Buy Now, Pay Later (BNPL) is global, enabling people to set up their payments on a pre-set schedule. It gives people more control over their finances and makes it easier to get the goods and services they want on terms they can afford – all after a quick and easy setup process.
“We’ve reduced the amount of friction and effort it takes, and that’s what makes it such a great product,” Neuro-ID CEO Jack Alton said in an interview with Karen Webster of PYMNTS. “But doing so also opens him up to identity and fraud risks.”
It’s called the BNPL’s Achilles heel. Alton said attackers discovered that ancient identity theft techniques they once used to suddenly open bank accounts are having a new impact on life. And these “minimal apps” can leave customers wide open to all kinds of fraud and more sophisticated bot attacks.
Read more: Why merchants’ biggest fraud problem isn’t consumer payments
Emphasizing his point, Alton pulled out a list of recent attacks his company’s clients have witnessed. He said that just a few weeks ago, a major issuer of cards was exposed to more than 60,000 fake apps within a week. It also saw a publicly traded lender undergo a scam attack that originated in Atlanta. Another large commercial airline on board was hit by three separate fraud episodes in three weeks.
“When we look at fraud loop attacks, we see that the frequency and severity really escalate,” he said. “And we’re seeing that once we spot a small gap in how someone signs up to buy now, and pay later, that information is replicated widely.”
So it’s reassuring to know that Alton’s Neuro-ID company is working on a solution to the problem that doesn’t make the setup process any more difficult.
BNPL providers want to keep the initial recording experience as painless as possible, he said, so Neuro-ID instead relies on real-time behavioral analytics to monitor the current setup process. Its software looks for telltale signs that may indicate whether an applicant is a good client or a bad actor. If any warning signs are noticed, Neuro-ID can suggest that the provider take a closer look at that applicant.
You may also like: Neuro-ID raises $35 million to improve fraud screening for digital organizations
Alton likened it to sitting across the table from someone filling out an order form. If that person, for example, had to clear their name, or if they couldn’t remember their Social Security number and had to look it up, that would involve, at the very least, an additional verification request.
Neuro-ID technology works with existing verification systems, allowing clients to organize those stacks more effectively and screen new applicants more reliably and at scale, Alton said.
When used correctly, it can be a very powerful tool, helping BNPL providers increase conversion rates during the setup process.
Alton explained that one of the providers Neuro-ID works with was using an instant bank verification process that each of their customers had to go through the first time they signed up. It served as a powerful screen of identity, and this also meant that the service provider could assess the credit risk of the applicant by looking at his bank file. However, the friction this has caused means that more than 40% of applicants will abandon the registration process.
See more: Deep Dive: How Organizations Can Use Behavioral Analytics to Reduce False Positives and Cyberattacks
“After using our technology before the painful checkpoint of friction, it was kind of a one-size-fits-all,” Alton said. “So they were able to quickly track a large number of new applicants for this type of payment, and we saw that it doubles the conversion rate without increasing bad debts or fraud.”
Another major advantage of behavioral analytics is that it not only looks at the behavior of individuals but also on an entire crowd of users. Alton said Neuro-ID can look at the behavior of past bot attacks on other clients — and if it sees similar patterns recur elsewhere, it could serve as a kind of early warning system against large-scale bot attacks.
This Audience Level Behavioral Analysis can also help service providers understand the reason behind the sudden increase in traffic speed. Alton recounted how one of his clients once ran a marketing campaign on TikTok that blew up traffic levels to such an extent that all security alarm bells sounded. Alton said the problem was that the marketing team forgot to inform the security team of the campaign.
Explaining that the traffic was really real, Alton said, “Without our technology, they probably would have shut down this whole influx of new customers.” “So the need to understand behavior at the audience level is becoming more and more important.”