Merchant Risk Council: Fraud Prevention Strategies in BNPL Payments

Buy Now Pay Later Payments Fraud Strategies

Buy Now, Pay Later solutions are becoming increasingly popular payment alternatives with consumers. See what the value proposition is for these payments and learn about four strategies merchants can use to help mitigate risk.

Up to 60 - 80% of all eCommerce payments are made in installments in LATAM and provide a key alternative means to shop for items that otherwise might be beyond reach for many consumers. Payments in installments are usually free of interest for the buyer and are collected month-by-month by the vendor. The quantity of installments typically varies between 3 to 12.

Fraud Strategies for Buy Now, Pay Later "Installment" Payments

The simplicity and increasing adoption of these payments can leave merchants exposed and vulnerable to fraud losses and negative PR.

Regardless of the payment type, it is crucial for merchants to follow best practices and keep themselves one step ahead of bad actors. Below are four key strategies that help proactively detect fraud.

Anomaly Detection

Change in buying patterns is a key leading indicator. It is important to look for obvious irregularities in ordering habits which may suggest that a buyer is exploitative. These may include orders which are placed during non-regular hours, or orders placed with higher quantities than usual for a specific product.

Digital Footprint Assessment

The four pillars of the digital footprint can provide crucial signals to understand the origins of the payment.

a. Device fingerprint analysis -- Keep track of the devices a user is typically logging in from. Use machine learning algorithms to analyze key attributes such as screen resolution, browser version, user agent, time zone, and language settings, which can highlight consistency for a normal user versus deviation from the normalcy which can be signs of an unauthorized access.

b. IP profiling -- A lack of geo-location information or a mismatch between distances from the billing address to the IP geo-location can be a key indicator.

c. Email address profiling -- The email address used by the customer to log into your site and place an order will also be a good indication as to the user's legitimacy. Email addresses which are either linked to no-name providers or email hosting firms and are outside of the mainstream or constructed thru randomization techniques, designed to make identity detection difficult, can be a bad sign.

d. Phone number analysis -- Multiple phone numbers associated to a single device can be a red flag.

Data-driven Machine Learning Strategies

Models that build upon features and profiles and target user behaviors, session information, order history, and transaction data as key levers are far more effective than rules-driven reactive strategies.

a. Consortium data like bad CC bin ranges, phone numbers, email addresses, and payment card numbers used across merchants can be key in the decision-making process. It is essential to maintain data privacy and compliance with laws, regulations, etc.

b. Link analysis -- Linkages between IP, device, email, and mobile phone numbers should be established if there are any hidden connections. Multiple orders linked to the same shipping address or a single device associated with multiple cardholders are couple of examples.

c. Velocity checks -- A high-volume of orders coming in quick succession could be a script attack where fraudsters are using stolen credentials to create accounts and make purchases with stolen card information.

d. Shipping address checks -- If an item is being delivered to a party based overseas but the billing address is an entirely different domestic address, then there is a far higher risk of fraud occurring.

Decisioning Speed

Real-time scale and speed to go through millions of data points in a matter of milliseconds and provide a decision with low false-positives is key to minimize liability. It is also important to be able to refresh your models on a frequent basis to be on top of new patterns of fraud.

Vesta's Payment Guarantee applies all of the above strategies but also goes one step beyond to cover fraud chargeback liability. Vesta delivers payment acceptance rates up to 3% higher than competitors, while protecting your revenue with our no-fraud guarantee.

"At Vesta, our one simple goal is to allow our merchants to increase revenue by eliminating the fear of fraud. If we tell our customers a transaction is safe to approve, it is, and we stand behind that with our payment guarantee." 

Reach out to us for more information on how we can help protect and grow your business.

Sales@vesta.io

Read the full perspective on the Merchant Risk Council  blog here.