Return fraud on Shopify: what it is, what it costs, how to stop it.
By Adrien Bokor, Founder, RefundSentry·Last reviewed ·~15 minute read
US retailers lost $103 billion to fraudulent returns and claims in 2024. Riskified's analysis of over a million refund tickets shows roughly 1 in 4 refund dollars is abusive. This page is the operator playbook: the nine patterns Shopify merchants see, the detection signals that work, and how return fraud sinks your Shopify Payments account if you ignore it.
Free during private beta. No credit card. 30-second install.
What is return fraud?
Return fraud is when a customer extracts a refund or replacement they aren't entitled to under your return policy. The customer might return an item they wore once, return an empty box, claim a delivered package never arrived, dispute a charge weeks after using the product, or run a counterfeit-receipt scheme. All four patterns hit the same column on your P&L: refund issued, inventory gone or unsellable, fee paid.
Return fraud vs return abuse vs legitimate returns
The line that matters operationally is intent and clarity of policy violation. A legitimate return is the system working: wrong size, didn't like the color, changed my mind, full stop. Return abuse exploits the policy without clearly criminal intent: bracketing six sizes every month with a 5% keep rate, returning a worn dress with the tag re-attached, serially returning every order at the end of the discount window. Return fraud crosses into criminal: empty boxes, switched serials, false INR claims, counterfeit receipts.
Appriss Retail's 2026 benchmark splits the $100B preventable loss as 12% abuse and 2% outright fraud. That ratio matters: most of the money you can save lives in the abuse bucket, where the right policy and the right pre-refund detection turn a soft loss into a coachable customer relationship. The fraud bucket is smaller but more expensive per incident.
How big is the problem actually?
Two reputable studies report two different headline numbers. Both are correct. They measure different things.
Appriss + Deloitte 2024
15.14%
of all US returns were fraudulent in 2024. Total dollar loss: $103 billion on $685 billion of returned merchandise. Includes fraudulent returns and claims.
of all returns were outright fraudulent in 2025. Total US returns: $849.9 billion (15.8% of retail sales). Measures fraud transactions, not abuse or claims.
Riskified, January 2026, analysis of 1M+ refund claims
About 1 in 4 refund dollars is abusive. INR claims are 25% more likely to be fraudulent than missing-item claims. Claims filed within 7 days of delivery are 20%+ more likely to be abusive. Orders above $1,000 are 33% more likely to draw an abusive claim. Orders above $2,000 see 2.5x the claim rate of sub-$100 orders.
Total US merchant cost per $1 of direct fraud, up 32% from $3.16 in 2022 (LexisNexis True Cost of Fraud 2025).
+15%
Rise in AI-generated fraudulent images submitted with refund claims in the first half of 2025 (Forter).
24.5% / 8.7%
Online return rate vs in-store return rate in 2024 (Appriss + Deloitte). Online concentrates the fraud surface.
The nine patterns Shopify operators actually see
Ranked by what surfaces in Shopify Community threads and what shows up in retailer surveys. Each pattern has its own detection signals. Most attackers run more than one.
The patterns below as they look in the operator workflow: each return scored, top signals tagged, status surfaced.
Pattern 1 of 9
Wardrobing
Buy, wear once, return as new.
The fashion-DTC tax. A customer keeps the tags on, wears a dress for a Saturday event, ships it back Monday morning. Appriss and Deloitte's 2024 research has 60% of retailers naming wardrobing as a top issue. Happy Returns found 47% of shoppers admit to returning an item with tags removed, and 32% admit returning something they had worn. The reason this one is hard: in isolation, wardrobing looks exactly like a legitimate 'didn't fit' return. It only resolves into a pattern when you stack return-reason text, timing relative to weekend delivery, and the customer's lifetime return rate against your store baseline.
Detection signals
Return reason 'didn't like it' on event-adjacent SKUs like formalwear or party dresses
Return initiated within 72 hours of a weekend delivery
Customer return rate above 2x the store average on apparel
Tag re-attachment marks or wear residue noted at inspection
Ordering five sizes of one shoe to find your fit is bracketing. Ordering five colors of three dresses every other week and returning everything you decided you didn't need is abuse. Happy Returns has 51% of Gen Z bracketing versus 24% of baby boomers. David Sobie, the CEO, told NRF directly that bracketing itself is not fraud. The line is operational, not legal. A customer who keeps 40% of what they order is your normal apparel buyer. A customer who keeps 5% and ships back stacks of 8-item orders every two weeks is eating your reverse-logistics margin. Narvar pegs that cost at $25 to $30 per item once warehouse labor is included.
Detection signals
Multiple variants of the same SKU on one order (size 6, 7, 8 of one shoe)
Personal keep rate below 30% across the last 3+ orders
Same shipping address cycling sizes monthly across separate accounts
Returns clustered within 24-72 hours of delivery
Net AOV after returns under 30% of gross AOV per customer
Either an empty box arrives at your warehouse, or a box weighted with rocks, or the right box with a substituted older item. NRF and Happy Returns have 65% of retailers reporting empty-box returns in 2025, with 55% reporting a year-over-year increase. The fraud closes the loop on you twice: most refund flows auto-trigger on carrier scan, so the customer gets their money days before your warehouse opens the parcel. By the time the discrepancy hits an inspection ticket, the refund is gone and the chargeback window is still open. WFLA News documented a single Lululemon empty-box scheme that hit $200,000 over twelve months before arrest.
Detection signals
Return weight more than 10% off the original shipped weight
Refund auto-triggered at carrier scan instead of post-inspection
Serial-number or IMEI mismatch on returned electronics
Repeat 'package delivered empty' claims from the same household or IP
The package was delivered. The customer says it wasn't.
Item-not-received claims are the fastest-growing online fraud vector. Riskified's January 2026 analysis of more than a million refund claims found INR claims are 25% more likely to be fraudulent than missing-item claims, and claims filed within 7 days of delivery are 20%+ more likely to be abusive. Orders above $1,000 are 33% more likely to draw an abusive claim, and orders above $2,000 see 2.5x the claim rate of sub-$100 orders. Telegram and dark-web 'refunding-as-a-service' groups now sell scripts that automate the claim, the carrier delivery dispute, and the timing window down to the hour.
Detection signals
Carrier shows delivered with GPS or photo evidence, customer disputes within 24h
Shipping address is a freight-forwarder, reshipper, or hotel
New account placing high-value order with expedited shipping
IP geolocation mismatches the shipping ZIP
Same customer email pattern appears in cross-merchant INR networks
The retail-classic version. Counterfeit receipts, photo evidence reused across multiple damage claims, swapped price tags, or a refund request with no return shipment at all. Appriss and Deloitte have 48% of retailers naming counterfeit receipts and e-receipts as a recurring issue. A Security Info Watch case study covered a New Jersey couple who ran 758 fraudulent returns across nine states for over $160,000, keeping each refund under $200 to stay under detection thresholds. The DTC version usually shows up as a barrage of 'damaged on arrival' tickets with photos that, run through a reverse image search, turn out to be reused across accounts.
Detection signals
Damage photos appearing across multiple customers (reverse image hash)
Refund requested without a return shipment
Return SKU price doesn't match the historical price on the order date
Identical damage narrative across multiple orders from one customer
Pattern 6 of 9
Friendly fraud and chargeback abuse
Customer gets the item, then disputes the charge.
Also called first-party misuse, friendly fraud is when a customer files a chargeback for an order they actually received and used. LexisNexis True Cost of Fraud 2025 has US merchants now losing $4.61 for every $1 of fraud, up 32% from $3.16 in 2022. The cost includes the disputed amount, the Shopify $15 chargeback fee, processing fees, and the dispute-rate damage that compounds toward VAMP or Shopify Payments thresholds. Forter reported a separate vector in 2025: AI-generated fraudulent images attached to refund claims jumped over 15% in the first half of the year. Visa CE3.0 (effective April 2023, auto-qualification through Visa Secure since October 2025) gives merchants a recovery path if they can show two prior undisputed transactions with matching IP, device, user ID, or shipping address.
Detection signals
Chargeback filed 30+ days post-delivery on a tracked, delivered shipment
Customer has long usage footprint (logins, opens) but ignored merchant outreach
Same BIN range cycling chargebacks across multiple merchants
Cardholder has zero prior dispute history with you (CE3.0 evidence available)
Almost no competitor page covers this one, but it surfaces in Shopify Community threads constantly. The pattern: customer files a return, you refund, then weeks later they file a chargeback on the same order claiming non-receipt or fraud. The bank rules in their favor because your return-flow refund doesn't show in the issuer's view as a 'first refund attempted.' You end up out the item, out the refund, out the chargeback amount, plus the $15 fee. A Shopify Community merchant flagged this in 2025: 'Customer submits a return and files a chargeback for the same order. Individually none are red flags. Combined, it's a pattern. Almost impossible to see without aggregated data.'
Detection signals
Return processed and refund issued, then chargeback filed on the same order
Chargeback reason 'goods not received' on an order that already has a Refund record
Customer appears under two identifiers (different email, same address hash)
Pattern 8 of 9
Coordinated low-ticket waves
Dozens of sub-$25 orders, all returned, all with the same message.
Real, documented, undiscussed in any top-10 result. Multiple Shopify merchants have surfaced the exact same pattern in the Shopify Community: a sudden spike of sub-$25 orders from US addresses, return initiated within days of delivery, return-reason text copy-pasted across customers. One merchant: 'I typically receive approx 5 returns per year, but in the last few months I've received 8 returns on one product, then after I labeled it out of stock, I received another 10 returns on another, very different product. All of the customers send nearly the exact same message: I have just received the product and decided I no longer need it.' The economic model isn't to make money on each refund. It's to bleed merchants with reverse-logistics costs until they pause shipping to flagged ZIP ranges, opening a window for a different attack.
Detection signals
Return volume spike above the prior 90-day baseline on a single SKU
Copy-paste return-reason text across unrelated customer accounts
Shared device fingerprints or IP subnets across the 'different' accounts
Orders concentrated in mail-drops, hotels, or reshipper addresses
Return, wait for the sale, repurchase, refund the difference.
A small cohort drives a large share of return losses. ZigZag's research with Retail Economics found UK serial returners are 11% of shoppers but generate nearly 25% of all non-food online returns. Brightpearl has 42% of US retailers reporting an increase in serial returners over twelve months. The mechanic on Shopify usually involves a customer who exploits return windows around discount-code launches: order at full price, return the item, repurchase under the new code, sometimes split across two accounts to dodge a one-per-customer limit. The CS workload and the margin erosion are both real.
Detection signals
Personal return rate above 50% sustained across 3+ orders
Return then repurchase at a lower price within 7 days
Multiple discount codes used across split accounts sharing one shipping address
Single customer accounting for more than 2% of your monthly returns volume
How to detect return fraud on Shopify before you refund
Detection on Shopify lives at three layers: the order, the customer, and the network. Most return-fraud apps stop at the first two. Cross-shop signals are where the modern fraud rings are caught.
At the order layer
The order-level signals fire on the orders/create and returns/request webhooks. The signals that earn their slot: order value above category P95, expedited shipping on a new account, billing/shipping ZIP mismatch, IP geolocation mismatch, payment method risk (BNPL on a high-value order), and discount-code stacking.
An order detail with five signals triggered. Each signal shows its contribution to the 0-100 score, the technical reason, and the recommended action.
At the customer layer
Customer-level signals require an aggregated view across the customer's lifetime with you. Personal return rate, refund-method switches (gift-card cash-out), review-then-return pattern, holiday-surge returner, and aging-based outcome inference. Shopify's customer-tag system is the right output channel: a customer who triggers HIGH risk gets tagged automatically, surfaces in your CS workflow, and persists across orders.
The same customer at the profile layer. Risk trajectory, return reason profile vs the shop average, and fraud-ring membership all aggregate across their lifetime with the store.
At the network layer
This is the layer most tools miss. The customer who looks brand-new in your store may be on their tenth INR claim across the network. Detection requires cross-shop signals on hashed identifiers: SHA-256 of email and phone, address fingerprint via libpostal normalization, device fingerprint where available. RefundSentry runs three cross-shop signals (chargeback history, address velocity, fraud-ring membership) on every return, projected from the shared network so a new account with a chargeback history at three other Shopify stores is flagged on its first interaction with you.
One customer cluster touches multiple stores. The network layer is where you catch a brand-new account that's already on its tenth incident elsewhere.
How the scoring stack works: Every return fires every signal in parallel. Each signal returns a contribution (max points × severity × reliability). A two-pass engine handles signals whose score depends on other signals. The result is a single 0-100 score, a confidence tier, and a LOW / MEDIUM / HIGH zone you can route in Shopify Flow. How the 50+ signal engine actually works
How return fraud quietly kills your Shopify Payments account
Return fraud doesn't just cost you the refund. It compounds upward into your dispute rate, which has three different thresholds that can suspend your store.
Shopify Payments
Unofficial 1% chargeback rate threshold.
Crossing it triggers a 20% merchant-account reserve held for 120 days plus a Shopify fraud-team review. This one bites fastest because Shopify Payments is internal to your store.
Visa VAMP
Current 2.2% threshold, dropping to 1.5% in April 2026.
Visa's Acquirer Monitoring Program replaced VFMP and VDMP in April 2025. Triggered for merchants with 1,500+ monthly disputes. Successfully resolved CE3.0 disputes are excluded from the calculation, so a working representment program is the lever.
Mastercard ECM
1.5% chargeback rate AND 100+ chargebacks per month.
The AND condition protects smaller stores from accidental tripping. Larger merchants hit this faster than they expect on high-AOV categories.
The double-dip pattern is the most efficient way to walk into a threshold. A customer returns an item (legitimate refund issued), then files a chargeback weeks later (claims non-receipt). Without a representment, both the chargeback count and the refund hit your books. Shopify Protect (for Shop Pay, fulfilled within 7 days, tracked, US-shipped) reimburses some categories, but it doesn't cover INR friendly fraud on non-Shop-Pay orders.
The four-layer app stack for return fraud on Shopify
No single tool catches every pattern. Coverage comes from stacking tools that own different layers of the order lifecycle. Here's what each layer catches and where the gaps are.
Layer
Tools
Catches
Misses
Layer 1Payment-time fraud
Shopify Fraud Analysis, Shopify Protect
Stolen-card fraud at order placement. Free, built-in.
Everything after delivery: wardrobing, bracketing, INR, double-dip, friendly fraud.
Layer 2Returns management
Loop Returns, AfterShip Returns, ReturnGo
Policy violations (out of window, wrong reason, restocking-fee enforcement). Owns the customer-facing flow.
Behavioral fraud. Light fraud rules but no cross-shop signal and no scoring engine.
Layer 3Return-fraud intelligence
RefundSentry, Signifyd, NoFraud, Riskified
Wardrobing, bracketing, INR, friendly fraud, fraud rings. Scores returns with dozens of signals, tags customers, surfaces evidence.
Doesn't auto-file representments. Read-only on the returns flow.
Layer 4Chargeback recovery
Chargeflow, Justt, Kount Disputes
Disputes that slipped through. Auto-files representments under Visa CE3.0 with matching data (IP, device, prior transactions).
Win-rate depends on quality of upstream evidence. Doesn't prevent the chargeback being filed.
The right stack for a $1M to $50M Shopify DTC store: Layer 1 (free), Layer 2 (if you don't have one), Layer 3 (the missing piece for most stores), and Layer 4 once your dispute rate justifies it. RefundSentry sits at Layer 3 specifically because that's where Shopify operators have the biggest blind spot. Full app comparison
What Layer 3 looks like in practice. Every scored refund and fraud-ring detection in one operator view, with savings tracked against the labelled outcomes.
Return fraud, answered
What is return fraud?+
Return fraud is the deliberate misuse of a retailer's return or refund process for financial gain. It includes returning a different, used, stolen, or non-existent item, submitting false 'item not received' claims, or filing a fraudulent chargeback after delivery. Appriss Retail and Deloitte report 15.14% of all US returns in 2024 were fraudulent, costing retailers $103 billion.
What is the difference between return fraud and return abuse?+
Return fraud is criminal intent: counterfeit receipts, stolen merchandise, INR lies, empty-box scams. Return abuse is exploiting a generous policy without clearly criminal intent: wardrobing, excessive bracketing, repeat returns past the spirit of the policy. Appriss Retail's 2026 benchmark splits the $100 billion preventable loss as 12% abuse, 2% outright fraud.
How common is return fraud in 2026?+
Two reputable studies use different methodologies. Appriss Retail and Deloitte's 2024 report has fraudulent returns and claims at 15.14% of all returns ($103B). NRF and Happy Returns' 2025 Retail Returns Landscape has outright fraudulent returns at 9% of returns. Both figures describe the same problem at different cuts: Appriss includes claims and abuse, NRF measures fraud transactions. Riskified's January 2026 analysis of over a million refund claims found roughly 1 in 4 refund dollars is abusive.
How much does return fraud cost retailers?+
US retailers lost $103 billion to fraudulent returns and claims in 2024 (Appriss Retail and Deloitte). LexisNexis True Cost of Fraud 2025 has US merchants losing $4.61 in total cost for every $1 of direct fraud, up 32% from $3.16 in 2022, once you include chargeback fees, processing fees, and the operational drag.
What is the most common type of return fraud?+
Wardrobing leads in retailer surveys: 60% of retailers cite it as a top issue (Appriss and Deloitte 2024). Empty-box returns hit 65% of retailers in the NRF and Happy Returns 2025 survey. INR fraud is the fastest-growing vector in online-first DTC, with Riskified data showing INR claims are 25% more likely to be fraudulent than missing-item claims.
Is bracketing return fraud?+
No. Ordering two or three sizes to find your fit is not fraud. Happy Returns CEO David Sobie told NRF directly: 'It is not bracketing.' It becomes abuse when the behavior is systematic and unprofitable: keep rate below 30%, repeat 5+ variant orders, returns clustered within 72 hours. 51% of Gen Z shoppers bracket, so the right policy targets abusive volume, not the practice.
How do I detect return fraud on Shopify?+
Combine Shopify's native fraud filter and Shopify Protect (for Shop Pay) with a returns app (Loop, AfterShip Returns) and a dedicated fraud-intelligence layer. The signals that matter on Shopify: customer personal return rate, identical return-reason text across accounts, weight mismatch on returned shipments, refund-without-return requests, INR claims within 24h of delivery, shared device fingerprints, and chargebacks filed on the same order as a return.
What happens to my Shopify Payments account if my chargeback rate exceeds 1%?+
Shopify Payments' unofficial threshold is 1%. Crossing it triggers a 20% merchant-account reserve held for 120 days and a Shopify fraud-team review. Visa's Acquirer Monitoring Program (VAMP) replaced VFMP and VDMP in April 2025; the current excessive chargeback threshold is 2.2%, dropping to 1.5% in April 2026 for merchants who also receive 1,500+ monthly disputes. Mastercard's ECM threshold for Shopify merchants is 1.5% rate with 100+ chargebacks per month. Return fraud sits upstream of all three.
Last reviewed: 19 May 2026. Stats refresh quarterly. Disclosure: RefundSentry sells fraud-intelligence software for Shopify, so we have skin in the game on the framing of Layer 3.
Related operator guides
Return fraud sits next to two other surfaces on a Shopify store. Read all three for the full picture.
Clear Setup, Low Data Risk, and No Workflow Rip-and-Replace
For a new app, trust starts with clarity: what gets installed, what data stays out of scope, and how RefundSentry fits into the tools you already use.
No Raw PII Stored
Shopify customer IDs and SHA-256 hashes of email and phone for cross-store matching. No raw names, emails, addresses, or payment data ever touch our database.
No raw names or emails storedNo raw addresses storedNo payment data
Privacy by Design
Return behavior analysis without building personal customer profiles. GDPR-ready from day one.
Minimal data collectionCustomer IDs onlyAggregate statistics
Real-Time Scoring
Returns are analyzed during webhook processing so your team sees new risk signals as activity comes in.
