Buy now pay later services are becoming increasingly popular, especially as so much commerce has moved online during the pandemic. But with new forms of commerce comes fraud. Buy now pay later fraud (BNPL) is like “teaching an old dog new tricks”: the five types of fraud discussed here have been used in other markets for years and exploit weaknesses in the BNPL model.
Synthetic ID
What is it? Synthetic ID fraud is when a fraudster uses a combination of real and fake personal information to create an identity and commit fraud. This presents a major problem to merchants offering buy now pay later, who will be unable to recover funds from a nonexistent person.
Why is it hard to detect? Synthetic ID fraud is hard to detect because many countries, especially the U.S., use static forms of personally identifiable information (PII) like Social Security numbers (SSN) to establish identity that are often exposed in data breaches. And one of the most perfidious aspects of the synthetic ID is fraudsters’ ability to use these synthetic IDs to build real credit and defraud more merchants or on greater-value purchases.
What’s an example? The most common example of synthetic ID fraud is the “Frankenstein ID.” As the name suggests, the identity being used is a monstrous combination of different parts of different identities to come alive. A fraudster might combine a SSN and address they’ve stolen with a made-up name and birth date to create their synthetic ID.
Account Takeover
What is it? As the name suggests, account takeover (ATO) is when a legitimate buyer’s identity or account is used by a bad actor to commit fraud. Existing accounts are targeted through techniques like SIM card cloning, credential stuffing, and phishing. It’s the cyber equivalent of a break-and-enter theft.
Why is it hard to detect? ATO fraud is tough to detect because the fraudster capitalizes on the victim’s history of legitimate transactions and good-faith purchases. The merchant may not catch transactions as fraudulent, often leaving exposure up to the person whose information has been compromised. For merchants offering buy now pay later, this can mean losses on multiple or high-value purchases when the victim initiates a chargeback.
What’s an example? ATO is one of the most common types of fraud: a legitimate-looking email arrives and the target clicks a link or replies to an email, essentially opening the door for the cybercriminal. A recent scam is an email from a fraudster mimicking a receipt for subscription to antivirus software. The unwitting victim could see this and, fearing a charge for something they didn’t purchase, click the link that allows a cybercriminal to take over their account.
Family Fraud
What is it? Family fraud combines cybercrime with relational abuse, as someone steals the identity of someone close to them to make a purchase. Victims of family fraud are very often parents of minor children and the elderly.
Why is it hard to detect? Like ATO, family fraud is very hard to detect because the fraud is cloaked by the victim’s history of legitimate purchases. Also like ATO, it’s often up to the victim to notice the fraudulent charges.
What’s an example? Family fraud has been occurring for years, sometimes occurring by accident. A recent event involved a four-year-old child ordering $2,600 worth of SpongeBob SquarePants popsicles on his mother’s Amazon account.
New Credit Line Abuse
What is it? For companies that offer a buy now pay later option, copies of proofs of identity like a state ID card or a bill with a current address on it. When a cybercriminal gets a hold of these documents, they are able to create fraudulent accounts in the victim’s name and take advantage of the introductory line of credit often offered as an incentive to legitimate customers.
Why is it hard to detect? The modern consumer tends to abandon overly complex sign-up processes or shopping experiences. Many companies offering buy now pay later services have prioritized an effortless sign-up experience, but without the right defenses in place, this effortlessness opens the door to new line of credit abuse.
What’s an example? A cybercriminal makes a BNPL purchase using documents purchased on the dark web and immediately begins purchasing using the introductory line of credit. By the time the fraud is noticed, the bad actor has already benefited from their crime.
Repayment with Stolen Credit Cards
What is it? This is a fraud-on-fraud situation. A cybercriminal uses buy now pay later to make a purchase, which they then pay off using a stolen credit card. A crime is used to pay the debt of another crime.
Why is it hard to detect? Repayment with stolen credit cards is difficult to detect because of the compounded fraud. Because it’s two different types of fraud targeting two, separate financial institutions (the holder of the stolen card and the merchant offering buy now pay later), the cybercriminal can do a lot of damage in the time it takes the two institutions to realize what’s happening.
What’s an example? Repayment with stolen cards can take the form of any of the aforementioned types of fraud. Perhaps a fraudster makes a purchase via a buy now pay later method of payment with information stolen from a phishing scam and then uses a credit card stolen from an elderly relative to pay off the BNPL bill.
These five types of buy now pay later fraud are on the rise. Companies that offer a BNPL option need to combine fast, easy customer service with a robust behind-the-scenes cybersecurity process to avoid becoming a victim of these schemes.
