Illustration of how Swedish BNPL regulations aim to protect customer experiences

The buy now, pay later (BNPL) payment method is a highly popular option for Swedish consumers to purchase online goods. Unfortunately, it’s also popular with fraudsters who take advantage of authentication loopholes - and leave payment service providers (PSPs) and customers on the hook for payments.

New regulatory changes have been proposed that will change how PSPs authenticate customers. Here’s everything you need to know about Sweden’s BNPL market and how PSPs can prepare for new authentication regulations.

A Snapshot of the Swedish BNPL Market

The buy now, pay later payment method is a financing option that allows customers to pay for goods over time with installment loans. As the name suggests, customers get their purchases right away and agree to pay later, usually with interest-free payments over a limited period of time. 

Swedish consumers are clearly fond of eCommerce. In 2020, data from the Swedish Financial Supervisory Authority (Finansinspektionen) found that 66% of Swedish consumers between the ages 18 and 84 have purchased or sold goods online in the past 30 days. The buy now, pay later option is particularly popular among female consumers. Finansinspektionen’s data found 15% of women between ages 35 and 44 use BNPL payments, making them the largest group to use the service.

There are no signs of slowing down. A separate report projects BNPL payments in Sweden are on track to increase 33.8% to reach a market value of $20.2 billion USD later this year. Sweden’s BNPL growth is expected to continue to grow at a CAGR of 17% from 2022 to 2028 to reach a market value of $51.8 billion USD.

Sweden’s BNPL Fraud Problem

These figures paint a clear picture: Swedish consumers love BNPL payments. Unfortunately, fraudsters love it too – and for very different reasons. The Swedish National Council for Crime Prevention found between 11,000 and 15,000 identity fraud cases related to purchases are reported each year. In reality, this figure may be undercounted if victims decide not to report a crime.

Among the biggest problems with BNPL platforms is that existing loopholes currently place them slightly outside of regulatory oversight. Consumers are required to provide certain personal information such as their name, address, and social security number to open a BNPL credit line with a merchant. However, these minimal requirements are highly vulnerable to abuse. Fraudsters can steal the information and open a BNPL loan pretending to be the customer.

How BNPL Fraud Harms PSPs and Consumers

Loopholes create significant problems for both payment service providers (PSPs) and the customers impacted by the fraud. Here’s how each group suffers:

  • Payment Service Providers and Partners: PSPs – and partners who offer these services – suffer multiple types of damage as a result of BNPL fraud. This includes financial losses in the form of chargebacks. When fraud is reported they must refund the money to the customer’s credit card, debit card, or other payment accounts. They may even face fines for enabling a fraudulent transaction. There are currently 175 active PSPs in Sweden (and 75 consumer credit institutions) of varying sizes. Fraud can damage these organizations, regardless of their size. Smaller PSPs will take a financial hit, forcing them to pause their plans to scale. Meanwhile, larger PSPs will likely survive financial penalties resulting from fraud but their public reputation can take a hit. This can impact their relationship with banks and partners.
  • Customers: BNPL fraud also poses serious harm to customers. If a fraudster uses a legitimate customer’s credentials to open a loan and obtain goods that they never pay for, the customer is left holding the bill. This damages the customer’s credit report, making it harder for them to access financial services like loans. In some cases, it can impact their ability to get a job. Administrative fees will be added to the balance and the debt can be referred to debt collectors.

3 Tips for Swedish PSPs to Prepare for New BNPL Fraud Regulations

These problems have prompted Swedish regulators to consider a measure that will transfer oversight of commercial law from the Swedish Consumer Agency to the Finansinspektionen and place stronger authentication requirements on PSPs. PSPs will be required to implement authentication checks like two-factor authentication (2FA) to approve deferred payment transactions like BNPL payments. These measures go into effect on Jan. 1, 2023.

These changes mean PSPs will be expected to do more to prevent fraud and protect their customers. Here are three things PSPs can do now to prepare for these new requirements. All three are critical to establishing a connection with customers based on digital trust.

1. Make Sure You Know the PSP Users

PSPs and their partners must be able to confidently answer the question “is the user really who they say they are?” Answering this question means understanding who the consumer is by developing a profile of how they interact. This profile is not static, but rather evolves over time and includes behavioral data. Behavioral data looks at how the user behaves when transacting – such as the way they hold their device, touch their phone screen, or move their mouse. If these behaviors change suddenly, PSPs can flag the transactions as suspicious. 

2. Follow the Money 

Knowing the customer is just the first step. PSPs must also understand how customers normally transact. For example, a customer who typically spends 100 SEK at an online sports store is probably nothing to worry about. But a customer who spends over 5,000 SEK on several new phones in a short amount of time should raise red flags. PSPs must combine their knowledge of who their user is to see if their latest transactions make sense. Comparing transactional patterns with known fraudulent behavior or adverse media will allow PSPs to bring fraudulent connections to light. 

3. Protect the Customer Experience

Finally, PSPs must ensure that legitimate customers are able to transact as they want without experiencing any delays or interruptions. Using diverse data to build a customer’s profile will help PSPs understand how a customer normally behaves. Armed with this understanding, PSPs can avoid flagging a transaction as fraudulent if it matches the customer’s normal patterns. However, keeping customer experiences friction-free can be more challenging if the PSP relies solely on an older, rules-based system. A customer that wants to buy a plane ticket may find their purchase delayed and have to call to clarify the matter. PSPs should consider enhancing their rule-based system by maximizing their available data to determine if a transaction is trustworthy or not.

Customers expect to purchase goods without interruption or falling victim to fraud. Taking these steps will help Swedish PSPs deliver seamless customer authentication experiences while keeping fraudsters out of the BNPL market.