By NHI Mgmt Group Editorial TeamPublished 2026-07-06Domain: Governance & RiskSource: Riskified

TL;DR: Major regional differences in return frequency, social-media influence, and what shoppers consider acceptable make one-size-fits-all return policy and fraud controls unreliable, according to Riskified’s 2026 survey of 2,091 consumers across seven markets. The data shows fraud and ecommerce teams need market-specific thresholds, sharper communications, and models that reflect local behaviour rather than global averages.


At a glance

What this is: This report shows that return abuse, consumer tolerance, and fraud signals vary sharply by market, so global policy templates do not work well across regions.

Why it matters: Fraud and ecommerce teams need market-aware controls because the same return pattern can be normal in one country, suspicious in another, and harmful if enforced uniformly.

By the numbers:

👉 Read Riskified's report on regional return abuse patterns and consumer behaviour


Context

Return abuse is a policy and detection problem, not just a customer behaviour problem. In ecommerce, the same return request can reflect honest purchase behaviour, local norms, or coordinated abuse, which is why global rules often fail when they ignore market context.

For identity and fraud teams, the important lesson is that behaviour baselines need to be segmented. Although this is not an IAM or NHI case in the strict sense, it still maps to governance logic: the control threshold must fit the population being governed, or the organisation creates false positives, friction, and blind spots.


Key questions

Q: How should teams calibrate return-fraud controls across different markets?

A: Use regional baselines rather than a single global threshold. Return frequency, social influence, and consumer tolerance vary widely, so review rules should be tuned to local behaviour and not just enterprise averages. A control that works in Tokyo may be noisy in Shanghai, while a rule that fits the US may miss elevated abuse elsewhere.

Q: Why do generative AI tools matter in return and refund claims?

A: Generative AI can make claims more polished and persuasive, which weakens manual review methods that depend on tone, grammar, or narrative structure. Teams should assume claim text is no longer a reliable standalone signal and should combine it with account, transaction, and item-level evidence.

Q: What do ecommerce teams get wrong about return abuse?

A: They often treat return abuse as a universal behaviour problem instead of a market-specific governance problem. The same return pattern may be normal in one region, suspicious in another, and reputationally sensitive in a third. Policy design has to reflect local norms or it will create avoidable friction.

Q: How can organisations communicate stricter return policy without alienating customers?

A: Explain the real cost of returns, the behaviour the policy is trying to prevent, and why the rule is different in that market. When customers understand the rationale, they are more likely to see enforcement as fair rather than arbitrary. Transparency is part of the control, not just a support message.


Technical breakdown

Market segmentation changes how return risk is measured

Return abuse cannot be modelled effectively with a single global threshold when customer behaviour diverges so sharply by region. A market with high repeat-return frequency, strong social amplification, or greater tolerance for borderline behaviours needs a different baseline than one where those patterns are uncommon. This is a measurement problem first, and a fraud problem second. If the model treats all markets as interchangeable, it will either over-flag normal activity or under-detect organised abuse. Practical implication: segment return-risk scoring by market before tuning review thresholds or automation rules.

Practical implication: segment return-risk scoring by market before tuning review thresholds or automation rules.

Generative AI is raising the quality of suspicious claims

The report shows that consumers are already using generative AI tools to help with return or refund claims, including in potentially fraudulent cases. That matters because text quality alone becomes a weaker signal when claims are more polished, more persuasive, and easier to standardise. Fraud controls that rely on tone, grammar, or complaint structure will miss sophisticated abuse and may also overlook legitimate cases generated with AI assistance. The better approach is to combine language signals with behavioural, transaction, and account-level evidence. Practical implication: move claim review away from text-only heuristics and into multi-signal fraud detection.

Practical implication: move claim review away from text-only heuristics and into multi-signal fraud detection.

Policy communication is part of the control plane

A return policy does not only govern behaviour through enforcement. It also shapes whether customers see controls as fair, arbitrary, or punitive. The report suggests that transparency about the real cost of returns can change how customers behave, which means communication is part of the control design, not just a customer service layer. Markets with low tolerance for return abuse may accept stricter rules, while others need clearer explanations to avoid backlash. Practical implication: treat policy wording, placement, and enforcement rationale as part of the operating model.

Practical implication: treat policy wording, placement, and enforcement rationale as part of the operating model.


NHI Mgmt Group analysis

Global return policy suffers from a governance assumption that consumer behaviour is stable across markets. That assumption breaks when one region normalises frequent returns and another treats the same behaviour as exceptional. The result is not just inconsistent fraud detection, but inconsistent customer treatment. Practitioners should see market segmentation as a governance requirement, not a merchandising preference.

Claims quality is becoming less reliable as a signal because generative AI can smooth the language of abuse. When AI can make a weak claim look legitimate, manual review based on tone or phrasing loses value fast. This does not mean the fraud is more sophisticated in every case, but it does mean the old heuristics have less discriminatory power. Teams need to assume language alone will underperform as AI-assisted claims become normal.

Return controls are now a customer experience issue as much as a fraud issue. A threshold that is sensible in one market can create avoidable friction in another, especially where honest customers already expect different norms. That means the control objective is not only detection, but proportionate enforcement. The practitioner conclusion is straightforward: align controls to regional behaviour baselines or risk turning fraud policy into self-inflicted customer attrition.

Regional return-abuse baseline: a single global threshold is too blunt for markets with radically different norms, social influence, and tolerance for borderline behaviour. The article makes clear that China, the US, Japan, Brazil, Singapore, Mexico, and the UK do not behave like one homogeneous customer base. The implication is that governance must distinguish between abuse, local custom, and acceptable friction before policy is enforced.

Behavioural fraud modelling must outgrow text-only review. Once generative AI enters the claim process, the language on the page is less trustworthy as an indicator of legitimacy. The practitioner implication is that teams should weight account history, item patterns, refund timing, and device or transaction context more heavily than prose quality alone.

What this signals

Return governance is increasingly a segmentation exercise. Organisations that treat every market as if it behaves like the enterprise average will keep misclassifying honest customers while missing concentrated abuse patterns, especially where social platforms normalise bad behaviour.

Regional control drift: the real risk is not just fraud volume, but policy mismatch. When the same rule is enforced across markets with different norms, the organisation creates unnecessary friction and weakens trust in the control itself.

For ecommerce leaders, the next step is to make policy explainable at the market level. That means aligning review thresholds, customer messaging, and upstream product signals with the behaviour patterns each region actually shows.


For practitioners

  • Set market-specific return thresholds Build separate baselines for regions with different return frequencies, abuse patterns, and consumer tolerance levels. Do not use one global trigger for review, restriction, or manual escalation.
  • Reweight fraud review away from text quality Combine claim language with account history, transaction behaviour, refund timing, and item-level patterns so polished AI-assisted claims do not bypass detection.
  • Tune monitoring for coordinated behaviour In markets where social platforms influence returns, look for clusters, repeat patterns, and shared tactics rather than treating elevated volume as purely individual behaviour.
  • Explain policy changes in customer-facing language State why a rule exists, what behaviour it is trying to prevent, and why the threshold differs by region so enforcement is seen as targeted rather than punitive.
  • Review upstream merchandising signals Where returns are driven by product mismatch, improve photography, sizing tools, and product-page accuracy before tightening enforcement alone.

Key takeaways

  • Return abuse is not uniform, so global policy templates create both false positives and blind spots.
  • Generative AI makes claim text less trustworthy, which pushes fraud review toward behavioural and transactional signals.
  • Transparent, market-specific policy design is now part of fraud control, not just customer communications.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

NIST CSF 2.0, NIST SP 800-53 Rev 5 and CIS Controls v8 set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
NIST CSF 2.0PR.AC-4Access and policy enforcement need regional calibration to avoid over- and under-control.
NIST SP 800-53 Rev 5SI-4Monitoring and detection must separate normal regional variance from suspicious return patterns.
CIS Controls v8CIS-8 , Audit Log ManagementBehavioural review depends on logs that preserve claim, account, and transaction evidence.

Tune enforcement rules to the local risk profile and review thresholds against observed behaviour by market.


Key terms

  • Regional Return Baseline: A regional return baseline is the expected level and pattern of returns for a specific market, not the enterprise as a whole. It helps teams decide what is normal, what needs review, and where policy should be stricter or more flexible based on local consumer behaviour.
  • AI-Assisted Claims: AI-assisted claims are refund or return requests prepared with generative tools that improve wording, structure, or persuasiveness. The key risk is not that AI automatically makes a claim fraudulent, but that it reduces the usefulness of language-based review signals and increases the need for behavioural evidence.
  • Policy Friction: Policy friction is the cost a customer experiences when a control feels cumbersome, unfair, or poorly explained. In returns governance, excess friction can reduce trust, trigger complaints, and make legitimate customers behave like adversaries in response to overly blunt enforcement.

What's in the full report

Riskified's full report covers the operational detail this post intentionally leaves for the source:

  • Country-by-country consumer attitude breakdowns for the seven surveyed markets
  • Retail leader interview findings on how brands are adjusting policy and enforcement
  • Market-level examples of acceptable versus unacceptable return scenarios
  • The underlying survey design and respondent mix for practitioners who need context

👉 The full Riskified report includes the market-by-market detail behind the return policy findings.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building or maturing an identity security programme, it is worth exploring.
NHIMG Editorial Note
Published by the NHIMG editorial team on 2026-07-06.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org