Buy Now, Pay Later Scams

Stu Sjouwerman | Mar 28, 2022

Buy Now, Pay Later ScamsFraudsters are taking advantage of the buy-now, pay-later (BNPL) payment model, according to Jim Ducharme, COO of Outseer. On the CyberWire’s Hacking Humans podcast, Ducharme explained that scammers can either impersonate victims or take over their accounts in order to make fraudulent purchases.

“In some cases, you know, it's really what's old is new,” Ducharme said. “Attackers are using a lot of the same techniques they used before, either account takeover or, in some cases, a new type of fraud called synthetic identity fraud. And what that really is, in synthetic identity fraud, when a fraudster goes to check out, they'll use social engineering or other means to basically steal somebody's identity and pretend to be you and just have the merchandise shipped to them. So, we see this quite a bit where, you know, somebody creates an identity or uses a synthetic identity to pretend to be somebody, get that installment plan, purchase the goods and services, and then by the time fraud is detected, the rip-off has already happened, if you will. In the case of account takeover, you know, again, a similar sort of thing where people are stealing credentials or ways to get into an account so that they can again enable this new way to pay and basically steal those goods and services using somebody else's account or identity.”

Ducharme added that these BNPL providers may also be more susceptible to fraud because they have less experience than traditional credit card companies.

“With your credit card, as you probably know, the consumer is typically not responsible for the fraud, and the credit card company's responsible for that,” Ducharme said. “And so they've put a number of controls in place to help prevent fraud and mitigate that risk. And so what we're seeing is in - you know, with these new buy-now, pay-later methods, you know, we have to look at those same things. And in these cases, these buy-now, pay-later companies are typically going to be held liable to that fraud. But, again, some of the newer companies don't necessarily have the decades of fraud prevention capabilities in place or even the sophistication of the new attack patterns of, you know, fraud at the point of an account enrollment versus what we're typically, you know, what we've traditionally done for fraud prevention at the point of a transaction.”

New-school security awareness training can give your employees a healthy sense of suspicion so they can avoid falling for social engineering attacks.

Build Your Custom Security Awareness Program in 5 Minutes

Many IT and security professionals struggle to build a security culture program that actually changes behavior. Answer seven quick questions about your organization’s goals, compliance needs, and culture to automatically generate a customized roadmap based on industry best practices, complete with actionable tasks and a scheduling calendar.

Create Your Free ASAP Roadmap

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.