Skip to content
Digital Identity Verification

Jun 11, 2024

The Importance of Biometric Verification for Buy Now Pay Later

Biometric verification is essential for protecting BNPL from attacks such as fraud or user data breaches. Check out the explanation in the following article.

The financial technology industry is rapidly evolving in the digital era, including forms such as Microfinancing, P2P Lending, Crowdfunding, and Buy Now Pay Later (BNPL). In Indonesia, BNPL transactions reached more than 25 trillion rupiah in 2023.

Currently, biometric verification is an effective solution to prevent fraud and identity theft in the consumer lending industry, including BNPL. What are the roles and benefits of biometric verification for BNPL registration and other processes? Let's explore this article.

The BNPL Situation in Indonesia

Millennials and Gen Z have become the primary users of BNPL, with 77% of individuals from these demographics showing interest in this payment method.

The preference of the younger generation for BNPL reflects a trend towards alternative digital payment options. Additionally, a survey found that 7 out of 10 people feel more comfortable making online purchases through e-commerce platforms if they have access to BNPL and loan options.

This level of comfort indicates that BNPL services not only attract users but also contribute to enhancing their online shopping experience by providing flexible payment solutions.

Unfortunately, issues have arisen in BNPL services. According to internal data from VIDA and the OJK, here are some of the problems:

- 73% of users want an integrated solution in one application and expect convenience in using it.
- 47% of fraud attacks target the financial sector, including consumer lending services and BNPL.
- Transaction processes that take up to 2 hours increase the number of failed transactions.
- More than 150 financial services have had their business licenses revoked by the OJK for not complying with regulations in Indonesia.

More worryingly, BNPL is not immune to cyberattacks that result in financial losses. The annual loss from cybercrime reaches $6 trillion globally. Meanwhile, users' personal data makes financial institutions, including BNPL and consumer lending services, prime targets for cyberattacks. A report by Cybersecurity Ventures estimates that a cyberattack occurs every 39 seconds.

Based on these reports, here are the challenges that BNPL companies need to address:

- BNPL companies and consumer lenders need to provide quick and easy registration processes while protecting their users from fraud.
- Users need a smooth and simple application process without excessive requirements or long forms, which significantly contributes to a positive user experience.
- Financial institutions, including consumer lending and BNPL services, need to navigate complex regulations.

One technology to address these challenges is biometric verification. This type of verification is passwordless, utilizing the uniqueness of physical characteristics such as fingerprints and facial/retina scans.

The Threat of Injection Attacks to BNPL

An injection attack occurs when an attacker injects manipulated code or commands into a system to deceive the biometric verification system. Injection attacks are now evolving into deepfake injections. As the name suggests, deepfake injection uses deepfake technology to inject fake biometric data directly into the data stream received by the verification or authentication system.

So, how does an injection attack threaten verification in BNPL?

The biometric verification process begins when users capture their biometric data with the device’s camera (similar to taking a selfie). Ideally, this biometric data should be sent to the verification server. However, hackers can bypass the biometric data capture process on the device’s camera, microphone, or fingerprint sensor to enter an application’s server system. After that, they inject fake biometric data using emulators, virtual cameras, and other techniques to convince the system that the data is legitimate.

As a result, the server receives and uses the fake biometrics, considering it as valid user data. This attack can be highly damaging, allowing attackers to access sensitive data, modify information, and compromise the system's integrity.

Based on these reports, here are the challenges that BNPL companies need to address:

- BNPL companies and consumer lenders need to provide a quick and easy registration process while protecting their users from fraud.
- Users need a smooth and simple application process without excessive requirements or lengthy forms.
- BNPL needs to implement a verification system that cannot be penetrated by deepfake attacks.

The Importance of Biometric Verification for BNPL

Digital identity verification occurs when users register for BNPL applications, involving several stages such as entering personal identification (KTP) and facial biometrics. Because it involves personal data, the verification system must be very strong to ensure that only legitimate users can access accounts. The same level of security is required for authentication, which takes place when registered users perform actions such as applying for or repaying loans.

Transactions on digital platforms often involve storing personal data and sensitive information. Therefore, a robust verification system is necessary to prevent unauthorized access by fraudsters. A common case is when someone's personal identity is hacked to register on other online lending platforms.

Biometric verification is a method of confirming someone's identity using unique biological, physical, or behavioral characteristics such as facial scans or body movements. The goal of biometric-based digital identity verification systems is to ensure identity with high accuracy and correctly authenticate individuals.

Each biometric verification data is personal and cannot be forged by others. Unlike passwords, biometric data cannot be lost or copied. Once biometric data is recorded, users only need to perform a scan without needing a password. The system then compares and analyzes the user's biometric data with the stored data. If they match, access is granted to the user.

Biometric verification technology can perform the verification process automatically. The encryption techniques used in biometrics also enhance security levels, hinder attempts to replicate biometric data by unauthorized parties, and prevent data forgery or theft.

1. Enhancing Security in BNPL Transactions
   - BNPL platforms facilitate seamless transactions but also attract potential risks, including identity theft and fraudulent activities.
   - Biometric verification acts as a robust security measure by verifying users' identities through unique biological traits such as fingerprints, facial recognition, or voice recognition.
   - This authentication process adds an extra layer of security, ensuring that only authorized individuals can access BNPL services and reducing the risk of unauthorized transactions.

2. Streamlining the Onboarding Process
   - Traditional identity verification methods, such as manual document checks and OTPs, can be cumbersome and time-consuming for users.
   - Biometric verification offers a smoother onboarding experience, allowing users to quickly and securely verify their identities using biometric data.
   - By eliminating lengthy verification procedures, BNPL platforms can enhance user experience and encourage technology adoption.

3. Preventing Fraud and Identity Theft
   - Identity theft remains a significant concern in the digital era, with fraudsters continuously devising new methods to exploit vulnerabilities in online systems.
   - Biometric verification adds an extra layer of protection against identity fraud by ensuring that only genuine users can access BNPL services.
   - With biometric data unique to each individual and difficult to replicate, the risk of identity theft and fraudulent activities is significantly reduced.

One of the leading BNPL services, Kredivo, has implemented biometric verification and VIDA digital signatures. Currently, Kredivo handles around 15,000 transactions per day and up to 328,000 transactions per month. Kredivo also experienced a threefold increase in total transactions and a signing process time of less than 30 seconds for customers.

BNPL companies have a responsibility to ensure the security and convenience of users when transacting. One step that can be taken is to ensure the accuracy of users' identities and data. Implementing biometric verification for online loan transactions is one way to verify user identities more accurately and efficiently.

For more information on how VIDA can help secure your digital identity, visit

VIDA - Verified Identity for All. VIDA provides a trusted digital identity platform.

Latest Articles

The Importance of Security Awareness Through Digital Signatures

The Importance of Security Awareness Through Digital Signatures

Security awareness is important for both individuals and companies. Efforts to build security awareness can begin with the use of digital s...

July 04, 2024

Understanding Income Verification for Businesses

Understanding Income Verification for Businesses

Income verification with VIDA's Income Verification is crucial for streamlining financial services in verifying loan applications.

July 03, 2024

Understanding Phishing and How to Avoid It with Verification
Digital Identity Verification

Understanding Phishing and How to Avoid It with Verification

Phishing is a form of cyber attack where attackers attempt to obtain personal information by impersonating a trusted entity.

July 01, 2024