Firms operating in the Buy Now, Pay Later (BNPL) space have faced their fair share of ups and downs. BNPL products offer new purchasing power to customers and boosted sales for businesses, but critics are calling for greater regulation in the space. Concerns over credit risk have been widely discussed, but should more attention be given to the threat of BNPL fraud?
Largely unregulated services such as BNPL are obvious targets for fraudsters. Synthetic identities can be used to make purchases and receive goods with no intention of repayment.
Individual and organised criminals are also increasingly perpetrating account takeover fraud on BNPL platforms, by extracting login information from users or even purchasing it on the Dark Web. The victim’s account can then be used to make a whole range of purchases.
In both cases, fraudulent transactions tend to take longer for the business or account holder to notice, due to the delayed payment model which forms the basis of BNPL. With fraudulent purchases long completed before being discovered, BNPL companies are refocusing on ensuring frictionless identity verification is achieved during the onboarding and authentication processes.
In its 2022 Digital Trust & Safety Index, Sift reports that fraud attacks on BNPL platforms have increased 54% year-on-year. Together with BNPL account credentials for sale on the dark web, reports of fraud-as-a-service (FaaS) schemes on secure messaging apps, such as Telegram, have also increased.
Rather than limiting their activity to the buying and selling of login information, criminals have begun to promote their ability to make purchases through stolen BNPL accounts, and then sell the goods on at a heavily discounted rate. FaaS is particularly lucrative when it comes to food delivery services, one reason for critics alarm at the propose Klarna and Deliveroo partnership.
One BNPL company reported a data breach in 2021 after customer data was reportedly left exposed by the company by accident, resulting in a temporary lockdown of their app. Hacks such as this increase the mounting pressure on the industry to maintain up-to-date cybersecurity measures.
BNPL regulatory refocus
The UK Government announced in 2021 that the Financial Conduct Authority (FCA) would soon be tasked with regulating BNPL firms. While many details about the exact level of regulation remain unclear, HM Treasury has said that new affordability checks will be required of BNPL players, including Klarna, Clearpay and Laybuy.
The industry is planning for this major shift. And the push for BNPL firms to face more regulation is not isolated to the UK, with the United States Consumer Financial Protection Bureau currently debating whether the sector needs to see new rules come into place.
As we enter 2023, BNPL clearly has some challenges to overcome. The leading names need to make changes in advance of the proposed FCA regulation that is expected to come into effect in 2024. Yet, many core metrics related to the BNPL industry remain very positive going forward.
Younger consumers are especially interested in accessing BNPL services with more than half of Millennials using a BNPL product or service. Research from GlobalData forecasts that the sector will grow by over 33% each year until at least 2026, in large part due to the continuing popularity of online shopping and the benefits of BNPL.
Providers across the BNPL ecosystem will need to implement stronger defences against evolving attacks, without sacrificing the frictionless service which has made BNPL so popular with a growing number of customers. While some uncertainty exists around the exact nature of future BNPL regulation, the sector benefits from having several strong trends supporting it as 2023 begins.