Top Online Payments Security Trends
Learn about the latest approaches when it comes to assessing security risks, and find out more about the latest authentication trends in the online payments industry.
Digital transformation led to innovative financial solutions, one of them being the ''Buy Now, Pay Later'' option commonly abbreviated as BNPL. It enables consumers to relieve the financial pressure and acts as a layaway plan enabling them to redistribute the amount in a predefined number of payment installments. Despite being favored by the general public and gaining more popularity over time, the average consumer is not the only one showing interest in BNPL options. Fraudsters got themself another greenfield for their operations. Let's go through everything you need to know about BNPL, advantages, and risks included.
The general idea of a BNPL service is to allow consumers to split a purchase into a fixed amount of payment installments. Buy now, pay later; quite literally. As a financial instrument that commonly does not charge interest; i.e. if payments meet the deadline; it is an attractive way of making both online and traditional point of sale purchases for many consumers. Some of the most popular BNPL services include Affirm, Afterpay, and Splitit.
It is a favored payment method in underdeveloped markets where consumers do not have access to a great variety of credit options. Another segment that is fond of BNPLs are Millennials and Gen-Z. Using such a service, they avoid potentially high interest rates and are not required to pass credit checks to apply for a credit card.
By subscribing to a BNPL service, merchants enable their customers to split their purchase into equal payment installments over a predefined period of time. The payment option is triggered at point-of-sale, regardless if a purchase is made in a physical store or online. In the case of an online store, after adding items to the cart, the customer is able to choose BNPL option at checkout. They are then redirected to a BNPL service provider, where they authenticate themselves and select the number of wanted payment installments.
Specific for BNPL payments is the liability issue. Regarding that the BNPL service provider pays the amount of the purchase to the merchant as a whole, and the customer makes periodic payments to the BNPL; liability lies with the service provider. In simpler terms, any form of chargeback won't concern the merchant. This is an additional reason for merchants to offer their customers the Buy Now, Pay Later option.
As more people turned to online shopping caused by the ongoing Covid-19 pandemic, BNPL services bloomed and are continuing to grow. As demand grows, the market responds. Affirm now offers a virtual credit card enabling consumers to shop at thousands of online and point-of-sale merchants that have Affirm integrated into their checkout.
A study by The Ascent regarding BNPL services showcased insightful stats about consumer's Buy Now, Pay Later habits. Here are some interesting ones to consider:
In order to process a BNPL payment, the user must create an account with a particular BNPL payment service provider. The account in question is vulnerable and exposed to various types of fraud already present.
Since having an account is one of the main prerequisites for the consumer to process a BNPL payment, ATO fraud is a potential threat. Moreover, regarding that the payment is delayed, the rightful owner might not notice strange activity happening on their account up to several weeks.
It is fairly easy to set up a BNPL account; in some cases, one might need only a driver's license or current address as proof of identity. Generally, such information is easily accessed after data breaches or obtained through phishing. After setting up the account using fake information, the fraudster has access to the default line of credit offered to all new accounts.
Following the above mentioned account abuse, another popular way of creating an account for fraudsters is synthetic fraud. The bad guy literally invents a new persona and uses it to create legitimate looking accounts for their own personal profits.
Another way of making unauthorized BNPL payments is friendly fraud. A family member; e.g. child; might gain access to the device and process a BNPL payment without the parent knowing about it.
There are two main types of fraudulent chargebacks. The first one involves a rightful owner who detected an unauthorized purchase on their billing statement and demands chargeback. The second one stages an opportunistic owner who claims that they never made a particular transaction and demands funds to be returned to their account.
Customer behavior is the main indicator when it comes to detecting suspicious activity. Pay attention to the following tell-tale signs of potential fraud.
If the shipping address does not match the one in the account information, you might be shipping goods to a fraudster. Keep an eye on this one.
Customers tend to stick to the same devices when online shopping. An unfamiliar device is a good sign to dig a little deeper and look out for other suspicious activity tied to the particular account.
Be careful with new accounts. If a customer is making their first purchase, make sure that there are no other signs of suspected fraud.
Looking back at the user's history record, does this particular purchase fit the profile? Are there any unusual shopping patterns that are not typical for that particular customer?
If you notice that an account is making multiple purchases in a short period of time, it might be a fraudster on the other end who is trying to profit as much as possible before getting discovered.
When looking for threats and potential signs of fraud, make sure to think critically. Don't raise alarm bells if only one out of mentioned indicators is present. False positives can alienate customers from using your service.
Make sure that the information provided during account setup is valid. Simple checks like validating the entered email address, as well as the actual existence of a home address goes a long way. To validate info such as email or phone number, the standard practice includes sending an OTP.
3D Secure technology is efficient when it comes to reducing chargeback fraud and detecting high-risk transactions. Chargeback liability shifts to the issuing bank, and BNPL service providers can better focus on other, less damaging types of fraud.
Using historical data in order to set the ground for determining chargeback fraud patterns. The crucial part of successful rules is using the right information in order to distinguish fraudulent transactions from legitimate ones. Use our list for signs of BNPL fraud as a starting point. Quality data for assembling rules would be transaction amount, transaction velocity, new/returning user, shipping match/mismatch, etc.
Same as with rule-based risk assessment, the key to a quality machine learning model is the appropriate data. Types of data to consider include identity data, behavioral biometrics, and device data.
Learn about the latest approaches when it comes to assessing security risks, and find out more about the latest authentication trends in the online payments industry.
To find out more about Trides2 portfolio, contact us or visit our blog section.