How Buy Now Pay Later (Bnpl) Fraud Is Committed Online

1. Obtain Digital Identities

Fraudsters purchase databases of stolen credentials from the dark web, or harvest on their own.

2. Disguise Themselves

Bots use residential proxy networks, customized DevTools, and solvers to evade detection by anti-bot solutions and downstream protections.

3. Abuse Login

Automated scripts inject stolen credentials into logins to generate fake accounts or take over existing ones, while bypassing anti-bot, CAPTCHA, and OTPs.

4A. Monetize Fake Accounts

Consumer: Successful new accounts are used to make one-time purchases they don’t intend to pay back – buy now, pay never.

Merchant: Fraudulent merchant accounts dupe customers into buying fake products or used to ‘wash’ money.

4B. Exploit Account Takeover

Valid credentials are used to lock consumers and merchants out of their accounts and rack up debt or sell on the dark web.

The Impact:

5. BNPL Provider

Lose revenue from fake merchant accounts and abandoned carts, added strain on security and fraud teams, tarnished reputation with shoppers and retailers.

6. Customer

Frustrated with the BNPL provider for adding friction to the buying journey. Affected by ATO and fraud happening in their name.

7. Retailer

Receives inaccurate analytics skewed by fake customers, unprepared for the influx of fraudulent orders.

8. Banks

Shoulders most of the risk by financially backing the BNPL providers. Largely responsible for delinquent and fraudulent payments.