Inside the Briefcase

Augmented Reality Analytics: Transforming Data Visualization

Augmented Reality Analytics: Transforming Data Visualization

Tweet Augmented reality is transforming how data is visualized... Membership! Membership!

Tweet Register as an member to unlock exclusive...

Women in Tech Boston

Women in Tech Boston

Hear from an industry analyst and a Fortinet customer...

IT Briefcase Interview: Simplicity, Security, and Scale – The Future for MSPs

IT Briefcase Interview: Simplicity, Security, and Scale – The Future for MSPs

In this interview, JumpCloud’s Antoine Jebara, co-founder and GM...

Tips And Tricks On Getting The Most Out of VPN Services

Tips And Tricks On Getting The Most Out of VPN Services

In the wake of restrictions in access to certain...

Buy Now, Pay Later Apps: Curbing The Ransomware Threat

March 21, 2023 No Comments

by Jeff Broth

Buy now pay later (BNPL) is one of the fastest growing fintech segments. What began as an alternative payment method has blossomed into a major industry that has given physical and online retailers a sales boost even during tough times.

BNPL apps are easy to use and consumer-oriented. While these features make them fantastic to scale, they also present cybersecurity risks. As BNPL usage increases, more consumers could potentially risk identity theft or worse.

Ransomware attackers are increasingly turning their attention to BNPL apps. Here are a few ways they could weaponize a BNPL app against consumers.


This threat isn’t necessarily restricted to consumers. Malicious actors typically use emulators to scam a BNPL app out of funds. For instance, an attacker could use an emulator to create a string of accounts, buy goods without the intention of paying, close those accounts, and flip goods on the marketplace.

These types of attacks defraud the app and could lead to business closure. However, ransomware attackers can use emulators to increase the damage they cause. They could potentially create accounts embedded with malicious software and emulate genuine customer accounts.

These actions could cause the app’s software to mistake the malicious account for the real one, leading to potential data theft. For instance, reporting an issue on the app could lead to the app’s customer support divulging information the attacker needs to steal funds or purchase goods fraudulently.

Blocking automated environments like ADB and preventing the app from running on emulators are the best ways of preventing emulators from creating ransomware nightmares.


Screen overlays are a common threat for every app, not just BNPL ones. In this method, an attacker creates a genuine-looking screen and overlays it on top of the real one. If the customer does not spot the minor differences, they enter their login information and password, giving attackers several ways to exploit that information.

Typically, attackers hold the account for ransom, along with the user’s personal data. This is damaging for the app too because the attacker can execute several purchases without any intention of repaying. Keyloggers are another threat similar to screen overlays.

Keyloggers record the keystrokes on the user’s device, giving attackers access to passwords and login IDs. Thankfully, preventing these kinds of attacks is relatively straightforward. App security teams must block keyloggers and overlays and disable login screens if attackers bypass these controls.

Monitoring and encrypting data flowing into the app is also a good way to ensure users don’t lose any sensitive information. While it is impossible to fully secure a user’s device since the app does not have any control over it, BNPL security teams can enforce MFA authentication.

Here, it is essential to use authenticator apps instead of one-time passwords. If a user’s device is compromised, an OTP won’t be of much use. An authenticator app will secure the device and prevent attackers from piggybacking in on the user’s login credentials.

App security teams must also communicate what kind of information they’ll ask from users. For instance, many banking apps suffer breaches because users divulge critical information to attackers posing as bank employees. BNPL apps must use the lessons banking apps have learned from these incidents, and apply them.

For starters, BNPL apps must clearly outline their communications policy and state the information their employees will ask for. In most cases, BNPL apps do not need sensitive information, so anyone asking for login IDs or OTP codes should be a red flag.

Educating consumers about the possible ways their account might suffer a compromise is also a good way to keep them alert.

Trojans and API endpoint exploits

Over the past few years, ransomware attackers have used a novel attack vector. They clone existing popular apps and release them with malicious code embedded in them. Given the app’s popularity, consumers download malicious versions and divulge sensitive data.

BNPL has faced significant uptake because of the ease of onboarding and the short time to first purchase. In such environments, users and existing customers have little opportunity to notice a wrong environment. While app redesigns are not a solution, security teams have several options available.

Installing RASP protection including anti-debugging, tampering, and reversing should be standard practice. In addition, teams must also implement binary patching prevention, app resigning, and other dynamic protection that secures the user experience every step of the way.

API endpoints are another vulnerable part of the app experience. Given the sensitivity of the data BNPL apps hold, security teams must include data encryption for at-rest data, string, and resource encryption. Installing root detection and prevention is also a great way to further enhance app security.

No revolution without security

BNPL has been hailed as a revolution in consumer finance and fintech. However, apps cannot revolutionize consumer purchases without guaranteeing top-notch security first. The methods in this article are just a few of several ways app security teams can protect their users and themselves from ransomware attacks.

About the Author

Jeff Broth is a business writer and advisor. Consulted for SMB owners and entrepreneurs for 9 years now. Mainly covering Data, human resources, and emerging fintech trends.

Click here for more IT Briefcase content!

Sorry, the comment form is closed at this time.