APIs: BNPL FRAUD
NOW IS THE TIME TO ACT ON PAY LATER FRAUD As the buy now, pay later (BNPL) industry booms, so too have incidents of identity theft and payment fraud associated with the payment method. Recent cases have led to calls for stronger regulatory protections and, in the UK, this is now set to happen, with the Treasury announcing in February 2021 that the sector would be brought within the scope of the Financial Conduct Authority (FCA). Under its watch, BNPL firms will have to conduct proper affordability checks before lending, as well as applying tougher scrutiny to fraud cases. As such, they will have to quickly find solutions to improve processes and meet the new standards coming into effect.
UNDERSTANDING THE THREAT Fraudsters have taken advantage of the relatively new BNPL payment process, with account takeover the most prevalent fraud risk for consumers. If a fraudster can obtain the login details for someone’s BNPL provider account, they can log into any e-commerce site that accepts that provider and make purchases from their account. Cases involving this kind of fraud have www.fintechf.com
Michela Toffali, Head of Marketing for Yolt Technology Services, puts the case for using open banking to counter online crime as the BNPL sector comes under tougher scrutiny reached national news, with victims having items delivered to their homes that they didn’t order, and unauthorised funds taken from their bank accounts. Cases of stolen identity can have a significant impact on companies offering BNPL services. If a merchant’s legitimacy isn’t properly confirmed, then we could see fake merchants submitting falsified orders, using stolen customer details to collect payments for products they sold but never shipped. In these cases, the BNPL vendors would likely assume the risk and would be left potentially needing to compensate the consumer and invest time and resource into reporting the fraud and supporting an investigation by the relevant authorities. BNPL vendors also face the same general security challenges as other payment
providers, with consumers entering card details to make purchases. Credit card data, in particular, is frequently targeted by fraudsters, and is a key risk for businesses. Last year, British Airways was fined £20million under the General Data Protection Regulation (GDPR) for a security incident that exposed customers’ card numbers, expiry dates and card verification value (CVV) codes. As a result, BNPL vendors face a fight on two fronts: identity theft and payment fraud, which require constant monitoring, while regularly adapting security measures to combat increasingly sophisticated fraud.
HOW THE COSTS RACK UP The impact that fraudulent transactions can have on businesses and consumers alike is profound in both the short, and long term. The immediate impact of fraud cases, for businesses, is the financial loss. In the UK alone, the private sector lost around £140billion to fraud in 2017. Fraudulent transaction costs include victim compensation, shipping and insurance, as well as chargeback fees, potentially running into hundreds of pounds per transaction. In some cases, businesses must also replace lost inventory and pay for manual reviews of suspicious transactions. Issue 8 | ThePaytechMagazine
59
