By NHI Mgmt Group Editorial TeamDomain: Cyber SecuritySource: RiskifiedPublished June 22, 2026

TL;DR: A commissioned study of 2,091 consumers across seven countries found that 50% use generative AI to help draft return or refund claims, while 85% accept at least one strategic return behavior and 56% prefer tiered policies, according to Riskified research. The governance challenge is no longer just fraud detection; it is identity-aware policy enforcement at scale.


At a glance

What this is: Riskified’s research shows that AI-assisted return claims and normalized return abuse are changing the economics of ecommerce post-purchase risk.

Why it matters: Fraud, identity verification, IAM, and customer risk teams need controls that separate legitimate customers from abusive behaviour without collapsing the experience for trusted users.

By the numbers:

👉 Read Riskified's report on AI-assisted return abuse and ecommerce policy risk


Context

Return abuse is increasingly a governance problem, not just a customer service nuisance. When consumers can use generative AI to write persuasive refund claims, merchants have to evaluate intent, identity, and behavioural history rather than relying on the text of the request alone.

The identity angle is real even though this is a retail fraud and trust-and-safety topic. Repeated abuse across multiple identities, devices, and payment methods forces teams to connect identity verification, fraud scoring, account intelligence, and policy enforcement so that legitimate buyers are not treated like policy offenders.


Key questions

Q: How should ecommerce teams handle AI-generated return claims without overblocking good customers?

A: Treat AI-generated claims as a reason to strengthen evidence, not to deny every request. Score the claim against identity linkage, prior behaviour, device history, and payment consistency. Good customers should still move through a low-friction path when the data supports them. The goal is to distinguish persuasive text from trustworthy behaviour.

Q: Why do tiered return policies depend on identity confidence?

A: Tiered policies only work when the business can reliably recognise the same customer across accounts, devices, and payment methods. Without that, loyal buyers may be misclassified and repeat abusers may game the system. Identity confidence is what lets the merchant reward trust without creating easy bypass paths.

Q: What do retailers get wrong about refund abuse controls?

A: Many retailers focus on blanket refund rules instead of claim-specific evidence and operational context. That approach misses the fact that abuse often succeeds through process pressure, not technical compromise. Better controls use customer history, fulfilment verification, and risk scoring to make default approval much harder.

Q: How do merchants know if return controls are actually working?

A: They should look for lower abuse rates without a matching rise in false positives, customer complaints, or abandonment from legitimate shoppers. Useful signals include repeat-offender suppression, stable approval rates for low-risk customers, and reduced refund leakage on high-risk items. If friction rises everywhere, the controls are too blunt.


Technical breakdown

Generative AI is compressing the cost of persuasive fraud

The report shows that consumers are already using LLMs to draft return and refund claims, which lowers the effort needed to produce polished, plausible narratives. That changes the economics of abuse because the signal is no longer a badly written message or obvious inconsistency. Instead, the merchant has to detect intent through correlated behavioural evidence, transaction context, device history, and prior outcomes. In practice, this is closer to adversarial trust scoring than simple claims review.

Practical implication: move beyond text-only review and score return claims against identity, device, and behavioural history.

Tiered returns rely on customer identity confidence

Differentiated return policies only work when the business can distinguish trusted customers from repeat abusers with enough confidence to apply different treatment. That requires reliable identity linkage across accounts, payment instruments, devices, and fulfilment patterns. Without that linkage, tiering becomes noisy and inconsistent, which creates both fraud leakage and customer friction. This is where identity verification and account intelligence intersect with ecommerce fraud operations: the policy decision depends on how well the same person can be recognised over time.

Practical implication: strengthen identity correlation so policy tiers follow the customer, not just the account.

Behavioural normalisation creates policy drift

The study suggests a large share of consumers now treat borderline return behaviour as acceptable, which means abuse patterns can become socially normal before merchants update controls. That creates policy drift, where documented rules and real-world enforcement gradually diverge. From a security governance perspective, this is a form of control decay: policies look clear on paper but fail under scale, channel shift, and AI-assisted persuasion. Teams need monitoring that tracks not only fraud rates but also whether policy exceptions are becoming the default.

Practical implication: measure policy drift with exception rates, repeat-offender frequency, and enforcement consistency.


Threat narrative

Attacker objective: The attacker’s objective is to obtain refunds or store credit while avoiding detection and exploiting the merchant’s trust in customer communications.

  1. Entry begins with an AI-assisted return or refund claim that is written to sound legitimate and tailored to merchant language.
  2. Escalation occurs when the same actor reuses multiple identities, devices, or payment methods to bypass rule-based checks and accumulate successful claims.
  3. Impact is margin erosion, higher inspection costs, and weaker confidence that return policy enforcement is differentiating loyal customers from abuse.

NHI Mgmt Group analysis

AI-assisted return abuse is an identity problem disguised as a fraud problem. When consumers can use LLMs to generate convincing claims, merchants lose the old benefit of spotting poor language or obvious fraud cues. The real control question becomes whether the organisation can link behaviour across identities, devices, and payment methods with enough confidence to apply policy fairly. Practitioners should treat return governance as a customer identity and trust decision, not only a fraud review workflow.

Tiered return policy only works when the identity graph is reliable. Personalised treatment depends on recognising the same customer across sessions and instruments, otherwise loyal buyers get misclassified and repeat abusers slip through. That puts identity verification, account resolution, and fraud intelligence on the same control plane. The practical conclusion is that segmentation quality matters as much as policy design.

Social normalisation turns abuse into control drift. When 85% of consumers accept at least one strategic return behaviour, merchants face a moving baseline where enforcement pressure shifts from edge cases to the mainstream. That is a governance problem because policy exceptions start to look routine, which weakens the authority of the control. Teams should expect return abuse to behave like other policy erosion problems: slowly at first, then suddenly at scale.

Named concept: return policy identity resolution gap. This is the gap between knowing a claim is suspicious and knowing whether the claimant is a repeat offender operating across multiple identities. The report’s examples show why that gap matters: without durable identity correlation, fraud teams cannot separate abuse from legitimate loyalty with enough precision. Practitioners should close that gap before they expand tiered return programmes or AI-assisted review.

What this signals

Return abuse is converging with broader trust-and-safety automation. As AI makes fraudulent language cheaper to produce, merchants will need controls that evaluate identity confidence, not just claim content. For teams already handling identity verification and fraud operations, the practical shift is toward unified trust scoring across customer lifecycle events.

The next control maturity step is not harsher language in policies, but better correlation across identities, devices, and payment methods. That is where many programmes will find their first serious AI-assisted abuse blind spot, because text review alone cannot distinguish a real customer from a repeat offender wearing a new account.


For practitioners

  • Build identity-linked return scoring Correlate claims with device fingerprints, payment instruments, prior refund outcomes, and account history so abusive patterns are visible across channels.
  • Separate legitimate persuasion from abuse signals Use human review only for cases where identity-linked signals and transaction context disagree, rather than for every well-written claim.
  • Introduce policy tiers with governance thresholds Define when a customer can move into a faster or more flexible returns path, and require evidence thresholds before granting exceptions.
  • Track repeat-offender concentration Measure how many rejected or refunded returns cluster around the same identities, devices, or payment methods, and use that concentration to tune controls.

Key takeaways

  • AI-assisted return abuse turns post-purchase fraud into a governance problem because persuasive claims are now cheap to generate at scale.
  • The reported behaviour shift is broad enough to affect policy design, with 85% of consumers accepting at least one strategic return behaviour and 56% preferring tiered policies.
  • The control answer is identity-linked enforcement, where return decisions follow correlated customer behaviour instead of isolated account text.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

NIST CSF 2.0 and NIST SP 800-53 Rev 5 set the technical controls, while GDPR define the regulatory obligations.

FrameworkControl / ReferenceRelevance
NIST CSF 2.0PR.AC-1Identity proofing and authentication underpin trusted return decisions.
NIST SP 800-53 Rev 5AC-2Account management matters when abuse spans multiple identities and accounts.
GDPRArt.5Personal data used for identity-linked fraud scoring must stay proportionate and purpose-limited.

Tie return-risk decisions to identity assurance evidence and avoid policy decisions based on text alone.


Key terms

  • Return Policy Identity Resolution: The process of determining whether multiple returns, refund claims, or customer sessions belong to the same real person. In practice, it combines device, payment, account, and behavioural signals so merchants can apply policy consistently without over-relying on any single identifier.
  • Behavioural Normalisation: The point at which borderline or abusive activity becomes widely accepted enough that it no longer looks exceptional. In fraud and identity governance, normalisation weakens policy enforcement because teams start to treat repeated abuse as ordinary customer behaviour.
  • Identity-Linked Fraud Scoring: A scoring approach that evaluates suspicious activity using linked identity evidence rather than the content of one request or transaction. It is stronger than text review alone because it can identify repeat offenders across accounts, devices, and payment methods.

What's in the full report

Riskified's full report covers the operational detail this post intentionally leaves for the source:

  • Consumer survey breakdown by country, age group, and return behaviour type for benchmarking policy design.
  • Retail leader interview findings on how AI is affecting manual review, policy enforcement, and customer friction.
  • Examples of differentiated return treatment based on customer risk and behaviour, useful for operational teams.
  • Reported business outcomes from a luxury fashion brand using identity-based intelligence to reduce chargebacks and rejected-return losses.

👉 Riskified's full report includes survey findings, merchant interview detail, and the operational examples behind the trend.

Deepen your knowledge

NHI Foundation Level course, the industry's only accredited NHI security programme, covers NHI governance, machine identity security, IAM, and secrets management. It helps practitioners connect identity controls to the wider security decisions their programmes depend on.
NHIMG Editorial Note
Published by the NHIMG editorial team on July 14, 2026.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org