Refund abuse is any attempt a customer makes to exploit a business’s refund policy and unfairly get money or goods. Retailers estimated that 15.8% of their annual sales would be returned in 2025, totaling $849.9 billion. Though refund abuse costs retailers, it doesn’t always receive the same attention as other types of fraud. This is in part because refund abuse hides inside a process that’s supposed to help customers. It’s also because the signals of refund abuse are spread across systems that don’t always talk to each other, so it can be difficult to detect and stop.

Below, we’ll cover how refund abuse works, how to spot patterns and red flags, and which controls can catch abuse without punishing legitimate customers.

Highlights

• Refund abuse bypasses card networks. Without deliberate cross-system visibility, your fraud team might never see it.

• A common and reliable signal of refund abuse is repeated patterns of behavior across accounts that share infrastructure, identity attributes, or device fingerprints.

• Effective mitigation includes multiple controls, which can include threshold rules, anomaly detection, and restrictions for confirmed abusers.

What is refund abuse?

Refund abuse is the systematic exploitation of a business’s refund or return process to extract money or goods illegitimately. If someone gets a refund by claiming a product never arrived when it actually did, that’s refund abuse. It’s also refund abuse if someone receives a refund for returning an empty box, a counterfeit item, or a worn dress they bought to wear once.

How does refund abuse differ from chargeback fraud?

Refund abuse and chargeback fraud are related but distinct. Chargeback fraud occurs when a cardholder disputes a legitimate transaction with the bank, which initiates a formal dispute process. The charge is reversed at the network level, and the business loses the transaction amount plus a dispute fee—unless it successfully challenges the claim with evidence.

Refund abuse bypasses the bank and the card network. Instead, a refund abuser extracts money through the business’s ordinary refund workflow. There’s no external formal process, which means there’s often no record of anything unusual.

Because of this, your chargeback rate won’t tell you anything about your refund abuse rate. And because refund claims are typically handled by customer service operators, your fraud team might not catch refund abuse unless a deliberate mitigation process is in place.

What are common refund abuse patterns?

A few common types of refund abuse are worth learning to recognize.

Here are the main patterns:

• Empty box or item-swap returns: These occur when the customer asking for a refund returns packaging with nothing inside or substitutes a broken or counterfeit version of the item for the one they received. This is common in consumer electronics and apparel.

• Wardrobing: In this type of abuse, items (typically clothing, but also tools and equipment) are purchased, used, and returned within the refund window. The item comes back in technically returnable condition but often cannot be resold at full value or at all.

• False delivery claims: With false delivery claims, an item was shipped as planned, but the customer claims it never arrived. These claims can be difficult to dispute individually because of high shipment volumes.

• Refund cycling across accounts: Someone committing refund cycling abuse creates multiple accounts and runs the same pattern across all of them to stay under per-account thresholds. Some refund cycling operations involve organized teams that maintain account separation by working across proxies and virtual card numbers.

• Policy loophole exploitation: In this instance, someone reads your policy carefully for edge cases (e.g., free return shipping with no minimum, automated refund approval under a certain threshold, instant store credit without inspection). These abusers often have multiple accounts to repeatedly run the scam.

• Collusion with employees or carriers: Refund abuse can involve employees who deliberately approve claims they shouldn’t or carrier employees who mark packages as undelivered when they weren’t. Return fraud involving employee collusion accounted for 39% of retail refund abuse in 2024.

What are common signs of refund abuse?

Certain co-occurring signals point to refund abuse, and this is especially true if they repeat.

Look out for:

• Multiple accounts that share infrastructure: If email domains, shipping addresses, device fingerprints, or payment methods are shared across ostensibly different accounts, that could signal refund abuse.

• Abnormal refund frequency: If the refund rate for a given customer or cohort is well above your category baseline, that’s worth looking into. One return in 10 orders might be normal; five returns in six orders warrants a closer look.

• Claims for high-value or hard-to-verify items: In general, refund abuse skews toward product categories in which items are costly and their condition is difficult to assess remotely.

• Refund claims timed to policy edges: Claims that arrive at the outer limit of your return window might indicate that someone is timing the system.

• Network and device signals: Orders that are placed through virtual private networks (VPNs), proxies, Internet Protocol (IP) addresses associated with prior abuse, or device fingerprints shared across multiple accounts could indicate the kind of identity masking used by organized abuse operations.

• Shipping addresses tied to reshipping services: Freight forwarders and reshipping addresses are often associated with refund abuse.

How should a business build a layered mitigation framework for refund abuse?

To mitigate refund abuse, stack numerous controls that each catch different things. The goal is to make abuse difficult enough that it stops being worthwhile.

Here’s what to put in place:

• Threshold rules: Flag any account that files more than three refund claims in 90 days or claims refunds totaling more than a set percentage of all the purchases they’ve made. These rules flag potential refund abuse for review.

• Anomaly detection: Anomaly detection sits on top of threshold rules. This process looks at refund behavior relative to cohort baselines, letting you compare with a reference distribution and understand what’s truly anomalous. For instance, an account with a 40% refund rate is more suspicious if the category’s baseline refund rate is 8%.

• Identity linkage: Identity linkage lets you connect dots across accounts by matching device fingerprints, IP addresses, email patterns, shipping addresses, and payment instruments. Accounts that share infrastructure but were made under different names might be fraudulent. Stripe Radar does some of this identity linkage by using signals from across the Stripe network, so it can identify patterns that a single business’s data wouldn’t surface on its own.

• Risk-based reviews: Create a human-run review queue for suspicious claims. For instance, a $12 refund for a first-time customer with no flags can get auto-approved. But if a $300 claim comes from an account with three prior refunds that shares a device fingerprint with two flagged accounts, it should go to the review queue.

• Progressive restrictions: If an account commits return abuse, just declining the current claim isn’t enough. That account, and any linked accounts, should be restricted going forward. Restrictions can include requiring photo evidence for returns, removing access to instant refund options, or flagging orders for manual review.

How can you balance refund abuse controls with customer experience?

If your fraud controls are too broad or too strict, you could overcorrect and start denying refund requests from legitimate customers. It’s important to get the balance right.

Here’s what to do:

• Segment by risk: The refund process shouldn’t be identical across risk tiers. Low-risk customers should see a fast, easy return process. High-risk signals should lead to additional steps, such as photo documentation, longer review windows, or manual approval.

• Communicate clearly: When you ask customers to provide additional documentation, be transparent and bring them through the process quickly. Opaque denials or unexplained delays are frustrating and can cause lasting damage.

• Assign ownership: In many organizations, refund abuse falls into a responsibility gap between the fraud and customer service teams. Fraud teams focus on payment fraud, while customer service teams are incentivized to resolve claims, not flag them. Refund abuse needs an owner with visibility into both sides so that customer service can keep focusing on contentment.

What metrics can be used to keep track of refund abuse?

Refund abuse metrics can help you track the scale of the problem, narrow it down to specific segments, and see how well your solutions are working.

Here’s what to measure:

• Refund rate by cohort: Break down your overall refund rate by customer tenure, acquisition channel, product category, and geography. Abuse tends to concentrate in specific segments.

• Repeat refunder rate: Figure out what percentage of refund claims come from customers who have filed more than one claim in the past 90 days. This number, tracked over time, tells you whether your refund abuse controls are working.

• False positive rate: Strive for a low false positive rate. Pull a set of flagged claims and review them manually to figure out how often you’re declining or delaying legitimate claims.

• Recovery rate: Determine what percentage of confirmed fraud cases resulted in the recovery of goods or value. Use this to judge the effectiveness of your post-confirmation refund abuse response.

How Stripe Radar can help

Stripe Radar uses AI models to detect and prevent fraud, trained on data from Stripe’s global network. It continuously updates these models based on the latest fraud trends, protecting your business as fraud evolves.

Stripe also offers Radar for Fraud Teams, which allows users to add custom rules addressing fraud scenarios specific to their businesses and access advanced fraud insights.
Radar can help your business:

• Prevent fraud losses: Stripe processes over $1 trillion in payments annually. This scale uniquely enables Radar to accurately detect and prevent fraud, saving you money.

• Increase revenue: Radar’s AI models are trained on actual dispute data, customer information, browsing data, and more. This enables Radar to identify risky transactions and reduce false positives, boosting your revenue.

• Save time: Radar is built into Stripe and requires zero lines of code to set up. You can also monitor your fraud performance, write rules, and more in a single platform, increasing efficiency.

Learn more about Stripe Radar, or get started today.