Why BNPL risk management is essential for long-term revenue growth

Morgan Ackley | Monday, February 6th, 2023 | 7 minutes

The buy now, pay later (BNPL) sector has grown rapidly over the past few years. Fueled by shoppers moving online during the coronavirus pandemic, BNPL almost quadrupled between 2019 and 2021.

But many critics have expressed concerns about BNPL profitability in a post-pandemic world. Credit losses and bad debts, especially, have eaten BNPL profits, causing weariness among investors and those looking to offer the payment method.

However, the meteoric expansion of BNPL into new regions, its boost to merchants’ bottom lines, and, most notably, customer sentiment around BNPL reveal a promising future for the payment option.

At least half of consumers said they would abandon their carts if a merchant didn’t have a BNPL option, says a recent PayPal survey. Similarly, Kount’s Holiday Kountdown survey, 41% of consumers will spend more online for the upcoming season than they did in 2021, even though inflation is a top concern among them. And perhaps as a result of that concern, almost half of consumers will choose BNPL at checkout.

“New payment offerings are magnets for fraud because their vulnerabilities only become visible once they’re in the market,” said Brady Harrison, Kount’s Director of Customer Analytics Solution Delivery. “Unforeseen fraud vulnerabilities may be behind BNPL losses and could very well be the secret to helping BNPL providers retain their revenue — and long-term profitability.”

Consumers will expect BNPL payment options in the future, so companies would be wise to consider investing in them. But building a BNPL risk management strategy will be crucial to capturing revenue, keeping it, and ensuring long-term profitability.

What are the types of fraud that can occur in BNPL?

Buy now, pay later has proven to increase basket sizes, decrease cart abandonment, and foster customer loyalty. And customers are continually looking for the option at checkout. But BNPL is also susceptible to the following types of fraud.

1. Synthetic identity fraud and identity theft
Even though BNPL providers don’t perform hard credit checks, they usually conduct identity or soft credit checks before customers can create an account and use their services. This process often requires customers to submit personally identifiable information (PII) like birthdays and even Social Security numbers to the provider.

As a result, BNPL is rife with synthetic identity fraud and identity theft. Synthetic identity fraud happens when a bad actor creates a false identity using completely fabricated or a combination of real and fake credentials. Bad actors may also commit identity theft by stealing authentic PII on the dark web.

Fraudsters use these identities to open fraudulent BNPL accounts where they then purchase goods and max out spending limits as that identity. In Australia, for example, identity theft complaints involving BNPL doubled to a record high in 2020.

“Synthetic identity fraud is one of the fastest-growing forms of fraud in the BNPL space,” said Harrison. “Yet, it’s probably the one that providers and merchants know the least about.”

2. Friendly fraud
Friendly fraud occurs when legitimate customers dispute legitimate online purchases with their banks or credit card companies. If the bank sides with the customer, the friendly fraud dispute becomes a chargeback.

Consumers may dispute purchases for a variety of reasons. But when it comes to BNPL, customers usually commit friendly fraud because they either forgot recurring payments or overextended themselves on BNPL purchases.

Flexible-payment providers may already know of the increased likelihood of friendly fraud with BNPL purchases. But as inflation and a weakened economy loom, cases of BNPL-related friendly fraud will probably rise, so providers should be extra vigilant in this area.

3. Account takeover attacks
Account takeover, or ATO fraud, occurs when a bad actor uses stolen or hacked credentials to access legitimate customer accounts. Once bad actors access accounts, they can mine PII or purchase goods or services fraudulently.

Account takeover is extremely popular in BNPL because it gives fraudsters access to a variety of goods and services versus just one good or service. For example, if a fraudster takes over a customer’s account from a home goods retailer, they only have access to home goods products.

But taking over a BNPL account gives bad actors access to everything from designer goods to gas and groceries. And since bad actors either use stolen products themselves or resell them on third-party marketplaces, more options mean more incentive for abuse.

Limited oversight of accounts also makes pay-in-four accounts soft targets for fraud. Fraudsters know that new companies tend to have loose controls around accounts — at least until they experience a fraud attack. Fraudsters have discovered that BNPL providers are not securing accounts as much as they should and are exploiting the laxity. ATO can lead to hefty operational costs and cause serious brand damage, especially if a fraudster steals a user’s identity.

4. Payment token switching
Flexible payment services have given rise to a relatively unique type of fraud. Since merchants ship physical goods to customers after the first successful payment in a BNPL transaction, fraudsters are gaming the system with payment token switching.

With this scheme, fraudsters open BNPL accounts, complete the first installment with a good credit card and then replace the payment token with a bogus card for the remaining payments. Because the payment token is now bad, the BNPL provider can’t collect outstanding payments.

Payment token swapping is particularly damaging to providers because it hits them three-fold. Since providers assume liability in CNP transactions, BNPL providers are at fault for merchant inventory losses and chargeback fraud when someone skips out on remaining payments. And they’re left with a “charge-off” where they must write the account off as a total financial loss.

“This activity can be detrimental to BNPL providers because it’s difficult to detect, and if someone is successful, it’s a complete loss,” said Harrison.

5. Shotgunning scams and bust-outs
Traditional shotgun fraud happens when a person opens multiple loans from different lenders in a short time with the intention of not repaying them.

The term became popular in the mortgage industry during the early 2000s when bad actors would submit fraudulent mortgage loan applications to multiple banks. Due to processing delays and no unified reporting system, fraudsters would take off with the cash before banks realized more than one financial institution had lent to them.

Likewise, BNPL providers have no universal reporting system. That means on-demand payment providers don’t know how many installment loans a person has open with another provider and, thus, their true overall ability to repay an installment loan. Because of this, a fraudster can open multiple accounts with multiple BNPL providers, max out spending limits, and then disappear.

Similarly, fraudsters may “bust out” accounts by first establishing good repayment history on an account. But once the provider increases their spending power, the fraudster maxes out the account. And due to the limited credit-check environment, fraudsters can repeatedly open and bust out accounts with the same providers under different identities.

BNPL risk management can help retain revenue and increase profitability

A BNPL fraud prevention solution can reduce fraud risks associated with BNPL users pre- and post-authorization, helping businesses capture and retain revenue. It combines digital and physical identity elements to create a 360-degree view of a potential customer. These insights determine the level of risk or trust associated with an identity.

Essentially, before a user can create an account, log into an account, or make a BNPL purchase, a BNPL solution can determine if the user is a good customer or a bad actor. If it identifies a risky user, it will decline the user while letting good customers through seamlessly.

The solution also performs risk analysis on every transaction using advanced AI, machine learning, and a global data network. So if a fraudster changes payment details and attempts a purchase, the solution can block or challenge the activity. The solution can even go one further and trigger step-authentication to verify the user’s identity.

With a BNPL fraud prevention solution, you can also leverage post-authorization management tools to resolve friendly fraud disputes that lead to chargebacks. And buy now, pay later solutions can even scale with your business and expand revenue opportunities further by identifying customers who are good candidates for cross-sell and up-sell opportunities.

Bodybuilding.com reduces chargebacks by 85%, expands into global markets

Bodybuilding.com is the world’s largest online fitness store and number one sports nutrition e-commerce retailer. It aims to help people achieve their fitness goals and become the best versions of themselves with nutritional supplements, training tools, and educational products.

When the company started expanding its global presence, increased site visitors and transaction volumes brought along a surge in chargebacks, jeopardizing a valuable pre-existing customer base and stunting new growth. At its highest point, chargebacks reached over $170,000 in one month.

The company feared losing good customers and new opportunities, so it didn’t want to put strict controls around or decline non-domestic transactions altogether. And they were equally concerned with implementing a solution that was both effective and invisible to the customer.

At the suggestion of a payment processing provider, Bodybuilding.com implemented Kount Command. The solution allowed Bodybuilding.com to process high transaction volumes while seamlessly separating legitimate purchases from potentially fraudulent transactions in unfamiliar regions.

And since the solution only presents friction to bad actors, good customers never notice a difference. Shortly after implementing Kount’s solution, Bodybuilding.com reduced its chargeback rate by 85% and saw a 5% increase in overall transactions processed.

“Achieving these great results in such a short time has exceeded our expectations,” a company rep said. “With Kount’s technology and expertise on our side, we feel we can confidently move into new and exciting markets.”

Related content

See more related content


Morgan Ackley

Content Strategist

Morgan has worked in the tech industry for over 5 years. Her breadth of knowledge and curiosity about technology and all things fraud-related drive her to craft compelling, educational pieces for readers seeking answers.