Buy Now Pay Later (BNPL) platform development guide

Buy Now Pay Later (BNPL) is a short-term financing product that allows consumers to purchase goods immediately and pay in instalments over weeks or months, often with 0% interest for short-term products. At checkout, the BNPL provider makes a real-time credit decision, funds the merchant the full purchase amount (minus a fee), and the consumer repays the BNPL provider in scheduled instalments. For 0% BNPL products, the merchant pays the provider's fee (typically 2–6% of transaction value); for longer-term interest-bearing products, the consumer pays APR in addition to the principal repayment. The BNPL provider earns revenue from merchant fees, late fees, and interest on longer-term products.

A BNPL platform requires: a real-time credit decisioning engine (combining bureau data, ML models, and fraud detection, completing in under 1 second at checkout); a loan origination system that creates loan records, generates repayment schedules, and issues regulatory disclosures; a merchant integration layer (plugins for major ecommerce platforms plus direct API); a virtual card issuance capability (via Marqeta or similar) for card-based BNPL at any merchant; an automated repayment collection system (direct debit, card-on-file); a customer-facing app or portal for repayment management; a merchant portal for settlement and reporting; and a treasury/funding management system for the loan book.

BNPL providers have multiple revenue streams: merchant discount rate (MDR) — typically 2–6% of transaction value paid by the merchant for the convenience of offering BNPL and the credit risk transfer; late fees — charged to consumers who miss repayment dates; interest income — on longer-term instalment products (6–24 months) where consumer pays APR; interchange — virtual card-based BNPL earns interchange revenue from the card network like any card issuer; and data licensing — aggregate consumer spending data has value to merchants and market research firms (with appropriate consent). Short-term 0% BNPL businesses are primarily merchant-fee driven; longer-term businesses are more like traditional consumer lending businesses with interest as the primary revenue.

In the UK, BNPL regulation was confirmed under the Financial Services and Markets Act 2023, requiring FCA authorisation for BNPL lenders, mandatory affordability assessments, credit agreement requirements, and access to the Financial Ombudsman Service for complaints. In the EU, the updated Consumer Credit Directive (CCD2) entered into force in 2023 and member states must apply it from 2026 — it brings BNPL products under EU consumer credit rules including mandatory creditworthiness assessments, standardised pre-contractual information, right of withdrawal (14 days), and APR disclosure. In Australia, BNPL is regulated under the Credit Act. In the US, the CFPB has issued guidance treating BNPL as a credit card product in certain configurations.

Virtual card issuance allows BNPL providers to generate single-use or multi-use virtual Visa or Mastercard numbers instantly at the point of purchase. The consumer initiates a BNPL purchase; the BNPL provider makes a real-time credit decision, generates a virtual card loaded with the approved amount, and the consumer uses this virtual card to complete the transaction at the merchant's existing payment terminal or online checkout. The merchant processes a normal card transaction and receives funds as usual — no BNPL integration required on the merchant side. This approach allows BNPL to work everywhere cards are accepted, versus integration-only BNPL that requires merchant implementation. Card processors like Marqeta, Galileo, and Thredd provide the virtual card issuance infrastructure.

A soft credit check retrieves credit information from the bureau without leaving a mark visible to other lenders on the consumer's credit file. A hard credit check is recorded on the credit file and is visible to all lenders who subsequently check the file — multiple hard enquiries in a short period can lower a consumer's credit score. Short-term 0% BNPL products typically use soft credit checks only — crucial for consumer experience, since checking your BNPL eligibility shouldn't affect your mortgage application. Longer-term credit products (6–24 month interest-bearing instalments) typically require a hard credit search for regulatory compliance, as they constitute a significant credit agreement. Regulators in the UK and EU are increasingly requiring disclosed credit checks even for short-term BNPL.

BNPL providers fund purchase disbursements upfront and collect repayments over weeks or months, requiring working capital proportional to their loan book size. Funding sources: equity capital (sufficient for early-stage startups but not scalable at volume); warehouse credit facilities from banks (revolving credit lines secured against the loan portfolio — the standard for growing BNPL lenders); whole loan sales to institutional investors (selling loan portfolios to banks or asset managers for immediate liquidity); and asset-backed securitisation (issuing ABS bonds backed by the loan portfolio for large-scale, cost-efficient funding). Klarna, Affirm, and other large BNPL providers use securitisation as their primary funding mechanism. Smaller providers typically use warehouse facilities until their loan book is large enough to securitise efficiently.

BNPL-specific fraud patterns include: synthetic identity fraud (fraudsters create plausible fake identities that pass bureau checks because they have no negative history); first-party fraud (real consumers with no intention of repaying — harder to detect than third-party fraud); account takeover fraud (hijacking legitimate accounts to make fraudulent purchases); return fraud (purchase expensive items with BNPL, return them for store credit or cash, then default on BNPL repayments); and velocity fraud (making multiple BNPL applications across providers within a short window before any derogatory reporting). Prevention requires: device fingerprinting and behaviour analysis; cross-provider fraud data sharing (BNPL-specific credit bureaux); graph analytics for synthetic identity ring detection; and real-time velocity monitoring across the application funnel.