TL;DR: Returns, refunds and exchanges cost ecommerce merchants $394 billion worldwide, and Riskified’s playbook says stricter policy and fee changes often punish good customers while failing to definitively stop abuse. The underlying problem is that returns controls still treat trust as a transaction rule set, not an identity and behaviour problem.
NHIMG editorial — based on content published by Riskified: Returns, refunds & exchanges: How to stop good customers from paying the price of policy abuse
By the numbers:
- Returns, refunds, and exchanges are a $394 billion expense for ecommerce merchants worldwide, and rampant fraud and abuse are a hidden menace within this massive cost center.
- Riskified commissioned Opinium and the Center for Economics and Business Research to survey 500+ directors of ecommerce with oversight of fraud, risk and policy abuse.
- The survey covered ecommerce enterprises with at least $50M in annual revenue across 11 representative countries.
Questions worth separating out
Q: What breaks when returns fraud controls rely only on policy rules?
A: Policy-only controls miss the identity and behavioural context that distinguishes a legitimate customer from a repeat abuser.
Q: Why do returns and refunds need identity-based governance?
A: Because the decision is not just whether an item qualifies for return, but whether the requesting identity has behaved consistently enough to deserve trust.
Q: How do merchants know if return controls are actually working?
A: They should look for lower abuse rates without a matching rise in false positives, customer complaints, or abandonment from legitimate shoppers.
Practitioner guidance
- Implement behavioural linkage for refund decisions Link claims to account history, device patterns, fulfilment outcomes, and payment behaviour so repeated abuse is visible across otherwise normal-looking transactions.
- Tier returns by trust level Use risk-based treatment for returns, exchanges, and exception handling so low-risk customers move quickly while suspicious cases receive additional review.
- Reduce dependence on blunt policy tightening Measure whether stricter windows or higher fees actually reduce abuse or simply shift cost onto legitimate customers and support teams.
What's in the full report
Riskified's full report covers the operational detail this post intentionally leaves for the source:
- Survey findings on how hundreds of ecommerce peers are dealing with returns abuse and policy pressure in practice.
- Economic modelling and cost insights that show where abuse is hitting merchant margins and operations most directly.
- Industry-by-industry benchmarks that help teams compare their own returns and refund posture against peers.
- The report’s identity-based approach for preventing abuse without compromising customer experience.
👉 Read Riskified’s playbook on returns, refunds, and exchanges abuse →
Returns refund fraud and policy abuse: what merchants need to change?
Explore further
Policy abuse is an identity trust problem disguised as a returns problem. Merchants often focus on the transaction that triggered the refund, but the real control question is whether the requesting identity has earned the same trust as a low-risk customer. That means account history, device continuity, and behavioural linkage matter more than a single order event. The field needs to move from transaction screening to lifecycle trust assessment, with fraud and IAM teams sharing the same view of identity risk.
A question worth separating out:
Q: Who is accountable when return policy enforcement harms good customers?
A: Accountability should sit with the combined fraud, customer experience, and policy governance owners, not with support teams alone. If a control punishes legitimate customers, the merchant has not only a fraud problem but also a governance problem, because the decision framework failed to balance protection and fairness.
👉 Read our full editorial: Returns abuse exposes the cost of identity blind spots in ecommerce