May 14, 2022
  • May 14, 2022

Buy now, never pay: the growing concern of BNPL fraud

By on December 2, 2021 0

Fraudsters are finding faster, more sophisticated ways to take advantage of the increasingly popular Buy Now Pay Later (BNPL) services, where consumers can access credit on interest-free installments. It is becoming increasingly difficult for BNPL providers to fight BNPL fraud.

BNPL’s services received a boost during the pandemic as many people faced financial hardship. BNPL has made it easier for customers to schedule payments over a set period of time, without the need for a credit check or additional fees. This allowed them to access low-value loans and continue shopping without straining their monthly budgets.

Consumer interest in BNPL is on an upward trajectory with nearly 27% more consumers using the service in 2021 compared to 2020. It is also estimated that by 2030, the BNPL’s global market will likely reach $ 3.98 trillion, increasing at a compound annual growth rate (CAGR) of 47% between 2021 and 2030. Understandably, scammers are quick to take note and look for opportunities to make money.

The BNPL provider conflict

Payment methods are the main targets of e-commerce fraud and the popularity of BNPL has opened up new avenues for fraudsters to exploit. BNPL providers are known to provide instant credit making it essential for them to get fined balance between user experience and customer protection. However, since they depend on multiple third parties for the data that feeds their own internal assessments, operations become vulnerable to abuse.

Fraudsters often look for the path of least resistance to orchestrate their attacks. As a result, they quickly take advantage of any misconfiguration of the infrastructure, lack of a credit check, loopholes in the BNPL rating code and even resort to interception of validation codes by SMS to play with them. BNPL platforms.

Fraudsters generally rely on register a new account and account recovery to manipulate BNPL providers, as frequent incidents of data breaches make it easier to manipulate these entry points.

  • Creation of a new account:

    Arkose Labs discovered that registering fake new accounts accounted for more than a third (36.3%) of attacks detected in 2021, an increase of over 70% from the end of 2020. By combining pieces of stolen customer details with fictitious data, fraudsters can create synthetic identities which are used to register fraudulent accounts on a large scale . Accessing a default line of credit with a new account gives fraudsters the ability to make multiple purchases using compromised credit card information.

  • Take over :

    Automated use Credentials stuffing, scammers try to hack real user accounts so they can take advantage of the good transaction history to hit big. According to Arkose Labs Report, connections are the main point of contact abused with an attack rate of over 37% in 2021. Fraudsters are increasingly using account buyouts to target high-value and credible accounts in order to take out unsecured loans. intention to repay them.

Scammers also understand that BNPL suppliers only have seconds to approve purchases. They use this knowledge to make expensive purchases and run away with the loot, leaving behind a vendor who has to settle chargebacks and other transaction costs, and a victim who suffers credit damage and has to put in the effort. to restore digital identity.

To protect their business interests and clients against potential fraud, BNPL platforms use fraud defense solutions. However, most fraud solutions add friction, which can mean additional steps for onboarding. This can cause consumers to lose patience and give up – an unwelcome proposition for BNPL providers.

Strengthen vigilance at entry and fight BNPL fraud

Instead of monitoring the business ecosystem for scammers, BNPL providers should step up their vigilance at front doors to ensure only the right users are allowed in. Having said that, they cannot simply block any suspicious user based on “trust” or “distrust” signals, such as manipulation of digital identities and changing consumer behavior have transmuted the signals to fall more and more into the gray area. Being too careful can screen out potential income-generating customers, which is detrimental to business interests.

BNPL providers need a new approach to meet this challenge. They need long-term protection, which can also make them resistant to changing attack tactics in the future, without consumers facing disruption in their digital interactions. Arkose Labs understands the dilemma facing BNPL platforms and offers a solution that goes beyond mitigation.

Fight against fraud with Arkose Labs

The Arkose Labs solution is API-based and can integrate seamlessly with the partner’s existing infrastructure. This eliminates infrastructure vulnerabilities created due to multiple interfaces with third parties for data. Arkose Labs then moves the attack surface onto its own network and challenges suspicious users. Real-time risk assessment relies on advanced machine learning models and hundreds of digital forensic parameters to inform the challenge-response mechanism, which presents an appropriate 3D challenge for users.

Good users usually don’t encounter these challenges and those who do find these challenges fun and move on with their journey unhindered. Bots and scripts, however, instantly fail these challenges. Bad human actors, who refuse to give up, face a flood of challenges that keep increasing in number and complexity, which depletes them and destroys any chance of economic return from the attack. This forces them to give up the attack and move on.

BNPL is an emerging revenue stream and if you are a vendor looking to learn more about how scammers operate and effective ways to protect your business, listen to industry experts discuss this relevant topic in the session “Fintech Fraud and the Rise of Buy Now Pay Later‘from our summit, by register here.

*** This is a Syndicated Security Bloggers Network blog by Arkose Laboratories written by Jamie Stone. Read the original post on:

Source link