Buy Now, Pay… Never? Rising Fraud in BNPL and How Email Data is Helping Prevent It

Blog
Diarmuid Thoma, VP of Fraud and Data Strategy, AtData
Dec 05, 2024
Blog

The future of BNPL depends on smarter, collaborative approaches to security.

Economic uncertainty, rising living costs, and inflation have made it harder than ever for consumers to manage their budgets, paving the way for the welcome embrace of Buy Now, Pay Later (BNPL) services. Offering ease of use, no-interest payment options, and a way to split costs into manageable installments, BNPL has become a lifeline for shoppers looking to balance affordability with convenience. These services aren’t just reshaping the way people pay—they’re fueling a shift in how consumers approach financial flexibility in an era of strained wallets.

But this widespread adoption comes with a downside. As BNPL usage grows, so too does the risk of fraud. It’s not just BNPL providers feeling the effects—merchants, consumers, and the broader e-commerce industry are increasingly impacted by fraudsters targeting weak points in the system.

With its low barriers to entry and often insufficient identity verification measures, BNPL’s convenience has also made it an attractive target for fraudsters, leaving the industry to grapple with the challenge of balancing accessibility with robust security.

The question is no longer whether fraud will occur, but how effectively it can be prevented.

 

The Explosive Growth of BNPL—and Its Risks

BNPL is reshaping the global payment landscape. A study by Juniper Research projects that BNPL transaction values will nearly double, from $334 billion in 2024 to a staggering $687 billion by 2028. And according to recent estimates from Adobe Analytics, U.S. shoppers are anticipated to spend a record $18.5 billion on holiday purchases through BNPL services by the end of this year.

This growth has been fueled by the promise of convenience and flexibility: consumers can break payments into manageable installments without relying on high-interest credit cards.

But with rapid adoption comes new vulnerabilities. Unlike traditional credit cards, which require rigorous identity verification and underwriting, many BNPL platforms prioritize simplicity and speed—making them a prime target. In the first half of 2024 alone, synthetic identity fraud surged by 26%, according to ACI Worldwide.

Fraudsters exploit these systems by creating fake identities, using stolen or fabricated data to make purchases, and disappearing before payments are due. Alarmingly, social media platforms like TikTok have become hotbeds for fraud-as-a-service (FaaS) schemes, where tutorials and tools for gaming BNPL platforms are openly traded. This isn’t just the work of shadowy criminal organizations—it reflects the growing democratization of fraud.

Increasingly, those participating in these schemes aren’t seasoned criminals but everyday individuals who stumble upon FaaS offerings. Many see it as a clever way to exploit loopholes or score a deal, rather than recognizing it as fraud. This normalization of fraud is especially pervasive among younger generations, who may view it as a low-risk activity rather than a serious offense. With comprehensive guides, tools, and even discounts on fraudulent tactics now easily accessible, fraud is becoming alarmingly mainstream.

Common Examples of BNPL Fraud

  1. Synthetic Identities: Fraudsters combine real and fake information—such as a stolen social security number with a fabricated email address—to create a convincing but fake identity.
  2. Account Takeovers: Using stolen credentials, fraudsters gain access to legitimate accounts and exploit pre-approved BNPL options.
  3. First-Party Fraud: Some users intentionally rack up BNPL debt without any intention of repayment, exploiting gaps in provider verification processes.
  4. Friendly Fraud: Consumers falsely claim they didn’t authorize a BNPL transaction, leaving merchants and providers to absorb the losses.

 

The High Stakes of BNPL Fraud

According to a recent Citi survey, while 90% of U.S. adults feel confident in their ability to detect financial scams, more than a quarter have fallen victim at some point. This gap between perceived and actual awareness highlights just how important it is for businesses to implement robust fraud prevention measures.

For merchants and BNPL providers, the implications are clear. Fraudsters aren’t just stealing merchandise—they’re eroding confidence. For example, working with a BNPL company, we identified they had a fraud rate of 3-4%. While this might seem like a small percentage, it can equate to substantial losses when applied to the billions of dollars in transaction volume the industry processes annually. A single incident can lead to negative reviews, lost customers, and reputational damage that takes years to repair.

Moreover, regularly 1.1% of the traffic for the same company originates from high-risk domains, including disposable, hyper-disposable, and spoofed domains. These types are commonly used by fraudsters to circumvent identity verification processes, highlighting a critical vulnerability in the system.

As Cleber Martins, head of payments intelligence and risk solutions at ACI Worldwide, explains, "The rapid proliferation of AI-driven fraud tactics and stolen data on the Dark Web is escalating threats, making it harder than ever for merchants to distinguish real customers. Merchants should tighten their defenses by harnessing AI predictive modeling to detect threats and using payment intelligence signals to eliminate false positives without disrupting genuine transactions."

 

How Email Address Intelligence Strengthens BNPL Fraud Prevention

Email addresses are central to the BNPL experience—they’re used to create accounts, confirm transactions, and communicate with customers. Fraudsters know this, often exploiting gaps in email verification processes to infiltrate systems. By leveraging email address intelligence, businesses can establish a cost-effective shield to prevent fraud before it happens.

Here’s how email address intelligence can help:

  1. Identifying Fraudulent Accounts Before They’re Created
    Fraudsters commonly use disposable or newly created email addresses to bypass weak verification systems. By analyzing the validity, age, and activity history of an email, businesses can detect high-risk accounts before they’re established. For example, an email linked to a suspicious domain or with no established activity can be flagged for further scrutiny.
  2. Detecting Patterns of Synthetic Identity Fraud
    Synthetic identity fraud—where fake and stolen information is combined to create seemingly legitimate accounts—is a growing issue in BNPL. Email address intelligence can uncover misaligned correlations between other identity points and anomalies in behavior, such as unusual activity across multiple accounts or emails tied to high-risk geographies, providing an early warning signal.
  3. Improving False Positive Rates
    Fraud detection systems with strict protocols can mistakenly flag legitimate customers, causing friction and loss of trust. Email address intelligence helps refine risk assessment by offering additional context at the frontend, such as whether an email has a trustworthy reputation or has been involved in prior fraudulent activities. This allows for better-informed decisions, reducing friction and false positives while still catching bad actors.
  4. Real-Time Monitoring of Account Activity
    Fraud doesn’t stop at account creation. Email address intelligence enables businesses to continuously monitor account email addresses for new unusual behaviors, such as sudden changes in behavioral patterns or IP locations, signaling potential account takeover and allowing businesses to intervene before fraud escalates.

 

Looking Ahead

The future of BNPL hinges on its ability to maintain the trust of consumers and businesses alike while evolving to meet the new challenges fraud presents. As BNPL becomes a mainstay of modern commerce, it’s clear that the industry must shift from reactive fraud prevention to proactive, intelligence-driven strategies.

What’s at stake isn’t just financial loss—it’s the integrity of an increasingly vital payment model. The companies that recognize fraud prevention as a strategic investment rather than a cost of doing business will lead the way in ensuring BNPL’s sustainability. By adopting tools like email address intelligence and fostering collaboration, businesses can strike the balance between security and accessibility that consumers have come to expect.

More importantly, this is a chance to redefine what trust looks like in digital payments—building systems that protect, empower, and evolve with the needs of a hyper-connected world.

 

How AtData Can Help

AtData’s email address intelligence solutions empower businesses to combat fraud with real-time insights. By leveraging email data, AtData helps merchants and BNPL providers detect fraud, strengthen verification processes, and deliver seamless, secure customer experiences.

Learn how AtData can support your fraud prevention strategy.

Tagged:
Blue-tinted background of a man watching a webinar

Host a Webinar with the MRC

Help the MRC community stay current on relevant fraud, payments, and law enforcement topics.
Submit a Request

Publish Your Document with the MRC

Feature your case studies, surveys, and whitepapers in the MRC Resource Center.
Submit Your Document

Related Resources