Common Types of BNPL Fraud and the Role of KYC/AML Regulations

The Buy Now Pay Later (BNPL) services are growing rapidly. 42% of credit customers are interested in BNPL products worldwide, highlighting the immense popularity that buy now pay later services have gained. The rapid growth has led regulatory bodies to shift their focus toward ensuring the security and integrity of financial transactions. This is where Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations become critical, enhancing safety and helping BNPL service providers avoid non-compliance fines. 

The Most Common Types of BNPL Fraud 

A customer must create an account with the Payment Service provider (PSP) to conduct transactions. This opens the door for scammers seeking opportunities to commit BNPL fraud.

1. Account Takeover

Criminals compromise a genuine user’s account to commit a BNPL scam on any website that accepts such a service provider. Due to the deferred payment nature, the genuine user might remain unaware of the fraudulent activities for a considerable period, possibly spanning several weeks.

2. Synthetic Fraud

Criminals use stolen data for commiting synthetic buy now, pay later fraud. This form of synthetic fraud involves the scammer fabricating a fictitious identity to establish a fresh account and conduct transactions.

3. Family Fraud

This type of fraud occurs when a family member of the authorised purchaser gains access to their account. For instance, a child may make an unauthorised purchase using a parent’s device, which the parent becomes aware of after they are done with it. 

4. New Account Fraud

Registering for a new BNPL account is a smooth and easy process. However, a new account scam occurs when a scammer assumes a fictitious identity to establish such an account. This fraud frequently occurs at the banking level, where criminals exploit stolen or synthetic identities to acquire fresh credit or debit cards, enabling them to carry out illicit transactions.

5. Non-Repayment

In non-repayment fraud, the purchaser buys goods or services without the intention of repaying them. Non-repayment scams can manifest as isolated incidents or involve combining one or more tactics to execute multiple purchases without settling them.

6. Trojan Horse Fraud

Trojan horse scam is frequently a direct outcome of ATO or synthetic fraud. It occurs when a scammer creates an account using fabricated or stolen user credentials and subsequently alters the payment method to link it with another compromised account. In this manner, scammers can make multiple BNPL purchases without ever making payments for any of the transactions.

7. Sim Card Swapping

The SIM swap scam is categorised as an Account Takeover (ATO) Fraud that typically exploits vulnerabilities in two-factor authentication systems. Specifically, it targets situations where the second factor or step relies on text messages or calls sent to a mobile phone. BNPL accounts become susceptible to this type of scam, as scammers can easily target them, with access to bank details being just a few clicks away.

8. Return Abuse

In traditional eCommerce, a cardholder’s available funds or credit often serve as a helpful safeguard against overspending. In contrast, BNPL can create a perception of greater financial freedom for buyers at the time of purchase, as they may not feel as restricted by the money they have on hand. Nevertheless, this increased flexibility could lead to buyer’s remorse later on, potentially resulting in goods being returned, even without a valid reason.

How to Prevent BNPL Fraud 

• Leverage Artificial Intelligence (AI) and Machine Learning (ML): AI-driven machine learning empowers merchants to make informed decisions on transaction acceptance. By analysing historical data, this technology refines decision-making and becomes more intelligent with increased data incorporation, enabling continuous improvements.

• Broaden Data Sources: Enhance scam detection by integrating external fraud signals alongside your data. This approach quickly identifies trends and informs you about emerging fraud threats and tactics.

• Deploy Scam Scoring: Tailor risk assessment based on transaction type and indicators like address and geolocation. Distinguish between lower-risk and higher-risk transactions to reduce unnecessary friction, streamlining the process whilst maintaining security.

• Keep Screening Solutions Up to Date: Outdated solutions are vulnerable to exploitation by scammers seeking access to your systems. Regularly updating the security solutions is crucial to stay protected against evolving threats. 

• Conduct Regular Audits: Never assume that the security measures are sufficient. Regularly conduct thorough audits of internal operations to ensure robust protection. Continuous vigilance is critical to staying ahead of potential threats.

The Need for Stringent KYC and AML Regulations 

Adhering to KYC and AML requirements is no longer just a matter of preference; it has become a legal obligation for BNPL companies. Each jurisdiction defines its criteria for proper KYC or AML checks, but the repercussions of not complying remain consistent:

• Heavy Fines: Regulators impose severe penalties on companies that fail to meet KYC and AML requirements. 
• Legal Issues: Non-compliance fines not only incur significant costs but also burden your legal team. These issues can create bottlenecks, potentially lasting for weeks or even months.
• Negative PR: Non-compliance fines portray your company negatively, damaging the business reputation in the market.
• Business Risk: KYC and AML checks can help develop safer business practices by identifying and mitigating scammers. Failing to implement these measures may expose your business to unnecessary risks.

How Can Shufti Help?

Shufti is a globally trusted KYC and AML solution provider, helping BNPL to fortify its security and compliance measures. 

Here’s what makes Shufti stand out: 

• Facial Recognition: Our facial verification and document authentication verifies identities within seconds, ensuring that only legitimate users can access BNPL services. 
• AML Screening: Our robust AML solution screens customers against 1700+ watchlists and assists in identifying high-risk individuals, and prevents illicit transactions.
• Leverages AI and ML:  Our scam scoring provides a tailored risk assessment for each transaction, allowing BNPL service providers to balance security and user experience. 
• Regulatory Compliance: Our KYC and AML solutions ensure that BNPL companies avoid heavy fines, legal issues, and negative PR. By partnering with us, businesses can confidently adhere to global compliance standards and create a safer environment for their customers.

Looking for a customised KYC/AML solution to keep scammers at bay?