A series of coordinated smash-and-grab thefts in the San Francisco Bay Area dominated our news feeds at the start of the 2021 holiday season. Dozens of people stormed San Francisco’s Louis Vuitton store and a Nordstrom in nearby Walnut Creek, emerging with handfuls of luxury items valued at more than $100,000. These attacks, according to law enforcement, were organized on social media and committed by people who didn’t know each other.

There is now a digital version of this organized retail theft — and it is silent, nameless, and faceless — and it uses a new type of process called BNPL. BNPL (buy now, pay later) is a type of installment loan that lets you make purchases online and pay them off in weekly, bi-weekly, or monthly installments. This shopping method has become massively popular in the U.S. and Europe. BNPL services are growing at a rate of 39% per year, and even PayPal, Amazon, and Square are getting in on the action and acquiring existing BNPL companies in multi-billion dollar deals. While shoppers can more quickly get their hands on Xbox gaming systems, laptops, and expensive purses, BNPL has opened the door for potential fraudsters who pay just the 25% base value for a product and avoid paying the rest.

BNPL fraud: Account takeovers, fake accounts, and digital flash mobs

BNPL fraud occurs in several different ways. During an account takeover, fraudsters gain access to an existing BNPL customer’s account and make unauthorized purchases. Fraudsters also open fake BNPL accounts using someone’s stolen identity. What helps fraudsters and hurts consumers are BNPL’s lax identity and verification processes. Often BNPL providers rely on data, internal algorithms, or soft credit checks to determine a person’s creditworthiness. This means they can miss critical fraud indicators, such as an address or phone number that doesn’t match with the applicant. In addition to account takeovers and fake accounts, fraudsters can join together to make purchases. Groups of bad actors spread across different geolocations and network addresses can attack at the same time. You can see 100 people log in and buy $600 consoles for just 20-25% of the product’s value — and there is no previous data that connects these people. Fraudsters within this digital flash mob then turn around and sell these items at full market value.

BNPL fraud represents a new challenge for traditional banks that offer their own BNPL offering; it’s basically an instant loan application, at the point of sale, minus the credit check. This means banks will absorb the losses of any fraudulent loans. Banks pay merchants up front for consumer purchases, meaning they risk losing up to 100% of a loan’s value through fraud. Also, a fraudster could open a new account at the same bank under a synthetic identity, obtain a credit card, and start making purchases. Then the fraudster defaults on payments, resulting in a total loss. Enterprising fraudsters can also enlist helpers to test stolen credit card numbers on a mobile app. If a stolen card number worked to make a small purchase, it could then be used to make much larger purchases.

Graph can spot markers of fraud

As more people use BNPL, the risk of fraud increases. During the 2021 holiday season alone, almost 40% of people used BNPL financing such as Affirm or Klarna to pay for holiday gifts. How can BNPL providers safeguard their automated digital processes? First, providers can enact more stringent identity verification — during account opening and checkout. They can also use machine learning technology to identify unusual purchasing activity that may be linked to fraud. Graph analytics is a set of analytic techniques that highlights how entities such as people, places, and things are connected to each other. Graph identifies connections, relationships, and patterns. Financial services institutions and credit card providers use graph to detect potential fraud — during the application process as well as when purchases are made. When a person applies for a credit card, for example, graph can closely examine features of his or her application. Are there other applications that share the same email/phone/address/device? What is the number of shortest paths and connections/hops from the input application to a blacklisted application? Graph can assign each part of the application a different weight to generate a fraudulent path score. The credit card provider, armed with this score, can predict the risk of a single application — all in real time.

We can similarly apply graph to BNPL scenarios to proactively “catch” fraud during the actual attempt rather than after the fact. Consider this scenario: John fills out and submits a BNPL application. Meanwhile, the BNPL provider pushes his data into the graph, queries are run, and relationships highlighted. The graph analysis spits out a score. A low score means high risk, while a higher score is likely to be approved. This can all be done in real time if the BNPL provider links the graph database with their other algorithms. Behind the scenes, graph will analyze various data points, such as John’s name, address, social media accounts, IP address, email address, and date of birth. Are John’s name and date of birth associated with fraudulent applications? Has the IP address been used for multiple (fraudulent) applications in the recent past? Is John even the person he claims to be?

Preventative quality control

Banks can use graph analytics to examine the totality of customer behaviors to find potentially fraudulent BNPL loan applications at the point of sale. This way, a credit request is denied before the fraudster gets their hands on the merchandise. Additionally, graph analytics (aka link analytics) ensures there are no ties between applicants and prior fraud cases or organized fraud rings. 

Graph detection can be done natively if data is stored in a graph database, but graph algorithms can also be applied on data not stored in a graph format — although in these cases queries can be slow and the results incomplete. Several libraries of graph algorithms exist for detecting and scoring relationships between people, places, and events. For a public graph algorithm library, the go-to answer is NetworkX. There are also libraries provided by some of the graph database providers.

If data is constantly refreshed and updated, then real-time analytics allows an organization to find hidden patterns within the data before any transaction or credit application is approved. As BNPL providers rely so heavily on data to grant or deny a person’s loan, these companies need access to the most accurate data results available. Basically, better real-time data yields fewer successful fraudulent transactions. The implications of this are huge for BNPL providers, who have historically suffered the brunt of fraud as the cost of doing high-volume business. Less fraud, in turn, translates to fewer customers being inconvenienced as they wait for their money to be returned after a chargeback.