BlogJanuary 3, 2024

9 Types of Return Fraud & How to Mitigate Risk

Introduction to Return Fraud

According to the National Retail Federation, 13.7% of all returns are deemed fraudulent, with merchants losing an average of $13.70 to fraud for every $100 in returned merchandise. Fraud schemes have grown increasingly complex and have even turned into enterprises designed to exploit eCommerce loopholes that take advantage of customer experience best practices. As the digital marketplace expands, so does the ingenuity of fraudsters looking to exploit return policies for financial gain. In this article, we delve into the intricate world of return fraud, dissecting the nine distinct types that pose a threat to retailers along with solutions that mitigate risk.

Item Not Received/Did Not Arrive

When a shopper alleges non-receipt of a purchased item — also known as item not received (INR), did not receive (DNR), or did not arrive — such claims are typically routed through the customer service department. Professional refunders commonly exploit this method, compiling lists of retailers with lenient refund policies. They study thresholds for easy refunds (such as order value and quantity) related to misplaced packages. These refunders may offer to handle refunds on behalf of consumers for a percentage of the order value. Additionally, numerous DIY courses are available for those interested in pursuing refunds independently.


Merchants should internally decide when to apply prevention measures for return fraud that could add friction to the customer experience, considering factors like a specific dollar threshold or repeat offenses. Ideally, if a customer has a history of claims with other vendors, mandate this information before approving a claim. Implement deterrents such as requiring a written affidavit for checks at neighbors, mailboxes, etc., or instructing customers to file a police report for refund complaints. Maintain a record of requests and, if under attack or notified by NoFraud of appearing in a dark channel, use the method of having customer service call back the account’s registered number to deter professional refunders.

Order Missing Some Items

Instances, where customers assert that an item is missing from their order or that they received an empty box, are infrequent but can indicate potential return fraud. If such claims become more prevalent, consider it a red flag and possible that your business is being promoted by fraudsters on forums as an easy target. These claims pose a challenge to disprove, highlighting the importance of vigilant fraud detection measures.


Ensure the weight of items and the shipping box remains consistent by referencing tracking reports that display such information. Consider investing effort in obtaining video footage of the fulfillment process, a measure that can effectively thwart fraudulent activities. Additionally, analyze patterns among shipping and distribution centers to identify potential issues in the last-mile delivery network. Using branded packing tape is another practical deterrent, preventing unauthorized opening (and resealing) of packages along the delivery route. And as always, keep track of who submits claims so you can block repeat offenders.

Item Arrived Damaged

A fraudulent ‘item arrived damaged’ claim occurs when a customer deceitfully asserts that a product they received was damaged during shipping or delivery. For example, falsely claiming a leaky battery was delivered to secure an instant refund or replacement that can be used for illegitimate resale or to gain two items for free.


Safeguard your business from this type of return fraud by requesting an image of the purportedly damaged product. Introduce a proactive reverse image search policy, as fraudsters may exploit internet images to falsely support damage claims. Additionally, ensure the return of the item for thorough verification.

Boxing and Product Swaps

Boxing and product swaps are similar in that the original item is not returned. Product swaps involve returning an item of significantly lower value or non-authenticity — some sort of similar item. For instance, a person might buy an expensive handbag only to replace it with a knockoff before returning it. Historically prevalent among high-end retailers, product swaps now affect retailers of all types due to the convenience of return processes. 

Similarly, boxing is when a customer purchases a high-value item and then returns an inferior product. Boxing differs from product swaps in that the returned item contains no value. For example, a customer buys an expensive electronic item like a TV, removes the original content, replaces it with something else (such as plywood to maintain the weight), and returns the package. 


Make sure refunds are processed solely upon the inspection of goods, not upon the receipt of the package by the warehouse or the scanning of the return label. In the event of a delay, send an email to keep the customer informed about their status during the refund process. Lastly, consider a ban on repeat offenders.

Fake Tracking ID (FTID)

Fake Tracking ID (FTID), a package redirection scam, involves manipulating the tracking information on a label. Shipping companies only require the tracking information on a label to scan it. Scammers will manipulate the label to maintain scan functionality, which often triggers a refund issuance, while ensuring it gets lost. This manipulation varies in sophistication, ranging from intricate alterations to simple “cut and paste” methods. The tracking will often show as delivered to a random warehouse, designated for pickup, or will get lost once it passes the label scan at distribution. Ultimately, the recipient (if there is one) will have no idea who the package belongs to as the rest of the label, including return address, has also been edited. 

Sometimes, scammers manipulate the tracking to show delivery to a different location within the same zip code, which some shippers may mistakenly consider proof of successful delivery. To identify if you’re a victim, ask your team these questions:  

  • Are refunds being issued upon label scan?
  • Has your warehouse received numerous empty packages, potentially labeled with your information?
  • Have you observed an increase in lost or missing packages in your reporting?


To prevent the fake tracking ID fraud, consider two approaches:

  • Stop issuing refunds upon label scans and ONLY upon successful inspection of the goods in the warehouse.
  • Modify the return policy to require customers to present a QR code at a shipping drop-off center. Have the center generate the label through the QR code, ensuring customers cannot tamper with the tracking information. Explore the possibility of integrating with shipping partners for streamlined implementation.


Wardrobing refers to the fraudulent practice of purchasing clothing or other items, using them temporarily, and then returning them for a refund. The item is sometimes used for work, a special event, or even just for a photo op (think #OOTD posts on Instagram).


Closely monitor return rates per customer, identifying and addressing repeat offenders who engage in excessive returns. Consider implementing measures to deter wardrobing, such as attaching bulky and visible tags that cannot be easily concealed. For instance, the use of a 360 ID Tag or something similar can serve as a visual deterrent, making it challenging for customers to engage in deceptive practices during the actual use of the item.

Innys or Innies

“Innys” or “Innies” is a colloquial term referring to individuals who possess the capacity to aid criminals in perpetrating fraud, often leveraging their access to products, packages, or software through their employment. These individuals may include friends, relatives, or recruits seeking a share in the illicit gains orchestrated by a criminal mastermind. Examples of “Innies” include:

  • Customer service representatives capable of processing fraudulent returns 
  • Employees in returns centers who can issue unauthorized refunds
  • USPS employees with the ability to slap a label on certain shipments
  • FedEx Employees that mark a package as delivered, even taking a photo, then putting the item back in the truck

This term encompasses anyone involved in the package’s journey or possessing the authority to issue refunds, and “Innies” are not limited to schemes related solely to return fraud but may be involved in various types of fraudulent activities.


Identifying these scenarios can be challenging, with the “inny” often being the least suspected. Detecting such situations requires investigative efforts.

For fraudulent refunds:

  • Examine who is issuing these refunds.
  • Compare the refund issuance rates among employees; is there a significant difference?
  • Note the time of day when these refunds occur; some employees may process “refund batches” after hours.
  • Track the frequency of refunds throughout the day and identify any patterns.

For other fraud types:

  • Monitor any increase in INR claims in specific cities or zip codes.
  • Look for a surge in lost packages (tracking) after passing through a particular distribution center or zip code.
  • Investigate reports of partially fulfilled items in specific geographical locations.

Close collaboration with shipping providers, distribution centers, customer service teams, and possibly law enforcement is essential to pinpoint the actual source of the crime. NoFraud can provide advice in most situations, sharing possible fraud entry points and what other merchants have implemented to curb or stop attacks.

Software Trojan Horses

Malicious software trojan horses exploit vulnerabilities in software, facilitating swift refunds on behalf of professional refunders. These cyberattacks predominantly target software capable of processing refunds, including returns and customer support applications.


Monitor refund patterns diligently, following the guidance provided to safeguard against “innies.” Maintain a concise, secure list of authorized employees with refund capabilities. If you observe an unusual spike not attributed to an employee (verify through the software provider’s IP address tracking), escalate the matter to the software provider. Given the prevalence of such cases, the software should be well-acquainted with addressing this issue.

Fraud as a Service

Fraud as a Service (FaaS) is a cybercrime model where individuals or groups offer various fraudulent activities or services for a fee. For return fraud, professional refunders are paid a percentage to guarantee a return. These fraudsters will use a variety of methods to carry out their crimes — including FTID, innys, or INR/DNR — for those willing to pay for these services. Fraud as a Service is really hard to detect as the customer service calls seem very legitimate.


Monitor your return and refund metrics closely. If you notice a sudden surge in return or refund requests and suspect potential involvement in fraud as a service, consider these two tactics:

  • Set up a reliable confirmation method like requiring a callback to the number associated with the order. Professional refunders often use spoofed numbers that are not tied to the authentic cardholder’s details to hide their identity.
  • Temporarily tighten your refund policy until the surge subsides.

NoFraud Helps Fight Return Fraud

As we navigate the challenges of the increasing complexities of return fraud, it’s clear that taking proactive steps is key to safeguarding your business. At NoFraud, we’re here to be your partner in this fight, offering personalized solutions to strengthen your defenses and protect your business’s success. Our team has a deep-rooted history in fraud prevention and we’re always available to offer insight on emerging fraud trends for merchants that are eager to get ahead of growing threats to their business.

NoFraud Protection is a comprehensive solution designed to defend businesses against various types of online fraud. From payment fraud to account takeover and return fraud, the platform leverages advanced technology and real-time analysis to detect and prevent fraudulent activities. It offers a multi-layered approach, incorporating machine learning, behavioral analytics, and manual review by experts to ensure accurate and efficient fraud prevention. With a focus on enhancing security without compromising user experience, the NoFraud Protection Platform is tailored to meet the evolving challenges of the digital landscape, providing businesses with a robust defense mechanism against online threats.

Ready to learn more?

Book a demo and see our accurate real-time fraud screening for eCommerce in action.

Ready to learn more?

Book a demo and see our accurate real-time fraud screening for eCommerce in action.

We offer Starter Plans for even the smallest sized businesses, including a free plan and plans that include chargeback protection for companies that process less than $50,000/month.

Businesses that process more than $50,000 in revenue/month qualify for custom pricing. Book a demo and see our accurate real-time fraud screening for eCommerce in action.

— or —
complete the form for us to reach out to you