ERC-8214: Buy Now Pay Later (BNPL)

asghaier · March 31, 2026, 9:38pm

Summary

This ERC proposes a standard interface for Buy Now Pay Later (BNPL) installment orders on EVM-compatible blockchains. It defines a state machine for installment commerce, cryptographic customer consent via EIP-712, pluggable authorization strategies for token movement, and operator-managed collection, ERC dependencies on ERC-20, ERC-165, EIP-712, and EIP-1271.

The Problem

E-commerce BNPL is a mainstream consumer payment method. Globally, hundreds of billions of dollars flow annually through centralized providers e.g., Klarna, Afterpay, Affirm, that are opaque, jurisdiction-specific, and require merchants to integrate with proprietary APIs.

To our knowledge, no existing ERC addresses the specific requirements of on-chain merchant-financed installment commerce:

Atomic down payment with cryptographic consent. At checkout, the customer must simultaneously authorize the order terms and transfer the down payment. Existing token approval standards (ERC-20 approve, ERC-2612 permit, Permit2) handle the payment but carry no order-specific consent. A customer could consent to terms the merchant later substitutes, or a merchant could create an order without genuine customer consent.

Split authorization for down payment vs. installments. The optimal UX requires two different authorization models in the same order. At checkout, signature-based authorization is preferred — the customer signs once, no prior approval transaction required. For subsequent installments, automatic collection is preferred — the customer should not interact with the contract again after checkout. No existing standard models this two-phase split within a single order.

Defined state machine with off-chain recovery. The order lifecycle must be precisely specified so that off-chain backoffice systems can reliably act on state transitions. Default recovery — debt collection, service termination — is platform-specific and are not part of the standard.

Design at glance

Authorization abstraction (`IPaymentAuth`)

A core part of the standard is separating payment scheduling from token authorization. A pluggable IPaymentAuth interface handles all token movement, keeping the order state machine stable regardless of how tokens are authorized. Five normative reference implementations are considered:

Strategy	Token compatibility	Use case
`AllowanceAuth`	Any ERC-20	Simplest; standing approval
`Permit2Auth`	Any ERC-20 (via Permit2)	Can be the recommended option
`PermitAuth`	ERC-2612 tokens only	No Permit2 dependency
`EIP3009Auth`	USDC/EURC (EIP-3009)	Suited for USDC; atomic transfer, no allowance, front-run resistant via `receiveWithAuthorization`
`MerkleScheduleAuth`	Any ERC-20	Variable-amount installment schedules committed via merkle root

The recommended combination for e-commerce BNPL is Permit2Auth (down payment) + AllowanceAuth (installments) — a gasless signature-based checkout with fully automatic subsequent collection. For USDC specifically, EIP3009Auth + AllowanceAuth provides stronger security: no allowance at any stage and front-running protection.

Customer consent (`OrderAuthorization`)

The merchant calls createOrder at checkout. The customer signs an EIP-712 OrderAuthorization struct off-chain — a typed, human-readable message covering all order terms including both auth strategy addresses. The contract verifies the signature and collects the down payment atomically in the same transaction. EIP-1271 support makes this compatible with smart contract wallets (Coinbase Smart Wallet, Safe, etc.).

The OrderAuthorization type string:

OrderAuthorization(address merchant, address token, uint256 totalAmount,
  uint8 installments, uint256 downPaymentBps, uint256 installmentPeriod,
  uint256 gracePeriod, uint256 lateFeeBps, address downPaymentAuthStrategy,
  address installmentAuthStrategy, uint256 nonce, uint256 deadline)

Order lifecycle

Five terminal states are defined, each with distinct off-chain semantics:

Active → Completed: all installments paid
Active → Defaulted: grace period elapsed without payment (off-chain recovery)
Active → Cancelled: voluntary termination by merchant or customer
Active → Refunded: merchant-issued refund terminates the order
Active stays Active on partial refund: processRefund reduces totalAmount and recalculates remaining installments without terminating the order

Operator management

Merchants can authorize operators (automated keepers, backend infrastructure) to trigger installment collection. Operators call collectInstallment but never receive funds — all tokens flow directly from customer to merchant.

Use Cases

The standard is designed primarily for e-commerce BNPL but the IPaymentAuth abstraction makes it applicable to a broader range of installment payment scenarios:

E-commerce BNPL: down payment at checkout, installments auto-collected over weeks/months
NFT installment purchases: high-value NFT acquired with trailing installments; marketplace holds NFT in escrow until OrderCompleted
DeFi loan repayment: borrower is customer, lending protocol is merchant; MerkleScheduleAuth handles amortizing schedules with variable amounts
DAO contributor payments: DAO treasury as customer, contributor as merchant; milestone gating enforced off-chain
Token vesting tranches: project treasury as customer, recipient as merchant; MerkleScheduleAuth handles non-uniform cliff+linear schedules
Protocol fee payment plans: enterprise clients paying access or listing fees in installments

What Is Deliberately Out of Scope

Default recovery mechanisms (debt collection, credit reporting, collateral liquidation)
Consumer credit compliance (APR disclosure, cooling-off periods) — implementing platforms bear this responsibility
Recurring and subscription payments

Reference Implementation

A reference implementation is available at GitHub - asghaier76/BNPL: BNPL ERC Reference Implementation · GitHub

Looking forward to the community’s feedback, particularly on the design decisions listed above. I’ll be monitoring this thread and updating the draft based on the community input.

wjmelements · April 1, 2026, 6:59pm

What happens if the user does not pay later?

asghaier · April 1, 2026, 7:16pm

the contract enforces the schedule and signals default, however the recovery is left to be done off-chain. the flow is that if it is within the grace period the merchant can still collect late. After the grace period, the merchant or an authorized operator calls markDefaulted(orderId), which emits OrderDefaulted(orderId, outstandingAmount) and the outstanding balance is permanently recorded on-chain. The merchant’s platform subscribes to this event and triggers whatever recovery process fits their jurisdiction like account suspension, debt collection, legal action, or simply absorbing the loss.

On-chain recovery is deliberately excluded since recovery mechanisms differ by jurisdiction and agreement type and standardizing that would make the ERC not practical

wjmelements · April 2, 2026, 7:49pm

I don’t think on-chain recovery is possible. The user can transfer their funds away and disappear.

The way credit card companies normally do pay later is with lending. The merchant usually gets paid before the customer pays the credit card bill. With lending, the merchant can trust that they will always be paid, and the lender takes on all the default risk. Most merchants won’t want to assess credit risk. Lenders compete to win borrowers by offering them lower interest rates. Consequently, borrowers with a lower credit score pay higher interest rates.

simply absorbing the loss

This is acceptable for a lender but not for a merchant.