Buy now, pay later (BNPL) is becoming increasingly popular, especially among conventional credit-conscious millennial and Gen Z consumers. Fintech startups and established financial institutions alike are entering into the mix with their own services, with $680 billion in transaction volume up for grabs by 2025. Rapid expansion, as we’ve seen with other emergent IT trends, brings new concerns.
While many industry observers refer to the current Consumer Financial Protection Bureau (CFPB) investigation into BNPL vendors as the sector’s largest challenge, regulators and industry participants should be concerned about another issue: fraud. Cybercrime is sometimes used as a gauge of economic trends, and as the BNPL market grows, fraudsters are cashing in.
Scammers are hiding in plain sight on encrypted chat applications rather than relegating their activities to dark web markets. They communicate through publicly accessible forums on these networks to develop new techniques to attack BNPL providers. BNPL vendors must ensure they have the necessary defensive plan in place to prevent fraud on their own platforms and networks in order to stay ahead of these schemes.
Payment fraud is becoming more common, and anybody with access to the internet may participate. BNPL providers and merchants that utilize them should protect their own properties by recognizing how they are at danger, rather than waiting for platforms to remove these fraud forums from their services. So, how do these new fraud schemes appear, and how can providers prevent themselves from them? Let’s get started.
For years, the dark web has been a haven for cybercriminals and a haven for fraudsters hoping to gain compromising information. With the recent crackdown on dark web markets, cybercriminals have shifted to new, off-the-beaten-path locations to carry out their unlawful activities. Malicious actors are using secure chat apps like Telegram to carry out their criminal activities. Secure messaging applications are a sanctuary for professional criminals trying to stay anonymous since they are part of the deep web, which isn’t searched by search engines.
Fraudsters have refined their assault methods on these forums. Cybercriminals have begun to pitch fraud as a service rather than just purchasing and selling access to information. A Telegram scam in which thieves steal from restaurants and food delivery businesses is one example. They offer opportunistic consumers a meal at a drastically discounted rate by promoting their capacity to purchase food and beverage orders with stolen information (e.g., log-in credentials or credit card numbers).