Buy now, pay later (BNPL) is extremely popular, especially among traditional, credit-protected Millennials and Generation Z consumers. With transaction volume of $680 billion by 2025 up for grabs, both fintech startups and long-standing financial institutions are jumping into the mix with their own offerings.
But as we’ve seen with other emerging technology trends, rapid growth brings new challenges.
While many industry experts would point to the Consumer Financial Protection Bureau (CFPB)’s recent survey of BNPL suppliers as the biggest headwind in the industry, there is another area that regulators and industry players should be concerned about. have to do: fraud. Cybercrime often acts as a barometer of economic trends, and as the BNPL market continues to rise, fraudsters are making a profit.
Rather than delegating their activities to dark web marketplaces, scammers hide in plain sight on encrypted messaging apps. They collaborate through publicly available forums on these platforms to attack BNPL providers with new tactics.
The only way to stay ahead of these scams is if BNPL vendors make sure they have the right defense strategy in place to fight fraud on their own platforms and networks.
Payment fraud is becoming mainstream and anyone with an internet connection can participate. But instead of hoping that platforms will remove these fraud forums from their services, BNPL providers and the merchants who use them can fortify their own properties by understanding exactly how they are at risk.
So, what do these new fraud methods look like and how can providers protect themselves against them? Let’s dive in.
The Dark Web vs. the Deep Web: The Rise of Fraud as a Service
Home to cybercrime for years, the dark web has become an oasis for scammers looking for compromised information. However, with the recent crackdown on dark web marketplaces, cybercriminals have turned to new and under-the-radar hubs to commit illegal activities.
Malicious actors have set their sights on secure messaging apps, such as Telegram, to carry out their illegal activities. Part of the deep web, which is not indexed by search engines, secure messaging apps are a haven for professional criminals who want to remain anonymous.
Within these forums, fraudsters have developed their attack strategies. Rather than just buying and selling access to information, cyber criminals have started promoting fraud as a service.
One example is a Telegram scheme where cybercriminals steal from restaurants and food delivery services. By promoting their ability to purchase food and drink orders with stolen information (e.g. login details or credit card numbers), they offer opportunistic diners a meal at a deeply discounted rate.