Diana Barris, Senior Product Marketing Manager at Forter
Buy Now, Pay Later (BNPL) has tremendous appeal for online shoppers, enabling consumers to access goods and services now while paying for them at a future date. In particular, Asia-Pacific’s high internet penetration rate and vibrant e-commerce economy make the region an excellent incubator for this service. BNPL is projected to be the fastest growing payment method for Singapore, and BNPL providers Atome, Grab, and Hoolah have also recently co-established an industry-led initiative to develop a BNPL framework for the local market.
However, with opportunities come risks – and new payment trends often reveal new surfaces where fraud and abuse can take place. BNPL is essentially an instant loan application at the point of sale. This means the BNPL provider must make a credit decision in the time it takes a customer to complete a transaction compared to the minutes, hours or days traditional lenders have to make the same decision.
This short time frame, and the “softer” controls BNPL providers have compared to banks and credit card companies, provides an opportunity for fraudsters to access tangible goods with a lower likelihood of initial detection.
When it comes to BNPL transactions, businesses face various risks:
- ‘Buy now, pay never’: This occurs when someone uses their own identity data with stolen or fake data to pass through both fraud and credit checks with no intention of making any of the BNPL repayments after purchase. The fraudster provides as little data as possible and only offers personal details that cannot be traced – such as giving a mobile number from a prepaid phone to pass a one-time password check or a fake delivery address.
- Policy abuse: Sometimes called ‘returns abuse,’ policy abuse happens when a fraudster either returns an item having already used it or returns a different item that was purchased. This happens before full payment is made through BNPL instalments, meaning the BNPL provider is on the hook for the full value of the goods. Research from Forter show that policy abuse losses might outstrip fraud losses, and are estimated at US$65 billion annually.
- Card testing: Card testing fraud is how a fraudster can confirm that stolen card information is usable. The stolen card is initially tested through smaller transactions before being used for larger purchases. As BNPL transactions have a shorter time frame to make credit decisions, card testing fraud could be perpetuated through these purchases.
- Refund fraud: Refund fraud happens when purchases are made using stolen credit card information, and then refunds are requested to an alternate credit card. A fraudster can often trick e-commerce businesses into issuing such refunds by claiming that their old credit card account is now closed, and therefore, the refund must be put on a new card. This simple yet effective tactic puts businesses in a difficult position.
- Chargebacks: Chargeback fraud occurs when a customer makes a purchase and later disputes it with their credit card company, resulting in a chargeback. In some instances, the customer legitimately did not recognize the purchase on their credit card, resulting in ‘friendly fraud.’ In other cases, opportunistic fraudsters attempt to circumvent and abuse company policies to either get money back or keep products for free. By 2022, global chargebacks are expected to reach volumes 47 percent higher than 2019 pre-pandemic levels, putting a renewed focus on the urgent need for issuers in Asia to tackle the problem.
Naturally, fraud negatively impacts genuine customers and their retail experience. Customers may end up being mistaken for fraudsters and blocked from making purchases. Moreover, fraud prevention often represents a hurdle in offering good customer experiences, since it usually involves delays and friction.
Businesses must strike a balance between good service and revenue risk. This requires effective fraud detection to maximize conversions of trustworthy customers and optimize experiences across the entire customer journey. To do this, fraud detection needs to be automated and data-driven in today’s digital economy. Businesses will do well by opting for a fraud protection solution built on a wide global network – an ecosystem of retail businesses, banks and payment processors. This allows for effective and precise identification of fraudsters and repeat policy abusers.Ultimately, BNPL has the potential to bring significant benefits for consumers in Asia Pacific with sufficient guardrails implemented. As BNPL fraud is on the rise globally, Singaporean companies are also realizing the risks of BNPL and are taking steps to mitigate potential issues. In the long run, an effective fraud protection strategy will enable businesses to scale with confidence as they offer new payment services, add to product offerings, or even expand their business across borders.