In recent years, Buy Now, Pay Later (BNPL) services have surged in popularity, offering consumers an easy and flexible way to shop without paying for everything upfront. With well-known platforms like PayPal and Klarna leading the charge, BNPL has quickly become a go-to payment option for millions around the world.
However, as with any financial service, the rapid growth of BNPL has attracted fraudsters who exploit its vulnerabilities. Understanding BNPL fraud, its various forms how to prevent it has become crucial for businesses and BNPL providers alike.
What is Buy Now, Pay Later (BNPL)?
Buy Now, Pay Later (BNPL) is a payment solution that allows consumers to make purchases and pay for them over time, typically in interest free instalments. Instead of paying the full price upfront, shoppers can split the cost into smaller, manageable payments spread across weeks or months.
As of 2025, 42% of adults have used BNPL services at some point, approximately 22.6 million people. This is up from 36% at the start of 2023. This flexible payment option has gained widespread popularity due to the ease with which consumers can access it, often without the need for a credit check.
For businesses, BNPL presents a way to increase conversion rates and attract more customers by offering an alternative payment method at checkout. Major BNPL providers like PayPal Pay in 3 and Klarna have become central to the eCommerce experience, particularly among younger consumers.
What is BNPL fraud?
BNPL fraud refers to the dishonest practices that involve fraudsters exploiting BNPL services to obtain goods or services without paying for them. According to Experian, BNPL fraud has been steadily increasing as fraudsters have discovered how easy it can be to exploit weaknesses in the system. The inherent flexibility and ease of access to BNPL services make them attractive targets for criminals.
Fraudsters take advantage of a variety of loopholes and flaws in the way BNPL services operate, including identity theft, account takeovers and chargebacks. This rise in fraud is a significant concern, as it not only leads to financial losses but also damages the reputation of the merchants and BNPL providers involved.
How does BNPL fraud work?
At its core, BNPL fraud occurs when a fraudster uses a BNPL service to acquire products or services without the intention of paying for them. The most common types of BNPL fraud are as follows.
Account takeovers
In an account takeover attack, fraudsters gain unauthorised access to an existing user’s BNPL account, often by stealing login credentials through phishing scams, data breaches or malware. Once inside, they exploit saved personal and payment details to make fraudulent purchases, typically targeting high value items that can be quickly resold. These attacks are difficult to detect because transactions appear to come from a legitimate, verified account. Merchants are often left footing the bill when the real account holder disputes the transaction.
Synthetic identity fraud
Synthetic identity fraud involves the creation of a fictitious identity using a blend of real and fabricated personal information. For example, a criminal may use a legitimate national insurance number combined with a false name and address to construct a plausible identity that can pass standard verification checks. This person is then used to open BNPL accounts and rack up debt through fraudulent purchases. Because the identity is partially legitimate, detecting and tracing these cases can be exceptionally complex, making this one of the most insidious forms of fraud.
Refund abuse
Some fraudsters exploit generous return and refund policies offered by merchants. They may purchase items using a BNPL service and then falsely claim the items never arrived or that they returned them, requesting a refund while retaining the goods. Others initiate chargebacks after receiving a refund, resulting in double losses for merchants. This type of abuse is particularly damaging in high volume retail environments where manual oversight of each transaction is limited.
Friendly fraud
Also known as first-party fraud, friendly fraud occurs when a legitimate customer makes a purchase via BNPL, receives the goods or services and later disputes the transaction, claiming it was unauthorised or that the product was never delivered. This tactic is frequently used by opportunistic individuals who understand that the burden of proof lies heavily on the merchant. While it may not involve a criminal third party, the financial impact is no less severe.
Trojan horse fraud
Trojan horse fraud is more calculated and structured. In this scenario, a fraudster may make several small, seemingly legitimate BNPL transactions to build trust and a positive repayment history. Once a favourable credit profile is established, they execute a larger fraudulent transaction, typically purchasing expensive items with no intention to repay. This method is particularly dangerous because it bypasses traditional fraud detection systems that rely on behavioural anomalies, making it harder to flag until it’s too late.
Challenges and considerations for businesses
The rise of BNPL fraud presents significant challenges for merchants, BNPL providers and consumers alike.
Merchants
For merchants, the risks are particularly pronounced. This can hurt a merchant’s reputation, making it harder to build trust with their customers, suppliers and BNPL providers. A customer who falls victim to a scam or has their identity misused during a purchase on a merchant’s platform may lose confidence in that brand’s ability to safeguard sensitive data and transactions.
In addition, if a merchant’s business becomes linked to high levels of BNPL fraud, BNPL providers may view the relationship as risky. This can lead to stricter onboarding conditions, increased transaction scrutiny or, in some cases, termination of partnership agreements. Suppliers and business partners may also become hesitant to collaborate, fearing exposure to reputational or financial fallout.
As public perception matters, a single high-profile incident involving fraud can spread rapidly across social media and review platforms, painting a damaging picture of the merchant’s reliability. This erosion of trust can take years to rebuild and may result in a long term loss of customer loyalty and brand equity.
Beyond reputational damage, merchants may face direct revenue loss. Fraudulent transactions can lead to chargebacks, disrupted sales flows and operational inefficiencies. Additionally, weakened consumer confidence may translate into lower conversion rates and reduced average order values. Combined with increased fraud prevention costs and strained relationships with payment partners, these factors can significantly affect a merchant’s bottom line.
BNPL providers
BNPL providers, in most cases, bear the liability for fraud on their platforms, as they serve as both the payment processor and the lender, making them responsible for authorising transactions. Therefore, managing the credit risk is key. Fraudsters are constantly adapting their techniques, which means that BNPL providers must continuously assess and enhance their fraud detection and risk management strategies. Some of the challenges include:
Credit risk management: Understanding and managing credit risk in BNPL transactions is a delicate balancing act. BNPL providers need to ensure they’re offering credit to consumers who are likely to repay while protecting themselves against fraudulent activities. This involves thorough BNPL risk assessment processes.
Regulations and compliance: With the increasing regulatory pressure on the BNPL industry, businesses must navigate the evolving landscape of BNPL regulations to ensure they comply with legal standards while protecting themselves from fraud.
Customers
For customers, the consequences of BNPL fraud can be far-reaching. Unauthorised purchases may result in financial loss, especially if the funds are difficult to recover. Stolen personal data can lead to identity theft and further exploitation across other financial platforms. Additionally, fraudulent activity can damage a customer’s credit profile, limiting their access to future financing and eroding trust in digital payment solutions.
How to prevent BNPL fraud
Preventing BNPL fraud requires a multi layered approach. Here are the most effective strategies for businesses and BNPL providers to minimise risk:
- Implement strong identity verification: Implement mandatory KYC checks at account creation and checkout, requiring ID, proof of address and biometric verification. For higher risk profiles, apply Enhanced due diligence to add extra layers of scrutiny and ensure legitimacy
- Strengthen authentication: Authentication plays a critical role in stopping fraud before it happens. Implement multi-factor authentication (MFA) at key customer touchpoints, especially during checkout and actions like adding a new payment method or changing account details. This typically involves a combination of something the customer knows (a password), something they have (a device or token) and something they are (biometrics). Leverage tools like one-time passwords (OTPs), biometric prompts or behavioural authentication to confirm identity without compromising the user experience.
- Regular fraud audits and system updates: Regularly audit your fraud detection systems to ensure they are up to date with the latest fraud techniques. Continuous system improvements can help identify vulnerabilities before they are exploited.
- Collaboration with PSPs: Work closely with your PSP to leverage advanced fraud detection tools, real-time monitoring and industry insights. PSPs can help identify suspicious activity, streamline compliance and strengthen your overall fraud prevention strategy through shared data and coordinated response.
- Customer education: Educating customers on the potential risks of BNPL services and how they can protect themselves can help reduce fraud. Encourage consumers to monitor their accounts for unusual activity and report any discrepancies promptly.
- Adopt BNPL regulations and compliance standards: Stay updated with the latest BNPL regulations to ensure compliance and implement safeguards that prevent fraudulent activity. Regulatory bodies are placing increasing emphasis on protecting consumers, which includes mitigating the risks associated with BNPL fraud.
How can emerchantpay help?
At emerchantpay, we help businesses protect their payments and safeguard transactions across all channels, including BNPL, through a comprehensive and flexible payment processing solution. Our platform combines advanced fraud prevention tools, intelligent risk management and real-time transaction monitoring to support you in mitigating fraud without compromising the customer experience.
Our technology is designed to detect suspicious behaviour early and help reduce exposure to threats such as account takeovers, synthetic identity fraud and friendly fraud. We support the detection of suspicious transaction behaviour, such as suspicious declined payments, issuer chargeback activity and other transaction-related anomalies. We work closely with our partners to customise fraud strategies that align with their risk appetite, regulatory requirements and business model.
Our team is committed to supporting you every step of the way, from seamless integration to ongoing optimisation, so you can focus on growth with confidence in the security of your payment ecosystem. Contact us to learn how we can support your fraud prevention goals.