Why You Need Ecommerce Fraud Management to Help Stop Bad Actors

Retail “bad actors” engage in various types of fraud that can damage your online store’s profitability and reputation. And despite rigorous attempts to stop them, 98% of 1,082 merchant professionals surveyed in a 2025 Visa study still experienced fraud “in the past 12 months.”

Why the continuing high risk of fraud? Once online retailers shut down one fraud method, bad actors find another. The bottom line is ecommerce businesses like yours may find it difficult to sustain growth without fraud risk management.

In this article, we’ll profile today’s retail bad actors, explain how they erode profit, and outline an ecommerce fraud management strategy that stops them without alienating honest customers.

Who are today’s bad actors?

Some of today’s bad actors commit fraud unintentionally. But that doesn’t mean the damage to your ecommerce store is any less real. Here are the most common types of bad actors to watch out for.

“Friendly fraud” shoppers

Friendly fraud mainly takes the form of chargebacks. These occur when shoppers make an online purchase with their credit cards, receive the item, and then request a refund by disputing the charge with their credit card company.

How can this activity be considered friendly? The customer can’t figure out how to use the item, so they claim the item is defective or falsely advertised. In this scenario, the customer isn’t being malicious.

But there’s also the unfriendly kind:

• A malicious fraudster steals a customer’s credit card information and uses it to make a purchase. The credit card owner rightfully disputes the charge. 
• In another scenario, a fraudster uses their own card to purchase an item. The item arrives, but they claim it didn’t. You, the merchant, send a gift card in an attempt to save the relationship. The fraudster also disputes the charge with the credit card company. Their goal? A “free” item and a gift card, so now you’ve been doubly defrauded.

Chargeback-related fraud is increasing. Mastercard estimates “annual global chargeback volume could reach 337 million” by 2026, “a 42% increase over 2023 levels.”

Return and refund abusers

Return and refund frauds generally take two forms.

Wardrobing

Bad actors who “wardrobe” try on a recently received shirt or plug in a new speaker, then initiate a return. 

These bad actors leave tags on apparel and return items in the original packaging. You, the retailer, have no idea the items have been used.

In some cases, wardrobing customers will accidentally damage the new product, then initiate a return claiming it was damaged during transit.

Returning fakes

A thorn in the side of luxury brands is bad actors who make a legitimate purchase but then try to return a cheap knock-off of the high-end product.

The fraudster pockets the cash from the return and may try to resell the original item.

Package pirates

Package pirates — also known as porch pirates — are malicious bad actors who steal recently delivered products from customers’ doorsteps. They often try to resell the stolen goods.

These situations force the victim to initiate a refund or request a replacement.

Account takeover fraudsters

More sophisticated bad actors use malicious bots to steal ecommerce account credentials. 

These bad actors usually start with usernames and passwords pulled from a data breach or purchased on the dark web. Then they might deploy a “credential stuffing” bot that rapidly enters these credentials across multiple sites, hoping to gain access.

If successful, these bad actors can steal even more customer data and place fraudulent orders.

How bad actors damage ecommerce companies

Bad actors damage more than your profit margin. They can also damage your reputation, jeopardizing your ability to acquire and retain honest customers. Any ecommerce fraud management system you put in place must safeguard your brand from the following fallout.

Retail shrink

Retail shrink is a metric that compares assumed inventory to actual inventory. Bad actors send this metric into the red zone by depriving you of actual inventory through chargeback fraud or fake returns.

Bad actors reduce the number of products you can sell to honest customers, and they’ve robbed you of the revenue those lost products could have generated.

Higher operational costs

Bad actors make business operations more expensive. Manual reviews of suspected fraud can eat up hours of staff time, which might demand the hiring of additional team members.

Higher processing costs

An inescapable cost for merchants is credit card processing fees. These fees can rise over time if credit card companies receive excessive chargebacks tied to your business. Some of these companies might drop you all together, cutting you off from a payment method legitimate customers might prefer.

If you choose to challenge a chargeback, the credit card company will likely charge you an additional fee for the trouble, which they often keep even if you win the appeal.

Customer experience friction

Hasty attempts to stop fraud can irritate honest customers and jeopardize your attempts to retain them.

For example, suppose you slap a $10 fee on all returns, regardless of customer history, to discourage bad actors. You risk reducing legitimate conversions more than you reduce actual fraud.

Distorted demand forecasts

Demand forecasting saves you from buying too much or too little inventory. Too much, and you risk a warehouse full of unwanted merchandise, which you must pay to store (or destroy). Too little, and you force customers to buy from a competitor.

Successful bot orders can distort demand forecasts. A bot attack that depletes a specific item may lead you to believe demand is high for that item. Without a fraud risk management solution in place, you might order more of the item, resulting in excess inventory.

Direct financial losses

Add up the impact of the bad-actor tactics above, and the hit to your bottom line becomes painfully clear. 

The 2024 LexisNexis “True Cost of Fraud” study reported that US merchants lose $4.61 for every dollar of revenue lost to fraud. That’s up 23% since 2022.

Ecommerce fraud management best practices

Your ecommerce fraud management program must take a proactive approach to stopping bad actors. 

Automate chargeback prevention.

Managing chargebacks efficiently is critical, given the enormous financial and operational burdens they pose. 

Of course, it’s possible to challenge chargebacks manually. But you must gather evidence that your business was the victim of a bad actor. This takes time, plus you need to remember to follow up with payment processors if they are slow to respond to your claim.

Software provider Chargeflow takes these tasks off your plate. It automatically gathers information about each chargeback and will present evidence of suspected fraud to your payment processors. It also integrates cleanly with major ecommerce platforms like Shopify, which makes it easier for Chargeflow to gather information for its appeals.

Score every return for abuse.

Returns are one of the great battlegrounds for ecommerce customer loyalty. But thanks to bad actors, many online stores add unnecessary friction to the returns process in an attempt to stop them. 

This friction can frustrate legitimate shoppers who might otherwise be loyal to your brand. In a 2024 study from DeliveryX, “54% of [UK] shoppers see easy returns as very important.”

You can make returns easier for honest customers and more difficult for bad actors by partnering with Extend, which empowers merchants to leverage behavior-based insights — including customer loyalty, return frequency, and LTV — to score return requests. You can configure the platform to fast-track refunds for low risk customer transactions, while setting parameters to divert higher risk customer transactions toward store credits or manual review.

Enable passkeys.

Passkeys allow shoppers to access their online accounts without usernames or passwords. Instead, customers verify their identities with fingerprint scans and facial recognition. Customers authorize passkeys to save this data, which they can use to shop securely across devices. 

Without usernames and passwords to steal, bad actors can’t resort to phishing, credential stuffing, and other common online attacks. Amazon rolled out passkeys in 2023, but today, organizations of all sizes can implement them.

Besides protecting your business and user accounts from bad actors, passkeys reduce ecommerce friction. No longer will customers need to click the “Forgot password?” button. 

Some passkeys can automatically populate shipping and payment preferences once the user’s identity has been authenticated. They save customers the step of reentering this information each time they check out.

If you’re a Shopify merchant, you can integrate Passage-provided passkeys with your online store.

Stop bots before they hit “Add to Cart.”

Despite the security and enhanced experience passkeys offer online shoppers, many won’t create one. Which makes their login data susceptible to theft and use by malicious bots. 

As we’ve noted, these bots are responsible for credential stuffing, a common bad-actor ploy to buy items with stolen credentials. Bots are also behind “denial of inventory” attacks, in which they add items to a shopping cart without completing the purchase. This tactic artificially depletes inventory, causing stockouts and annoying legitimate customers.

Software service providers like Cloudflare monitor your network traffic and use machine learning to identify visits from malicious bots. The system deflects these bots without blocking beneficial bots like search engine crawlers.

Essential ecommerce fraud management metrics

A robust metrics dashboard is the best way to test the efficiency of your fraud risk management solution.

Dispute ratio

Also known as chargeback rate, this metric measures the percentage of chargebacks relative to total credit card transactions. It’s an essential metric for merchants looking to reduce fraud, since credit card companies typically penalize merchants if they reach a specific chargeback threshold.

For example, Mastercard flags a merchant who sees 300 or more chargebacks per month as a “High Excessive Chargeback Merchant” (HECM). Once flagged, a merchant “that is identified in HECM for at least 4 months will be assessed EUR/USD 5 per chargeback for each chargeback over 300.”

Dispute ratio (%) = [number of chargebacks (disputes)] / (total number of transactions for a specific period) * 100

What is a good dispute ratio? According to Chargebacks911, “you may want to aim for a ratio of 0.65% or below; this puts you below Visa’s ‘Early Warning’ threshold.”

Return-fraud rate

Once you start automating return-fraud detection with partners like Extend, your return-fraud rate (RFR) should decline over time. Use this RFR calculation:

Return-fraud rate (%) = (number of fraudulent returns / total number of returns) * 100

Consistent declines in RFR year-over-year is a good indication that your risk-management solution is effective.

False positive decline rate

A false positive occurs when a fraud-detection system flags a legitimate transaction as fraudulent. Honest customers flagged as false positives will likely take their business elsewhere, so minimizing these situations is critical.

False positives are often the result of three common flaws in a fraud-management solution:

• Overly restrictive rules: Fraud-detection systems function according to rules you set. Rules that are too sensitive can lead to false positives. For example, a customer on vacation might place an order using their credit card, but you flag the transaction because it's not in their home city or country.
• Incomplete or inaccurate data: False positives often occur when your various software solutions don’t share data. Suppose you flag a known bad actor trying to make a return. But that bad actor has a name similar to one of your best customers. Unless your fraud detection system integrates with your CRM, which contains information that would distinguish one from the other, your system could flag the legitimate customer.
• Evolving fraud tactics: Bad actors are always coming up with new techniques to take advantage of you. Your systems might initially flag legitimate transactions as fraudulent until they adapt to these new tactics.

Measure your false positive decline rate with this formula:

False positive decline rate (%) = (number of false positives / number of total declines) * 100

There isn’t a universally accepted standard for this metric. But like the return-fraud rate, you should see consistent declines YoY.

Net promoter score (NPS)

Finally, confirm your fraud risk management program hasn’t upset the customer experience by calculating NPS.

NPS is a good, common measure of customer loyalty. Ask a question like “How likely are you to recommend [your brand] to others based on your returns experience?” Give the customer a scale of zero to 10, with 10 signifying “most likely.” 

NPS = percentage of promoters (those scoring 9 to 10) - percentage of detractors (those scoring 0 to 6)

A score of 70 or greater is considered excellent and indicates a relatively frictionless experience. 

Always leave space after the initial question for customer feedback in case a shopper experiences some friction. Send the survey via SMS, email, or via a chatbot if the customer used it.

Add Extend to your ecommerce fraud management program

The sad reality is that fully eradicating ecommerce bad actors is unlikely. But with Extend, you can minimize fraud losses related to returns. Using behavior-based intelligence and AI, Extend’s post-purchase platform can help you lower costs by weeding out repeat abusers without complicating the experience for customers you want (and need) to keep.

Integrating Extend with your existing tech stack isn’t difficult. You’ll keep many bad actors from succeeding due to a lack of data sharing between systems. We integrate with Shopify, BigCommerce, and the customer support helpdesk platform Gorgias.

For next steps, take a look at our resources on how to avoid the operational pitfalls of manual ecommerce fraud detection and prevent retail return fraud. Then contact us here for a free demo of our suite of tools to enhance the post-purchase experience for honest customers.