Seamless ID validation to limit BNPL fraud: Interview with Uri Arad and Shmuli Goldberg from Identiq
By Gaia Lamperti
Buy Now, Pay Later (BNPL) is one of the fastest-growing verticals of the FinTech industry, with more than 17 million customers in the UK only having used this solution, the sector now accounts for 2.6% of global e-commerce sales.
Yet, when its popularity skyrocketed in the last couple of years, growth in fraud was inevitable. BNPL customers quickly became an easy target for fraudsters due to the lack of scrupulous background checks during the checkout phase.
Fraud in BNPL rose by 66% YoY in 2021, urging both merchants and consumers, as well as FinTechs themselves, to take action. Information security company Identiq offers a service that, by improving the onboarding and authentication of new users, could rectify the majority of existing security gaps in the service.
IBS Intelligence sat down with the company’s Co-Founder Uri Arad and the Chief Marketing Officer Shmuli Goldberg to discuss the fraud threats facing BNPL transactions and how a more effective ID validation process could offer a solution to the issue.
What does Identiq focus on?
Shmuli Goldberg (SG): In a nutshell, Identiq has built the world’s largest peer to peer network that enables banks, payment companies, BNPL companies, retailers or anyone else who needs to validate their users a platform that allows them to validate off each other’s databases without sharing or exposing any data whatsoever.
So, let’s say you are based in London and tomorrow, you went to sign up for a Monzo account; they would need to make sure that you’re exactly who you say you are. The old way is that they would get you to send them multiple pieces of identification, maybe even do a selfie check and a bunch of other things. But the irony is that there are many different companies out there that already know you, trust you and have built relationships with you. This could be everything from food delivery apps to airlines to gaming or dating apps or one of the hundreds of retailers you probably interacted with over the last year. So, what we enable Monzo to do in this case is to understand who else on the network knows that you are a real person and the details you are providing really belong to you, without showing or exposing any of your data.
What are the advantages that this smoother identification process offers?
SG: There are three main values that this brings to the businesses themselves. Firstly, they no longer have to treat everyone as a potential fraudster and create barriers for new customers, creating friction and potentially leaving money on the table. Instead, 99% of good users can be vouched for very quickly, removing many extra steps they put in. Secondly, it’s much more accurate, and it has fresher data constantly updated, unlike a database that can be days or weeks or years out of date. Not only can we tell you that a credit card is real, but also if it has been seen linked to this name before and when it was last used. And the third thing is that, because we share absolutely no data and at no point, your personal information or sensitive business information is actually sent through the network, it’s much more private. It’s a whole new bar of end-user privacy.
One of the areas of FinTech most exposed to fraud when it comes to lack of identity checks is Buy Now, Pay Later (BNPL). The sector has seen a 65% YoY growth in fraud. How does that happen?
Uri Arad (UA): The exposure to fraud in BNPL is strongly connected to what the solution offers, which is a short-term line of credit that you can apply for and receive with very minimal friction as part of checkout. This is why, unlike a typical credit application, it cannot be like a long process that takes multiple steps and may take a couple of days for the issuer to decide. Also, from the issuers’ side, they have a very low level of risk, as they get paid by the merchants themselves. The result is a very lightweight approach that focuses on user experience and provides that credit quickly with minimum fraction. That is precisely why fraud is so prevalent. If users were required to identify themselves strongly, most likely conversions of those solutions would drop significantly.
One of the most common ways for fraudsters to take advantage of the system’s faults is to apply for credit on someone else’s behalf, given how limited the identity tests are. The second typical pattern is standard ATO techniques, like guessing passwords, brute-forcing passwords or phishing approaches to take over the account of someone who a BNPL provider has already approved.
Yet, how do we ensure that, while implementing extra ID checks, the customer experience remains frictionless, which is precisely what BNPL is successful at?
SG: This would very much depend on the identity solution itself. If you’re using a tool like Identiq, it adds no additional friction to the customer, and it’s completely transparent. It actually minimizes that level of friction and removes a lot of those unnecessary layers that are often put in front of good users.
I can give some examples of how an identity solution like ours actively stops malicious activity when the fraudster is looking to make a purchase. Generally, they never use their own identity, so they are either using a brand-new identity by setting up a new email or something called a ‘synthetic identity.’ This is when they take parts of a real identity, like a current email address or even a credit card that is known and trusted, and they mix that with other data points.
The first case is relatively simple because, when somebody creates a brand-new email address, Identiq’s members can check across the network if the identity is accurate, and usually, there should be hundreds of companies that can vouch for that. But if nobody has ever heard of this email, or maybe they’ve only seen it 3 times in the last 24 hours, this is a very strong indicator that what you’re looking at is a quickly produced fake identity that does not have a history online. Amazingly, this process happens typically in under 2 seconds, and it can stop the fraudsters straight away.
Synthetic identities, instead, are a much harder fight for the industry. Most companies struggle because there are indeed parts of an authentic identity there. But this is actually where Identiq is the strongest because we can cross-check whether the person is real and if the data points presented match. The companies we rely on in our network, from the delivery services to the streaming platforms, can check if the name, credit card, IP address, and email address of that supposed identity all match each other.
UA: The traditional methods of validating identities might be less fitting for the demographics that a shot line of credit like BNPL attracts. The people who actually need it are most likely to be younger people or undocumented, unbanked, underbanked people. These are also the people who are sometimes less easily identifiable through things like voter registration or proof of residence. So, with Identiq, we’re also looking at these customers and making it easier for them to access FinTech, which can offer them better financial opportunities and inclusion.
The industry is now starting to call for more regulatory scrutiny in the BNPL market. Do you expect this to help limit or prevent fraud risks at all?
SG: It’s a tough one. There’s definitely a need to be more regulation in this space. Still, the challenge is that once the regulation comes from an outside body instead of from the industry itself, there’s always a disconnection.
When you wait for a government body that doesn’t fully understand the business, its economics and the fraudsters themselves to come and put some regulations in place, such as credit checks for every single user, then you stifle innovation and hurt the companies much more than helping them.
Speaking from our end, we’ve always believed in collaboration within the industry. In fact, we own a peer-to-peer network, and we say it ourselves that we have no data of our own. We believe that when companies collaborate, they can solve problems more efficiently and more effectively than if they’re waiting for regulations to come in place. So, I think that companies have to get in front of this issue before forcing the hand of legislation to make decisions that are not in their best interest.
IBSi FinTech Journal
- Most trusted FinTech journal since 1991
- Digital monthly issue
- 60+ pages of research, analysis, interviews, opinions, and rankings
- Global coverage