BNPL fraud during sales: why January and July are the riskiest months

Each year, the sales record a spectacular peak in fraud: 7.2% fraud rate compared to 4.7% in normal times, or +53%¹.

For the Buy Now Pay Later actors, it's the perfect storm. And fraudsters know it.

In January 2025, losses related to BNPL fraud reached 18 million euros in France during the three weeks of sales².

‍

The 4 types of BNPL fraud during sales

‍

1 - Synthetic identities (40% of cases)

The fraudster creates a false identity by mixing real (stolen) and fictional information. He opens a BNPL account, makes a few small purchases to build a history, then places a large order during the sales and disappears. Example: first purchase €50, second €150, third €800 (iPhone sold out) with default of payment.

‍

2 - Account control (25% of cases)

The fraudster hacks into a legitimate customer's account via phishing or credential stuffing. He changes the delivery address, keeps the billing address to pass the checks, then orders €1,200 worth of paid electronics. The customer discovers the fraud 15 days later.

‍

3 - First-party fraud (20% of cases)

A legitimate customer buys with no intention of refunding. Typical profile: young people aged 18-30 (68% of BNPL users)³), unstable incomes, frequent overdrafts. During sales, they increase impulse purchases with no real ability to repay.

‍

4 - Wardrobing (15% of cases)

Especially common in fashion. The customer buys a piece of clothing, wears it for an event, and then returns it. According to Oneytrust, 10% of fashion returns are abusive, with an average loss of €160K per quarter for a major retailer⁴.

‍

Why sales create the perfect storm

‍

• Volume x3: BNPL transactions tripled in January and July. Fraud teams are overwhelmed.
• Time pressure: “offer valid for 24 hours” creates an emergency. Merchants value conversion over security.
• High value products: electronics -40%, luxury fashion -50%. Easily resold on Leboncoin.
• New customers: impossible to distinguish a legitimate new customer from a synthetic identity.
• New retailers: some activate BNPL only for sales. No historical data.

‍

How BNPL players prepare

‍

Reinforced verification

Alma, Oney and Klarna are tightening controls during sales: biometrics for new accounts, lowered ceilings (€600 instead of €1,500), imposed delivery time (72 hours minimum).

‍

Adaptive machine learning

The scoring models are retrained every week. Detection of suspicious patterns: same IP for 15 accounts, same metadata for 20 customers, multiple purchases of the same product in 1 hour.

‍

Data sharing

Some actors share the lists of identified fraudsters, based on the Cifas UK model. The ACPR and the Banque de France encourage this approach⁵.

‍

3 actions to limit losses

‍

1 - Activate enhanced verification as of January 1

Biometrics mandatory for new accounts, double authentication for amounts >€500, manual validation for risky profiles.

‍

2 - Monitor patterns in real time

Automatic alerts: more than 3 orders of the same product in 24 hours, change of address after opening an account, same card on 5 different accounts.

‍

3 - Sharing fraud data

Collaborate with other BNPL players. A fraudster stuck at Alma can try Oney the next day. Sharing reduces overall losses.

Balances represent 15% of BNPL's annual turnover, but 40% of losses related to fraud⁶.

‍

sourcing

¹ Oneytrust, “Fraud Panorama France 2025”

² Oneytrust, “BNPL fraud losses, balances, January 2025"

³ EBA, “Consumer Trends Report 2024/2025”

³ Oneytrust, “Luxury e-commerce fraud prevention”, August 2025

5 ACPR, “BNPL Fraud Data Sharing Recommendations”, 2025

6 Deloitte, “BNPL perspectives and challenges”, January 2023

‍