For as long as most people have been paying bills and shopping, using credit cards has been the only option outside of cash for purchasing power. As a chief information security officer at Beyond Finance (CISO), I’ve seen many options. Using credit cards has always been an acceptable risk because of today’s encryption and fraud prevention technology; however, another option is emerging in the digital channel–buy now, pay later (BNPL) services.
When the pandemic forced a national quarantine, Internet shopping skyrocketed 230% in year-over-year sales–$21 billion alone in 2021, all from leveraging buy now, pay later services.
With the popularity of BNPL shopping, the Consumer Financial Protection Bureau (CFPB) issued some orders for the debt resolution industry. The focus allowed them to collect information on potential risks and benefits of this market and their popular serv—fear of the unknown in action.
Buy Now, Pay Later spiked in popularity because of the Coronavirus pandemic, but not because of the illness. During the height of the uncertainty, rampant unemployment spread to 14.8% in April 2020, the highest since 1948.
Americans still wanted to buy things for their families but may not have had the resources. That’s why Buy Now, Pay Later created possibilities and shortcuts. Unfortunately, old opportunities to take advantage of that service–and those using it–abound where new technologies exist. If you aren’t familiar with BNPL, or have used it but are unsure about them, let’s see how you can protect yourself from cyber theft and attacks.
Typically, these buy now, pay later programs to have two categories–quick pay and long-term commitments. Some items cost $1,500 or less. For those purchases, Buy Now, Pay Later programs to provide consumers up to six weeks to pay for the item. Customers are often given four equal installments. Then, there are more expensive items that BNPL kicks in interest and spreads the payments up to 48 months.
It’s convenient. It’s easy to understand. It’s easier on the pocketbook. Yet, is that safe? The cybersecurity concern is a higher probability of data breaches and data theft. Most retailers have thousands of consumers. There isn’t enough storage, so IT purges spending records after 90 days.
However, there are concerns if you have four years to pay for a Buy Now, Pay Later program. For example, your records won’t be purged until you have paid in full. Your records could be completely safe, but cybersecurity is all about–understanding risks and assessing them.
You may be thinking, “What does regulation have to do with cybersecurity?” The answer is “So much.” Unlike the regular creditors, there is little regulation for BNPL companies. For example, they offer “almost guaranteed” acceptance because they don’t publish credit reviews on clients. That removes the stress for many people with sub-700 credit scores. However, loose guidelines also open a door for people with bad intentions.
Suppose credit reviews aren’t required to check identity. In that case, some of those people can set up fraudulent accounts.
Sometimes, they give hackers or threat actors a back door to find a real account with an actual debit card number. This is how they create a BNPL account–otherwise known as account takeover (ATO). With better security come more robust standards.
The Harvard Kennedy School working paper released an editorial about uncovering risk in this new payment system entitled “Grow Now, Regulate Later.”
“Given the rapid adoption of BNPL products in the U.S. and the considerable potential for harm to consumers, near-term consumer protection is essential.”Harvard Kennedy School
If Harvard students know that, so do the hackers. Those are the people taking notes.
Most phishing schemes are connected to fake domains. If you work anywhere, an IT representative has shared that critical information. However, most brands aren’t household names in the Buy Now, Pay Later world, so potential customers may assume a hacker site is authentic.
They look the same. The domains are similar. There is even a place to make a transaction on the website. Why wouldn’t it be real? Well, because that’s what the cyber attackers want you to think.
If it looks like a duck and quacks like a duck, the duck may not exist in the digital world. Fintech companies don’t have the same controlling factors as big banks. That means they could be targets for hackers as well.
These are modified opportunities to help people pay for something over a time that they couldn’t usually afford in one payment. While that is a good thing for many consumers struggling with credit or personal debt, hackers see BNPL systems as a new challenge.
You Can Be Protected
There are risks, not just with BNPL systems but with any new technology. We must be vigilant to protect our PII and strive to keep customer data safe and out of the hands of people who mean to use that for your harm. If you want to use Buy Now Pay Later for yourself, and it makes sense, do it. However, pay attention to the fine print. Don’t be afraid to ask about the security and privacy of your information.
You can take measures to protect yourself with a BNPL account, such as using MFA (Multi-factor authentication). It may seem like a minor obstacle. At times, that’s all it takes to deter a hacker from digging into your information. BNPL is an attractive option because it’s easy. Security is not an area to cut corners. If they do, look elsewhere.
Ask the customer service teams that support these products about their cybersecurity measures and records protection. If the person on the phone doesn’t know, ask for someone who does. You can never be too cautious with your information.
Once you sign, it’s time to abide by the explicit terms of the BNPL company. Know what you are signing and how they will protect you once you do. There is satisfaction and comfort from companies taking the proper approach towards your security and privacy.