Buy Now Pay Later Becoming a Top Target for Fraud
Of course where there is lots of money, can the fraudsters be far behind? Bad actors are increasingly targeting BNPL platforms due to the high potential to make significant amounts of money with attacks. This is fueled by the massive amount of personal data that has been exposed through years of data breaches.
In the BNPL model, customers can secure approval for a loan in seconds and receive purchases having paid either nothing or a minimal amount upfront. By utilizing stolen and synthetic identities, fraudsters exploit this service with no intention of paying back the loan amount. In addition to using synthetic identities to create new accounts with the intention of committing fraud, attackers also target existing accounts with credential stuffing attacks.
Negative Effects of Increased Attacks on Buy Now Pay Later Companies:

Chargebacks
If a real customer is the victim of an ATO attack, the BNPL provider then has to issue a chargeback.

Lost Revenue
BNPL firms extend loans to fraudsters using synthetic identities who have no intention of paying them back.

Unwanted Friction
Fighting rising gruad attacks with cumbersome authentication protocols hinders the seamless BNPL experience.

Brand Reputation
Customers whose accounts get hacked will move to competitor platforms and complain on social media.
Account Security and Fraud Deterrence
The rising popularity of BNPL and the ease of transactions have caught the eyes of the fraudsters, who are using the convenience to make money for themselves. They take advantage of the fact that BNPL providers only have a few seconds to approve or reject a purchase to escape with expensive items at a minimal cost – often paid using stolen credit cards – making it harder for deserving customers to leverage the services.
Common Attack Techniques:

Account Takeover
A user account with a good repayment record enjoys greater lending limits and is more attractive to fraudsters. Attackers use several tactics, including credential stuffing and automated phishing, for account takeover to exploit compromised accounts.

New Account Creation
Fraudsters use synthetic or stolen identities and create fake new accounts, using bots to scale up attacks. Fraudsters use these fake accounts to make multiple purchases using stolen credit card deta, leading to chargebacks and settlement costs.

Bypass Authentication Methods
Attackers will bypass authentication steps at scale, and try to orchestrate their activities with the least resistance. Businesses need powerful protection at the account sign-up and login steps to detect suspicious actors early - all without threatening the seamless user experience.
The Arkose Labs Approach
Identities are being spoofed at scale and traditional authentication steps are being circumvented. That’s why Arkose Labs combines rich data intelligence with powerful analytics to discern intent, and proactively fight spoofed identities and devices. Its AI-powered platform evaluates fraud patterns across different websites and apps, and then ensures the correct tools are in place to flag risky users in real-time.
This intent-based approach means that the vast majority of good users continue to have a seamless experience, while targeted friction frustrates human fraudsters and stymies bots.

Arkose Labs Protects Buy Now Pay Later Platforms
Arkose Labs carries out deep analysis of behavior, device and network heuristics to segment suspicious activity for the appropriate attack response. Businesses receive actionable telemetry to inform further actions, and Arkose data can be used to train businesses’ internal models, including attack signatures, reasons for risk classification, fingerprint information, and more.
Arkose Labs also provides businesses with dynamic attack response, to go beyond a risk classification and actively remediate fraud attempts. Its innovative in-band enforcement challenges provide powerful secondary screening of high-risk traffic, in a way that does not disrupt legitimate users.
This tackles abuse in real-time. Even the most advanced bots are thwarted with interactive challenges. Malicious humans are shown increasingly complex challenges until they give up in frustration and leave. This is achieved while maintaining a completely user-centric approach to security that challenges suspicious traffic using incremental risk-based friction, rather than blocking it outright.
Arkose Labs works with companies across the globe to fight all attacks across the digital frontend including account takeovers, credential stuffing, fake new account fraud, spam, phishing, scraping, inventory hoarding and more. Arkose Labs helps BNPL platforms to continue to deliver a seamless user-centric experience to customers while keeping fraudsters out of your ecosystem.
The Arkose Advantage
Long-term Deterrence
Arkose Labs increases the cost of fraud making it economically unsustainable to fulfill attacks
Effortless Management
Powerful decision engine selects the most effective response strategy to reduce manual reviews
Protection Across the Customer Journey
One flexible solution that protects against different attack vectors and extensive user touchpoints
Early Detection
Eliminate losses, reduce costs, and streamline efforts by preventing attacks before they advance in your ecosystem
Privacy Friendly
Arkose Lab technology achieves unparalleled accuracy without compromising data protection compliance
Results Fast
New customers will see results within days, not weeks or months
Book a Meeting
Meet with a fraud and account security expert