Buy Now Pay Later (BNPL)
Payment options increasingly utilized
Fraud rate has also increased
Introduction:
Klarna and PayPal reported an increase of around 400% of consumers using its new BNPL payment option. BNPL is currently the fastest growing e-commerce payment solution.
It is popular among millennials and Gen Z shoppers. However, with this increase of popularity, the fraud rate also increased.
The current data shows that fraud rose by 66% in 2021 compared to 2020. The payment option is attracts cybercriminals, who are always on the lookout for loopholes in payment systems.
Details:
Cybercriminals are masquerading as legitimate customers. Their strategy is to set up fake accounts, make their first purchase, pay one installment, then close the account once the mechandise
is received. Another type of fraud that is affecting BNPL is account takeover fraud (ATO). Cybercriminals gain access to genuine customer accounts and use their cards to make payments,
or to test stolen cards. Attempted ATOs increased 300% over Black Friday and Cyber Monday (2021). New companies and payment platforms are attractive targets
because they have less fraud experience, knowledge, and historical data to combat ATO.
Currently:
Klarna's current policy to accept responsibility for any fraud, so merchants or retailers are not left vulnerable. They will be paid in full for their sale ultimately reducing their risk.
Of course BNPL has not led to the creation of new types of fraud. For ecommerce providers, onboarding and authenticating customers still plays a significant role in fraud prevention.
Ultimately the familiar conflict arises: customer security vs customer satisfaction. Therefore some BNPL companies remain reluctant to increase or change their credit checks
during the onboarding and authentication process, because they do not want to turn away genuine customers.
Addition Security:
Another layer of security is 3-D Secure authentication (3DS).
However, much of the fraud that BNPL is susceptible to can avoid 3DS checks. Fraudster hack into an account (anothor reason to use complex passwords) and change
the authentication details (like the phone number). SIM swapping is also a popular method of gaining access to someone's account and beating 3DS.
3DS will eventually be decommissioned at the end of 2022. In the mean time upgrade 3DS with 3DSv2. 3DSv2 is specifically designed for
smartphones and will ask customers for biometric authentication, before allowing a payment. Hopefully that reduces BNPL vulnerabilities long term.
Closing:
Biometric authentication offers more protection, while building on BNPL's key selling points of convenience, speed, and user experience.
That said, with e-commerce fraud on the rise, with current growth estimating a rise of 18% next year, it is vital that companies who offer BNPL
as a payment method and their partners are prepared and equipped with the latest fraud-fighting technology, as well as an increased data authentication/validation
processes to ensure they do not fall victim to fraudsters.
Reference link for the full story:
https://www.helpnetsecurity.com/2022/01/18/bnpl-fraudsters/?web_view=true
This information is brought to by Vectech Solutions, The Gold Standard in Cybersecurity
#ecommerce #vulnerability #bnpl.