BNPL Fraud: What to Know if You Use These Apps

Buy now, pay later (BNPL) apps and services are getting more and more popular. They have plenty of uses, whether you want the flexibility to not have to pay all at once or need to make a big purchase right away but don’t have the money up front. You can find BNPL options among the payment method choices in many online shops . But scammers and fraudsters like to be where money is. And a rise in BNPL apps also means a rise in BNPL fraud. In fact, scammers are already boasting on Telegram about exploiting BNPLs for a profit. If you use these apps – and even if you don’t – here’s what you need to know. BNPL stands for Buy Now Pay Later, and it does exactly what it says. Most apps divide your total purchase into four equal payments. So you don’t have to pay the entire cost up front. Instead, you pay a quarter of the total cost, and then make three more payments on it. Some of them may divide it into more than four payments or even let you postpone your first payment so you pay nothing up front. This depends on the BNPL service you’re using and the amount of your purchase. If you’ve seen advertisements (or used) services like Affirm, Klarna, or Afterpay, you’re at least a little aware of BNPLs. They often offer no fees and no interest on your purchase as well (as long as you make payments on time – over half of BNPL users have made at least one late payment, which often results in additional fees). This can be really appealing if you want to make a purchase and don’t have the money up front and you don’t want to pay interest like you would have to on a credit card. BNPLs are particularly susceptible to fraud and scams, for a lot of reasons. One is that they’re popular. As these apps are increasingly being accepted for a wider variety of purchases, the number of people using them is going up. Which means that there’s a lot of money going through these services. And wherever money is, criminals aren’t far behind. Another reason is that it’s a fairly new technology. That means that developers are still working out the details, and there’s lots of opportunities for criminals to come up with new kinds of BNPL fraud that nobody has thought to defend against yet. And BNPLs offer quick approval with no credit check. The companies claim they have extensive checks in place to catch fraud, but just like everywhere, it still gets through. There also aren’t a lot of regulations yet. Many BNPLs are even attempting to avoid regulations that do exist. The Truth In Lending Act is meant to protect consumers in matters related to loans and debt. But it only applies to loans that have five or more payments – which is why many BNPLs break your purchases into four payments. BNPLs also represent just another area of the average consumer’s attack surface – the different methods and channels criminals can use to attempt to scam and defraud you. Criminals love BNPLs because they’re easy to use, there are no credit checks, and they can get approved and start spending on your dime in seconds. And since they’re structured so that there’s a delay in paying for the purchase, victims may not find out that the BNPL fraud happened until the criminal is long gone. There are a variety of different ways that criminals can exploit BNPLs to make a profit and leave you holding the bag. These are some of their most common tactics. Plain old identity fraud is alive and well on BNPLs. Just like a criminal can steal your identity to open a credit card or get a loan in your name, they can also do it to open a BNPL account and rack up charges. They get whatever they’ve purchased, which they can then resell for a profit, and the debt is in your name. Regular identity fraud steals a specific person’s identity. But synthetic identity fraud steals bits and pieces of information from real people to create a composite identity. That identity doesn’t belong to a real person, but since the information came from real people, it looks legitimate. From there, the strategy is the same as regular identity fraud. They create an account, make purchases, and never intend to pay it back. And because the identity is fake, the real criminal is hard to trace. This type of BNPL fraud is pretty simple. The criminal gets your BNPL account login information from somewhere. They could buy it on the dark web after it was compromised in a data breach , use phishing to get you to enter it into a fake website , or use social engineering to trick you into handing it over. Once they have access to your account, they can buy products to resell for a profit, and the app expects you to pay. Most BNPL apps require a quarter of the total charge to be paid up front. Even though criminals can resell their purchases for more than that, they still don’t like putting up money. So Trojan horse fraud combines other types of BNPL fraud to make sure victims pay everything. This type of fraud requires two BNPL accounts. The criminal can get these by any of the previous methods. They use one account to buy things and the other account as the payment method. This way, they can “pay” the partial charge up front to get the item while not needing to put up any of their own money. Instead, it’s the owner of the second BNPL account who gets the bill. If you have a BNPL account, protect it from fraud by securing it as much as you can. Use a long, strong, random password, and make sure it’s one that you’ve never used anywhere else. (A password manager can help with this.) Turn on two-factor authentication . Set it to an app or security key if you can, but even SMS authentication is more secure than nothing. If you have the option to turn on passkey security , do that, too. (A password manager can also help you manage passkeys.) Also see what kind of alerts are available. If you have the option to get notified immediately every time there’s a login or purchase on your BNPL account, enable that. This will let you know immediately if someone has access they shouldn’t. Also regularly check your account activity for things you didn’t do. If you can, consider using credit cards instead of BNPLs where you can. Credit cards do have interest fees, but they also have a lot more consumer protections if someone gets unauthorized access. If you can pay it off in the same amount of time, you could consider the interest you pay to be a fee for peace of mind. Whether or not have a BNPL account, you should be on the lookout for signs of identity fraud. Check your credit score regularly, consider freezing your credit , and don’t forget to pull your kids’ credit reports , too – criminals love children’s blank credit histories. And always be wary of phishing and social engineering tactics. Avoid clicking links where you can and never give out credentials or identity information if you can avoid it. This will help protect you from all kinds of fraud, not just BNPL fraud.