Exclusive: ‘Now is THE time to act on pay later fraud’ – Michela Toffali, Yolt in “The Paytech Magazine”

Michela Toffali, Head of Marketing for Yolt Technology Services, puts the case for using open banking to counter online crime as the BNPL sector comes under tougher scrutiny

As the buy now, pay later (BNPL) industry booms, so too have incidents of identity theft and payment fraud associated with the payment method. Recent cases have led to calls for stronger regulatory protections and, in the UK, this is now set to happen, with the Treasury announcing in February 2021 that the sector would be brought within the scope of the Financial Conduct Authority (FCA).

Under its watch, BNPL firms will have to conduct proper affordability checks before lending, as well as applying tougher scrutiny to fraud cases. As such, they will have to quickly find solutions to improve processes and meet the new standards coming into effect.

Understanding the threat

Fraudsters have taken advantage of the relatively new BNPL payment process, with account takeover the most prevalent fraud risk for consumers. If a fraudster can obtain the login details for someone’s BNPL provider account, they can log into any e-commerce site that accepts that provider and make purchases from their account. Cases involving this kind of fraud have reached national news, with victims having items delivered to their homes that they didn’t order, and unauthorised funds taken from their bank accounts.

Cases of stolen identity can have a significant impact on companies offering BNPL services. If a merchant’s legitimacy isn’t properly confirmed, then we could see fake merchants submitting falsified orders, using stolen customer details to collect payments for products they sold but never shipped. In these cases, the BNPL vendors would likely assume the risk and would be left potentially needing to compensate the consumer and invest time and resource into reporting the fraud and supporting an investigation by the relevant authorities.

BNPL vendors also face the same general security challenges as other payment providers, with consumers entering card details to make purchases. Credit card data, in particular, is frequently targeted by fraudsters, and is a key risk for businesses. Last year, British Airways was fined £20million under the General Data Protection Regulation (GDPR) for a security incident that exposed customers’ card numbers, expiry dates and card verification value (CVV) codes. As a result, BNPL vendors face a fight on two fronts: identity theft and payment fraud, which require constant monitoring, while regularly adapting security measures to combat increasingly sophisticated fraud.

How the costs rack up
The impact that fraudulent transactions can have on businesses and consumers alike is profound in both the short, and long term. The immediate impact of fraud cases, for businesses, is the financial loss. In the UK alone, the private sector lost around £140billion to fraud in 2017. Fraudulent transaction costs include victim compensation, shipping and insurance, as well as chargeback fees, potentially running into hundreds of pounds per transaction.

In some cases, businesses must also replace lost inventory and pay for manual reviews of suspicious transactions. In the longer term, businesses may also lose out because of the impact on their brand reputation, with consumers no longer confident in dealing with them and investors potentially looking elsewhere. Alongside this, businesses may lose confidence in their own ability to spot fraudulent transactions, and so opting to pay more to deploy an external fraud detection and prevention solution. Another potential knock-on effect is the implementation of checkout processes that increase friction for consumers and result in higher rates of abandoned sales, further costing the company.

The impact of fraudulent transactions has been further exacerbated by the COVID-19 pandemic, with businesses already struggling financially due to the severe economic downturn. Merchants spend three-to-five per cent of their revenue combatting fraud, which, combined with lower profit margins and shop closures due to the pandemic, means such instances have been more keenly felt, pushing some companies closer to administration or even bankruptcy. The accelerated shift to online services during the pandemic has also meant companies have had to quickly upgrade their online fraud detection and prevention services, representing another significant cost during a difficult time. For businesses that weren’t able to upgrade, or have chosen not to, the switch to digital has meant it’s been harder for them to detect and prevent fraudulent transactions, further raising costs.

Finding the solutions

With fraud hitting businesses harder than ever, many are looking for solutions that can provide additional security while reducing their costs. Open banking-powered services such as payment initiation services (PIS) and account information services (AIS) are becoming increasingly popular options, and both are able to combat identity theft and payment fraud within BNPL transactions. AIS gives businesses instant access, with consent, to customers’ transaction data, allowing them to build an accurate picture of their finances, from bank balances and income to expenses and spending habits.

As a result, AIS is well-placed to help businesses and BNPL firms detect cases of identity fraud in these transactions, while boosting the security measures already in place. By running an instant API call through AIS, businesses can immediately get the bank account name from a transaction, which has already gone through verification via their bank’s secure authentication. Consequently, AIS can help businesses better detect and prepare for when a suspicious bank account has made a BNPL purchase.

PIS can help businesses and BNPL vendors tackle payment fraud in other ways, too. It allows bank customers to access their accounts directly, to authorise payments, make online purchases, pay bills or transfer money between bank accounts, using secure payments systems such as UK Faster Payments or a SEPA (Single Euro Payments Area) transfer. Using PIS, BNPL payments are verified through the bank’s security measures, meaning the consumer doesn’t have to enter sensitive account or credit card information on the merchant’s website.

As a result, there’s an additional layer of security for the consumer during the payment process, and the business can feel more confident about their fraud detection capabilities.

With both AIS and PIS in place, businesses will have additional protection against identity fraud and payment fraud, being able to identify potential cases far quicker and reduce the number of fraudulent transactions. They’ll also be able to save significant amounts of money on things such as insurance and chargebacks from fraud cases, which is crucial, particularly for SMEs, during a severe economic downturn when every penny counts.

In the longer term, too, the additional security provided by AIS and PIS can help businesses feel more confident about expanding their operations without the threat of fraud looming.

Looking ahead

BNPL payment methods are set to continue booming in the coming years, but, with increased regulation looming, businesses must adapt their security measures and combat BNPL fraud to save money, reduce customer concerns and meet regulatory standards. With open banking solutions such as AIS and PIS, businesses can leverage their security and make it easier to spot when fraud is taking place, saving them money and giving them the confidence to grow. Furthermore, with PIS, customers can set up future-dated transactions, giving merchants even more certainty of collecting payment.

Open banking has the power to future-proof the growth plans of BNPL vendors, securing their business models and supporting consumers and retailers by maintaining access to this much-valued and increasingly utilised payment method.

This article was published in The Paytech Magazine #08, Page 59-60