Buy now, pay later (BNPL) has gone global, empowering people to set up their payments on a predetermined schedule. It gives people more control over their finances and the convenience of acquiring the goods and services they want on terms they can afford — all after a quick, easy onboarding process.
“We’ve minimized the amount of friction and effort it takes, and that’s what makes it such a beautiful product,” said Neuro-ID CEO Jack Alton in an interview with PYMNTS’ Karen Webster. “But doing that also opens it up to identity and fraud risk.”
Call it the Achilles’ heel of BNPL. Alton said attackers have found that the legacy identity theft techniques they once used to open bank accounts suddenly have a new lease on life. And the “skinny application processes” can leave customers wide open to all manner of more sophisticated fraud and bot attacks.
Underlining his point, Alton rattled off a list of recent attacks his company’s customers witnessed. Just a few weeks ago, a major card issuer was hit by more than 60,000 fake applications in the space of a week, he said. He also saw a publicly traded lender get hit by a fraud attack that originated in Atlanta. And another large merchant onboarding company was hit by three separate fraud rings in three weeks.
“When we look at the fraud ring attacks, we see the frequency and intensity really going up,” he said. “And we’re seeing that once a small hole has been exposed in how someone can sign up for buy now, pay later, that information is getting replicated at scale.”
So it’s reassuring to know that Alton’s company Neuro-ID is working on a solution to the problem that isn’t just making the onboarding process more difficult.
BNPL providers want to keep that initial sign-up experience as painless as possible, he said, so Neuro-ID instead relies on real-time behavioral analytics to monitor the existing onboarding process. Its software looks for telltale signs that might indicate whether the applicant is a good customer or a bad actor. Should any warning signs be noticed, Neuro-ID can suggest that the provider take a closer look at that applicant.
You might also like: Neuro-ID Raises $35M to Improve Fraud Screening for Digital Organizations
Alton likened it to sitting across the table from someone filling out an application form. If, for example, that person has to scratch their name out, or if they can’t remember their Social Security number and have to look it up, that would warrant, at the very least, asking for additional verification.
Neuro-ID’s technology works with existing verification systems, allowing customers to orchestrate those stacks more effectively and screen new applicants more reliably and at scale, Alton said.
When used correctly, it can be a very powerful tool, helping BNPL providers boost conversion rates during the onboarding process.
Alton explained that one provider Neuro-ID works with was using an instant bank verification process that each of its customers would have to go through the very first time they signed up. It served as a powerful screen for identity, and it also meant the provider could assess the applicant’s credit risk by looking at their banking profile. Still, the friction it caused meant that more than 40% of applicants would abandon the sign-up process.
“After using our technology ahead of that painful verification point of friction, it was a kind of one-size-fits-all for everyone,” Alton said. “So they were able to fast-track a significant population of new applicants for this payment type, and we saw it double its conversion rate without an increase in bad debt or fraud.”
Another major advantage of behavioral analytics is that it doesn’t just look at the behavior of individuals but also an entire crowd of users. Alton said Neuro-ID could look at the behavior of previous bot attacks on other customers – and if it sees similar patterns repeat elsewhere, it can serve as a kind of early warning system against large-scale bot attacks.
This “crowd-level behavioral analysis” can also help providers understand the reason behind a sudden increase in traffic velocity. Alton related how one of his customers once ran a TikTok marketing campaign that resulted in its traffic levels blowing up to such an extent that all of its security alarm bells were ringing. The problem was the marketing team forgot to inform the security team of the campaign, Alton said.
“Without our technology, they probably would have shut down that entire flow of new customers,” Alton said, explaining that the traffic was indeed genuine. “So the need to understand crowd-level behavior is becoming more and more important.”