Afterpay will take additional measures to prevent order fraud in the future. The payment service examines various user authentication techniques to verify the name provided. Ghost invoices that end up on someone else’s doorstep are therefore a thing of the past.
Afterpay informs the Consumers’ Association about this.
This is how Afterpay works
Afterpay is a service that allows consumers to pay their bills afterwards. Ideal for those who want to be able to try out and experience their order before paying their invoice. It goes like this. You place an order at one of the webshops that are affiliated with Afterpay. Select Afterpay for the payment method, you do not need to create an account in advance.
When your order has been delivered, you can see what you think. If you are satisfied and want to keep the product, you pay for your order via the Afterpay app. You have 14 days to do this. If you return a product, you must indicate this via the app. Your payment obligation is extended by 10 days. If the product has been delivered to the webshop, you no longer have to pay.
Committing order fraud Afterpay is ‘childishly simple’
In April, the Consumers’ Association discovered that it was ‘childishly easy’ to cheat with Afterpay. When placing an order at an online store, scammers enter their own address details. At Afterpay they provide the name and address of another person. The product is delivered to the address of the scammers. The bill ends up on the victim’s doormat.
The order fraud only comes to light after a month. How long does it take for Afterpay to send a payment reminder to the specified billing address? According to the Consumers’ Association, in the past year, hundreds of consumers received an invoice for a product that they had never ordered.
In a response to the interest group, Afterpay stated that it had all its affairs in the field of fraud in order. Customers who had been defrauded in this way had to file a report with the police. With a copy of the declaration, they could then go to the payment service to cancel the invoice.
‘Afterpay must make haste’
The Consumers’ Association was not happy about this. Director Sandra Molenaar said it was ‘the world upside down, while the leak was clearly with Afterpay. We are now two months further and things seem to be moving forward. Afterpay is currently investigating various user authentication methods to prevent order fraud in the future.
One of the techniques that the payment service is seriously looking at is iDIN. Consumers can log in to the site of a service provider or webshop by using the login method of their bank. Once logged in, the data that the service provider or web store needs (name, address, date of birth) are entered. iDIN does not share financial data and your bank does not receive any data from the counterparty. In addition to identifying yourself, you can also create an online account with iDIN, take out a telephone subscription, insurance or loan, and confirm your age at an online liquor store.
Molenaar is pleased that Afterpay is taking action against order fraud. “We are pleased that Afterpay is now serious about its security. But the company has to hurry because the problems have been going on for quite some time and until recently our researchers still managed to crack the system in a simple way.”
Klarna has already implemented additional authentication measures before
Afterpay is not the first online payment service that the Consumers’ Association has investigated. In February, the interest group concluded that the Swedish payment service Klarna was not taking sufficient measures to protect customers against identity fraud. Research by the interest group showed that it was possible to order products under the name and address of someone else, but then have them sent to yourself. Klarna does not ask for a password: entering personal data is sufficient.
Klarna spoke of ‘an incident, but the Consumers’ Association managed to order products from another person ten times via the Klarna account. “The alarm bells should go off immediately if it turns out that unauthorized parties can take over your customers’ accounts,” said Molenaar about the matter. In response to this issue, Klarna implemented additional authentication measures.
Catch up on more articles here
Follow us on Twitter here