As BNPL continues to grow in popularity, merchants continue to offer it as an online payment alternative in response to the demands of consumers—especially younger ones. A new blog post from data security technology provider Imperva explicitly ties account takeover (ATO) fraud to BNPL.
Imperva recently reported the results of an analysis that found ATO attacks rose 148 percent in 2021. For U.S. merchants the problem is especially acute, with 55 percent of total global ATO attacks occurring there.
Imperva’s new blog post notes the weakness of new technologies—especially in payments—regarding fraud. Bad actors always attack vulnerabilities and, because it is new, BNPL can be poorly understood, weakly secured and, at this point, is loosely regulated. As such, Imperva says it is a ripe target for fraud and the most common way criminals are attacking it currently is via ATO.
“This can either be done by taking over the BNPL account directly, or by taking over a user account with a business that is authorized to charge their BNPL account; like an online retailer for example,” the post says. “This creates an even bigger attack surface and allows fraudsters to act with more flexibility.”