Reviewed by Mayer Hyman, Payments Specialist | Reviewed for accuracy July 2026
Key Takeaways
- BNPL providers originated $156.7 billion in consumer credit in 2025, with “Pay in 4” plans up nearly 80% since 2023 (Federal Reserve FEDS Notes, 2026).
- BNPL’s rapid, low-friction checkout is exactly what makes it attractive to shoppers, and exactly what makes it a target for fraudsters.
- The two main BNPL fraud types are synthetic identity fraud and account takeover (ATO) fraud, each requiring different detection approaches.
- The strongest defense combines rules-based fraud tools with machine learning, since static rules alone tend to be reactive rather than proactive.
Why BNPL Growth Comes With a Fraud Problem
BNPL growth comes with a fraud problem because rapid, low-friction checkout that appeals to consumers is the same feature that appeals to fraudsters. As inflation and economic uncertainty push consumers to stretch their budgets, more ecommerce platforms offer buy now, pay later (BNPL) financing to make purchases feel more manageable, and that growth raises the stakes for fraudsters right alongside it.
BNPL providers originated $156.7 billion in consumer credit in 2025, and “Pay in 4” plans specifically grew nearly 80% since the Consumer Financial Protection Bureau’s 2023 measurement (Federal Reserve FEDS Notes, 2026). That kind of volume growth is exactly what draws sustained fraud pressure: bigger, faster-moving markets are harder to monitor closely, and BNPL’s appeal to consumers, minimal friction, near-instant approval, is the same feature that makes it appealing to fraudsters.
Read on to find out why BNPL schemes are such an attractive target, how machine learning fits into fighting the resulting fraud, and what merchants can do to mitigate fraud attacks and protect their customers.
The State of Play for Consumers, Merchants, and Fraudsters
BNPL platforms make it easy to shop and easy to lose track of rising balances. This form of financing offers installment plans: a purchase is typically divided into multiple equal payments, with the first due at checkout, and the rest billed to the customer’s card until the purchase is paid in full, sometimes with interest rates reaching into the double digits.
As BNPL lending has grown, fraud has followed the money. Popular BNPL platforms have repeatedly reported rising fraudulent activity as adoption climbs, and the market’s continued growth, now well over $150 billion a year in originations, gives fraudsters a bigger and more attractive target every year.
That pressure keeps IT and risk teams looking for better tools, and the industry has increasingly turned to artificial intelligence and machine learning to strengthen existing fraud management. The catch is that fraudsters are adopting the same technologies for their own purposes.
Related: “Why Buy-Now-Pay-Later Is a Boon and a Bust In the Fight Against Chargebacks”
What Is BNPL Fraud?
BNPL fraud occurs when criminals use stolen information to create fake accounts, or take over existing accounts in what’s known as account takeover (ATO) fraud. BNPL is vulnerable partly because checkout on many BNPL platforms lacks sufficient identity verification, and partly because of its structure: since payments are spread across several transactions, there’s more surface area for cybercriminals to exploit.
Synthetic Identity Fraud
With synthetic identity fraud, scammers combine pieces of stolen data to create a false identity, then use that identity to buy goods through a BNPL provider, often paying just the first installment to get the product before disappearing. This type of fraud is considered one of the fastest-growing forms of financial crime in the United States, according to McKinsey & Company.
Account Takeover (ATO) Fraud
ATO fraud occurs when a criminal obtains the login credentials for a BNPL account, either by buying stolen data on the dark web or through a phishing attempt that tricks the account holder into revealing it. Once the fraudster has access, they’re free to rack up charges until the account owner notices their account has been hijacked.
What Can Merchants Do to Protect Themselves and BNPL Account Holders?
Businesses have to balance their own security with protecting users from fraud and a bad payment experience. Part of the reason BNPL is vulnerable is that BNPL firms often bypass the formal credit checks that traditional banks and card issuers rely on.
Fintech BNPL providers are typically fast-growing, early-stage companies, with fewer legacy security controls than banks that have been managing fraud risk for decades, which makes them an attractive target. Their popularity compounds the problem: it’s easier for fraudulent activity to go unnoticed inside a large, fast-moving pool of applicants.
So what can merchants do to make sure BNPL isn’t a weak link in their fraud management? The strongest approach combines rule-based technology with artificial intelligence and machine learning.
For more on machine learning, read “Machine Learning 101—What Merchants Need to Know About Fraud Protection“
Choosing Fraud Management Software
The fight against fraud for most ecommerce merchants starts with fraud management software. Many payment providers integrate fraud technology directly into their solutions. Unless a merchant has an expert IT team devoted specifically to fraud management, it’s usually faster and more effective to work with a solutions provider whose tools are already built and tested.
Why Machine Learning Technology Matters
Static or rule-based fraud protection systems, like card verification, IP geolocation, and 3D Secure, were the first generation of fraud detection technology. They’re still useful, but they tend to be reactive rather than proactive, meaning they’re always racing to catch up with fraudsters who are skilled at working around fixed rules.
Machine learning systems are designed to be proactive. They adapt in real time to the data they receive, with little human intervention, refining what they flag as anomalies and triggering preventive action as patterns emerge. These systems can also draw on large volumes of transaction data to sharpen their detection over time.
The strongest fraud management systems combine rules-based technology and machine learning. They apply multiple layers of protection and integrate easily into existing systems.
Bottom Line for BNPL Fraud
Fighting BNPL fraud, or fraud generally, doesn’t have to drain a merchant’s time and revenue. In fact, most merchants should only manage fraud detection entirely in-house if they have a dedicated team of machine learning and rules-based systems experts, and even then, it can pull focus from core business priorities.
The more practical option for most businesses is to work with a payments and fraud management provider that already integrates fraud management into its services, which simplifies day-to-day operations. Cartis Payments pairs a suite of chargeback and fraud prevention tools with its payment processing, giving merchants a way to fight BNPL fraud and protect both their customers and their business.
FAQ
How big is the BNPL fraud problem?
BNPL providers originated $156.7 billion in consumer credit in 2025, with “Pay in 4” plans growing nearly 80% since 2023, according to the Federal Reserve. That rapid growth in transaction volume has made BNPL a growing target for both synthetic identity fraud and account takeover fraud.
What’s the difference between synthetic identity fraud and account takeover fraud in BNPL?
Synthetic identity fraud involves a fabricated identity built from stolen data pieces, used to open a new BNPL account. Account takeover fraud involves a criminal gaining access to an existing, legitimate customer’s account credentials and using it to make unauthorized purchases.
Why is rules-based fraud protection alone not enough for BNPL?
Rules-based tools like card verification and geolocation are reactive, they catch known patterns but struggle against new tactics. Machine learning adds a proactive layer that adapts to emerging fraud patterns in real time, which is why the strongest systems combine both approaches.






