New and trendy payment methods are popular with fraudsters, too.
Yinglian Xie, CEO of DataVisor, told PYMNTS’ Karen Webster that buy now, pay later (BNPL) is proving to be fertile ground for attack.
BNPL can improve customer experience and seal the deal at the point of checkout, increasing sales conversions — and give those customers better insight into their cash flow. It’s also increasingly popular, with PYMNTS’ research finding that more than 50 million consumers have used BNPL over the past 12 months.
But where there’s opportunity for new digital payment methods to take root, there’s also opportunity for fraud.
It’s the key lures of BNPL — ease and speed — that open the door for malicious actors. There’s particular allure here, it’s important to note, because BNPL providers are typically newer companies with relatively untested cybersecurity measures in place.
This makes them especially vulnerable to account takeovers and all manner of other schemes, where criminals set up fake accounts or use false credentials as they try to transact — paying a single installment, perhaps, and then making off with the goods.
While traditional lending activities have extensive approval processes in place, BNPL providers may not. Xie noted that to stay one step ahead, BNPL providers can protect consumers and merchants through the use of advanced technologies, such as artificial intelligence (AI) and machine learning (ML).
Related: Banking On Buy Now, Pay Later: Installment Payments And FIs’ Untapped Opportunity
The Quest for Speed
The providers themselves, Xie said, walk a tenuous tightrope. Lean too far in the direction of challenging applications and transactions, and the BNPL provider runs the risk of rejecting good transactions and good users. Once one of the main selling points of BNPL — its ease of use — disappears, users walk away from the experience, never to return, instead opting to use another payment method.
As they try to provide the best customer experiences possible, BNPL providers may not be digging deep enough (or don’t have the tools on hand) to be able to discern whether the presented card credentials belong to the person making the transaction, or whether the account or IDs are fake. Merchants or lenders who don’t necessarily require cards to be used for the installment loans may be the victims of synthetic ID fraud.
“There’s been a lot of data leakage due to other security incidents, and there is a lot of personal information, easily accessible, that can be exploited,” Xie said. That data can be used by criminals to present an “identity” that has a name, an address and a good payment history.
Xie told Webster that even though the money lost is usually paid by the BNPL provider instead of the merchant, all parties run the risks of lost reputation and damage to the brand in general.
What Needs to Be Done
As Xie told Webster: “We need extra measures in place, and new technologies in place, to provide benefits to ‘good’ users, but prevent those benefits from being manipulated.”
That means upgrading at least some of the tools already in the anti-fraud toolbox, while using newer technologies to help provide context around BNPL applications and payments — well beyond just basic identifier information and loan amounts. Upgraded platforms can ensure that real-time decisioning functionality remains intact.
Unsupervised ML, she said, helps sidestep the fact that BNPL transactions simply don’t have the historical data in place that would normally feed rules-based or traditional risk-control processes.
Xie added that in tandem with AI, technology and platforms which are hyper scalable can identify patterns that can uncover fraudulent attempts that human examination might miss.
Context, she said, can help identify certain BNPL providers or even product categories that are most at risk and vulnerable to attack. As BNPL transactions accumulate, these same advanced technologies can zero in on consumers’ past behavior to identify risk.
She contended that depending on the nature of the goods being shipped, such as higher-end or luxury goods, BNPLs providers may want to add some additional review steps into the mix before the items are sent.
“It’s the ‘borderline’ cases that you will want to scrutinize,” Xie said, “where you can add to the degree of review, but not necessarily add to the number of denials of good transactions.”
Looking ahead, BNPL as a sector is so nascent that there are vulnerabilities that have yet to become apparent. But if the BNPL ecosystem takes the holistic approach of protecting consumers’ life cycles across different activities and channels, solid fortresses can be built.
“We’ll learn as we go,” she told Webster.