Overview
This guide covers FrankieOne’s KYC solution for Buy Now Pay Later (BNPL) providers, designed to support identity verification, fraud prevention, and responsible lending obligations while maintaining the low-friction experience BNPL customers expect.Summary
Available Workflows
| Workflow | Purpose | When to Use |
|---|---|---|
AUS-Basic3V-twoplus | Low-friction verification | Primary - Low-value first purchases |
AUS-Basic3V-twoplusid | Standard verification | Step-up for higher-value or elevated risk requires a government ID |
AUS-Risk-CDD-Email-Phone-Device | Fraud detection | Fraud signal assessment |
Tiered Verification Approach
Tier Definitions
| Tier | Transaction Value | Verification Level | Target Time |
|---|---|---|---|
| Tier 1 | Under $150 | Basic (2-source) | Under 5 seconds |
| Tier 2 | 500 | Standard (3-source) | Under 10 seconds |
| Tier 3 | Over $500 | Enhanced + Document | Under 60 seconds |
Quick Implementation Flow
Decision Outcomes
| Outcome | Action |
|---|---|
| APPROVE | Proceed with transaction, set credit limit |
| STEP-UP | Request additional verification (time-limited) |
| DECLINE | Display compliant message, log for review |
Key Fraud Signals
| Signal | Risk Level | Description |
|---|---|---|
| Device on fraud blocklist | Critical | Known fraudulent device |
| Email domain disposable | Critical | Temporary email service |
| Email age under 7 days | High | Recently created email |
| Multiple applications from device | High | Velocity indicator |
Support
- Documentation: docs.frankieone.com
- Support: Contact your FrankieOne representative
Expanded Details
Regulatory Context
Disclaimer: The information in this section is provided for general guidance only and does not constitute legal or compliance advice. Customers must seek independent legal and regulatory advice to ensure their implementation meets their specific regulatory obligations. FrankieOne is not responsible for customers’ compliance decisions or outcomes.
Regulatory Updates: BNPL regulation in Australia is evolving. The Australian Government has announced reforms to bring BNPL under the National Consumer Credit Protection Act. Customers should monitor updates from ASIC and Treasury to ensure ongoing compliance.
Australian BNPL Regulatory Framework
BNPL providers operate under an evolving regulatory framework. FrankieOne’s BNPL workflows can support these obligations:| Obligation | Requirement | How FrankieOne Can Support |
|---|---|---|
| Customer Identification | Verify customer identity | Automated identity verification with low-friction options |
| Age Verification | Ensure customers are 18+ | Age verification against authoritative sources |
| Fraud Prevention | Prevent identity fraud and synthetic identities | Device, email, and phone risk assessment |
| Responsible Lending | Assess customer suitability (under reforms) | Identity data to support affordability assessments |
| AML/CTF Compliance | Where applicable as reporting entity | Risk-based verification aligned to AML/CTF programs |
Upcoming BNPL Reforms
The Australian Government has announced BNPL will be regulated as a credit product. Key changes may include:| Reform Area | Expected Requirement | Preparation |
|---|---|---|
| Licensing | Australian Credit Licence required | Enhanced compliance program |
| Affordability | Unsuitability assessments | Income/expense verification capability |
| Hardship | Hardship provisions | Customer identification for hardship requests |
| Disclosure | Enhanced disclosure requirements | Clear verification messaging |
Workflow Configuration Details
Design Principles for BNPL
BNPL verification must balance:- Low friction: Customers expect instant approval
- Fraud prevention: BNPL is a target for fraud due to instant credit
- Regulatory compliance: Meeting current and upcoming obligations
- Scalability: High volume, variable transaction values
Primary Workflow: AUS-Basic2V-LowFriction
Optimised for BNPL’s low-friction requirements while maintaining verification integrity.
Core Checks:
| Check Type | Purpose | Typical Response Time |
|---|---|---|
| Name and DOB verification | Identity confirmation | under 3 seconds |
| Age verification (18+) | Regulatory requirement | under 3 seconds |
| Address verification | Identity confirmation | under 3 seconds |
| Device risk assessment | Fraud prevention | Real-time |
Step-Up Workflow: AUS-Basic3V-Standard
Triggered for higher-risk scenarios or higher credit limits.
Step-Up Triggers:
| Trigger | Threshold | Action |
|---|---|---|
| Transaction value | over $500 (configurable) | Enhanced verification |
| Account age | under 30 days | Additional checks |
| Device risk | Medium or higher | Step-up required |
| Cumulative exposure | over $2,000 | Enhanced verification |
Fraud Detection: AUS-Risk-CDD-Email-Phone-Device
BNPL is particularly vulnerable to fraud. This workflow assesses fraud signals.
Risk Signals Evaluated:
| Signal | Risk Level | Description |
|---|---|---|
| Device on fraud blocklist | Critical | Known fraudulent device |
| Multiple applications from device | High | Velocity indicator |
| Email age under 7 days | High | Recently created email |
| Email domain disposable | Critical | Temporary email service |
| Phone number invalid | High | Non-working number |
| Synthetic identity indicators | Critical | Fabricated identity patterns |
| IP geolocation mismatch | Medium | Location inconsistency |
Step-by-Step Implementation
Note: This section describes the conceptual implementation flow. For actual API endpoints and schemas, refer to the FrankieOne API Documentation.
Step 1: Collect Customer Details
Collect minimal required information for frictionless experience:- Full name
- Date of birth
- Residential address
- Email address
- Mobile phone number
UX Consideration: Pre-fill where possible, minimise form fields, support autofill.
Step 2: Identity Verification
Verify customer identity against authoritative sources. For BNPL, speed is critical. Verification Approach by Scenario:| Scenario | Approach | Target Time |
|---|---|---|
| New customer, low value | Basic 2-source | under 5 seconds |
| New customer, higher value | Standard 3-source | under 10 seconds |
| Returning customer | Cached verification | Instant |
| Step-up required | Document verification | under 60 seconds |
Step 3: Fraud Assessment
Evaluate fraud risk signals to protect against BNPL-specific fraud patterns. Common BNPL Fraud Patterns:| Pattern | Detection Method |
|---|---|
| Synthetic identity | Cross-source consistency checks |
| Account takeover | Device fingerprint, behavioural signals |
| Friendly fraud | Purchase history, dispute patterns |
| Bust-out fraud | Velocity checks, exposure monitoring |
Step 4: Risk Decision
Combine identity and fraud signals into a risk decision.Step 5: Handle Outcomes
APPROVE:- Proceed with transaction
- Set appropriate credit limit
- Enable repeat purchase capability
- Request additional verification
- May include document upload
- Time-limited to maintain conversion
- Display compliant decline message
- Do not disclose specific reasons
- Log for review if borderline
Risk Tier Examples
Tier 1: Low Risk - Instant Approve
Customer Profile:- Australian resident, 28 years old
- Name and DOB verified
- Email aged 3+ years
- Device not flagged
- First purchase $80
Sarah Testone, 28, makes her first BNPL purchase for $80 at an online retailer. Identity verified instantly against electoral roll and credit bureau. Email is 5 years old, device shows no risk signals. Approved in 3 seconds.
Tier 2: Medium Risk - Step-Up Required
Customer Profile:- Identity verified but address mismatch
- New email address (14 days)
- Higher value purchase ($450)
Michael Testtwo, 24, attempts a 500 initial limit.
Tier 3: High Risk - Decline
Customer Profile:- Multiple identity inconsistencies
- Disposable email domain
- Device associated with previous fraud
- Synthetic identity indicators
Application received with name “David Testthree”. Identity check shows inconsistencies across sources. Email is from disposable domain. Device fingerprint matches 3 previously declined applications. Synthetic identity patterns detected. Application declined.
Edge Cases and Special Handling
Young Adults (18-21)
Young adults may have limited credit history, making verification challenging.| Challenge | Handling |
|---|---|
| No credit bureau record | Accept alternative sources (electoral roll, DVS) |
| Recently turned 18 | Accept but may require document verification |
| Student address | Accept temporary addresses with verification |
Address Verification Challenges
| Scenario | Handling |
|---|---|
| Recent move | Accept document proof of address |
| Living with parents | Verify name at address, may accept |
| No fixed address | Higher risk, may require step-up |
Returning Customers
| Scenario | Approach |
|---|---|
| Verified within 12 months | Use cached verification |
| Details changed | Re-verify changed elements |
| Previously declined | Apply cooling-off period, re-assess |
Merchant Risk Considerations
Some merchants/categories carry higher fraud risk:| Category | Risk Level | Consideration |
|---|---|---|
| Electronics | High | Lower limits, enhanced verification |
| Gift cards | High | May restrict or decline |
| Fashion | Medium | Standard verification |
| Travel | Medium-High | Enhanced for high values |
Fraud Prevention
BNPL-Specific Fraud Vectors
| Fraud Type | Description | Mitigation |
|---|---|---|
| Synthetic Identity | Fabricated identity using real/fake data | Cross-source consistency, device signals |
| Account Takeover | Legitimate account compromised | Device fingerprint, behavioural analysis |
| First-Party Fraud | Customer disputes legitimate purchase | Purchase history, pattern analysis |
| Bust-Out | Build credit then max out | Velocity limits, exposure monitoring |
| Refund Abuse | Exploit refund policies | Transaction pattern monitoring |
Device Intelligence
Device signals are critical for BNPL fraud prevention:| Signal | Risk Indication |
|---|---|
| Device age | New devices higher risk |
| Device velocity | Multiple applications = high risk |
| Device reputation | Known fraud = block |
| Emulator detection | Automated fraud attempts |
| Jailbreak/root | Potential manipulation |
Velocity Controls
| Control | Typical Threshold | Action |
|---|---|---|
| Applications per device per day | 3 | Block additional |
| Applications per email per week | 2 | Review/block |
| Applications per phone per week | 2 | Review/block |
| Cumulative exposure per customer | $2,000 | Enhanced verification |
Compliance Reporting
Audit Trail Requirements
| Data Category | Retention Period | Purpose |
|---|---|---|
| Verification requests | Per regulatory requirement | Compliance evidence |
| Identity verification results | Per regulatory requirement | Audit trail |
| Fraud assessment results | Per regulatory requirement | Fraud investigation |
| Decision outcomes | Per regulatory requirement | Compliance reporting |
Responsible Lending Support
For upcoming responsible lending obligations, FrankieOne verification data can support:- Customer identification for affordability assessments
- Consistent identity across credit applications
- Fraud indicators that may affect creditworthiness assessment
Conversion Optimisation Tips
| Factor | Recommendation |
|---|---|
| Form fields | Minimise to essential only |
| Autofill | Support browser autofill |
| Error messages | Clear, actionable guidance |
| Step-up UX | Mobile-optimised document capture |
| Timeout | Allow reasonable time for step-up |
Troubleshooting
| Issue | Likely Cause | Resolution |
|---|---|---|
| High decline rate | Thresholds too strict | Review and tune risk thresholds |
| Slow verification | Too many sequential checks | Enable parallel processing |
| Step-up abandonment | Poor UX | Optimise document capture flow |
| False positives on young adults | Limited credit history | Add alternative data sources |