Welcome to Consumer Reports Advocacy

For 85 years CR has worked for laws and policies that put consumers first. Learn more about CR’s work with policymakers, companies, and consumers to help build a fair and just marketplace at TrustCR.org

Buy Now, Pay Later: A Case Study for a Digital Finance Standard

Executive Summary

Buy now, pay later (BNPL) products are an extremely fast-growing form of lending that typically enables consumers to split the cost of retail goods or services into four or more periodic payments, with the first payment due immediately. Unlike traditional credit card loans, many BNPL loans are offered to consumers without fees or interest charges, provided the consumer abides by the terms of the offer. As such, BNPL holds itself out as a lower-cost alternative to traditional credit cards.

This study builds on Consumer Reports’ recent examination of peer-to-peer (P2P) payment apps in using a subset of the principles articulated in CR’s Fair Digital Finance Framework to evaluate BNPL products. Specifically, the Framework’s Safety Principle concerns the technology applications as well as the policies that companies use to protect consumer data and funds; the Privacy Principle concerns company data collection, sharing, and deletion practices and policies; and the Transparency Principle concerns company disclosures of legal terms and consumer legal rights and their corresponding practices.

Based on our Framework and evaluation procedures summarized below, we have identified areas for improvement regarding certain BNPL app disclosures, security measures, and privacy and consumer protection policies. These key findings are listed below.

Key Findings:

  1. BNPL apps may not sufficiently disclose fees and interest rates or notify users of changes to terms.
  2. Most BNPL apps clearly disclose fraud policies, and often provide useful consumer education content on fraud, but do not commit to real-time fraud monitoring and notification.
  3. BNPL apps provide basic security measures but do not commit in their disclosures to proactively monitoring accounts for security vulnerabilities, and make vague commitments to using industry-standard security practices.
  4. BNPL apps make adequate legal disclosures regarding data collection practices, but they do not go further to ensure that users understand their rights, and they collect more data than is needed to use the services.
  5. BNPL apps have varying policies and practices regarding their sharing and usage of consumer data. Although most companies do not sell consumer data, most share data with third parties, in many cases for the purpose of targeted advertising and marketing.
  6. In many cases BNPL apps do not offer users easily accessible control of privacy settings, and in most cases they do not provide users with the ability to easily access or delete data.
  7. BNPL apps essentially require users to use arbitration, and not the court system, to resolve potential legal disputes, and prohibit them from joining with other users to bring legal claims.