Banking has undergone some huge transformations over the last decade as it becomes more embedded in consumers’ everyday lives. In the last year alone, technology adoption in banking has accelerated at an unprecedented rate due to the COVID-19 pandemic. A testament to this India, where digital payments over the unified payment interface (UPI) increased from 8 trillion Indian rupees (INR) in 2019 to more than INR 21 trillion in 2020. Consumers are delighted about making financial decisions without having to visit a bank branch or use a banking application. Buy now, pay later (BNPL) represents a transformation in the payments industry and is experiencing rapid adoption. BNPL empowers consumers by providing a line of credit at the point of sale.

BNPL eases the pressure on consumers by allowing them to pay over a period of time instead of paying the whole amount up front. The fact that most BNPL service providers do not charge interest if payments are made on time, and that BNPL options are available in both e-commerce and traditional retail scenarios, makes this financial instrument more attractive than other products, such as credit cards, payday loans, or financing schemes marred with poor consumer experience.

BNPL service adoption has been steadily growing, benefiting both businesses and consumers. A 2019 case study noted a 33 percent increase in shopping cart size when BNPL options were provided. The ability to buy now and pay later helps consumers stretch their dollar during trying financial times, as shown by the 200 percent growth in BNPL adoption in 2020. The success of BNPL, a blend of technology and business acumen to address a market segment, depends on keeping the user experience smooth with:

• A simple checkout experience requiring few clicks.
• A consistent user experience across websites.
• No processing fees.
• Instant credit, without a lengthy approval process.

However, the practices that keep the user experience simple and engaging are often the same ones attackers use to commit fraud and make money. Fraudsters take advantage of existing and modified techniques to try to game the BNPL systems and services. In this article, we investigate some of those methods.

How BNPL Systems Work

BNPL services are provided by financial technology (fintech) companies or banks. Retailers subscribe to these services, providing their consumers an alternate mechanism to pay. The payment method is usually triggered at the point of sale both in the digital and physical world. On an e-commerce platform, the consumer is offered BNPL as a payment option after adding items to a shopping cart and checking out. If the shopper selects BNPL, they are directed to a BNPL service provider. After verifying the user, the service provider extends an interest-free line of credit to the consumer. The payment process involves scanning a QR code, using the phone to confirm the transaction, or entering a one-time password sent to the phone. Figure 1 illustrates the flow of control.