data like fraud rates. And hopefully more consistent fraud-screening processes will emerge.
“But fraud will likely get worse before it gets better. If BNPL use increases, so will the risk of all fraud types from account takeover to refund abuse. You should make sure you have the tools and strategy in place to defend your business. For more advice, don’t hesitate to contact us.”
Grace Proctor, Content Writer
Blog / News
You might’ve heard about a new fraud tactic called ‘account pre-hijacking.’ But what actually is it? And how can you prevent it? Let’s break it down.
If you offer a subscription, recurring payments can leave you vulnerable to unique fraud risks. How should you tailor your fraud strategy?
From blocker to revenue enabler, businesses are seeing their fraud teams with new eyes. What has brought about this change? And how can you build on it?
Lola Omo-Ikerodah, Content Writer
Subscribe to our newsletter to get the latest fraud & payments updates
sent direct to your inbox.