Full Report
Most online merchants now believe customers pose as big a threat as professional fraudsters
Analysis Summary
This article summarizes findings from Ravelin's *Global Fraud Trends 2025* report concerning fraud losses and customer abuse affecting online merchants.
# Incident Report: Rise in Customer-Abuse Fraud Costing Merchants $11M Annually
## Executive Summary
Online merchants experienced substantial financial losses, averaging nearly $11 million per company last year due to fraud, with a significant increase in first-party fraud tactics like chargeback fraud and refund abuse. The trend is expected to continue, as a majority of surveyed professionals anticipate fraud volume to rise in the near future, driven by customers increasingly attempting fraudulent actions.
## Incident Details
- Discovery Date: Information derived from the "Global Fraud Trends 2025" report (Reporting Date: May 15, 2025). The data reflects trends up to the previous year.
- Incident Date: Ongoing losses throughout the previous year, with trends continuing into the current year.
- Affected Organization: 1466 global fraud and payments professionals surveyed.
- Sector: Retail, Travel & Hospitality, Digital Goods, and Marketplaces.
- Geography: Global (Survey of global professionals).
## Timeline of Events
### Initial Access
*Note: This is a summary of evolving fraud *techniques* rather than a traditional targeted cyber attack timeline.*
- Date/Time: Ongoing, reflecting trends over the past year.
- Vector: Customer abuse tactics, primarily friendly fraud (chargebacks) and refund/returns abuse.
- Details: Customers making legitimate purchases but falsely disputing transactions (chargeback fraud) or abusing return policies (e.g., claiming non-existent damage).
### Lateral Movement
Not Applicable (This incident focuses on transactional fraud originating from the customer side, not internal network movement).
### Data Exfiltration/Impact
- What was stolen or damaged: Direct financial losses due to fraudulent transactions, chargebacks, and costs associated with processing abuse (estimated average loss of nearly $11m per company). Card-Not-Present (CNP) fraud remains the most expensive ($61\%$), but chargeback fraud ($41\%$) and refund abuse ($21\%$) are rapidly increasing in cost contribution.
### Detection & Response
- How it was discovered: Data compiled by Ravelin based on surveys of fraud and payments professionals.
- Response actions taken: Merchants are actively monitoring and attempting to mitigate these rising fraud levels, though 77% reported an increase in fraud volume.
## Attack Methodology
- Initial Access: Exploitation of legitimate customer interaction points (purchasing, payment processing, returns/refund policies).
- Persistence: Continuous use of abusive tactics throughout the customer lifecycle.
- Privilege Escalation: Not applicable, as this involves exploiting policy and banking systems, not internal privilege gain.
- Defense Evasion: Deceptive practices used during chargeback claims (claiming goods were not received or unauthorized purchase) and refund requests.
- Credential Access: Not specified as a primary vector, though related to payment authorization.
- Discovery: Not applicable in the traditional sense; the "discovery" is the identification of the trend by the researchers.
- Lateral Movement: Not applicable.
- Collection: Collection of goods or services under false pretenses for financial gain.
- Exfiltration: Financial loss realized through successful chargebacks or manipulated refunds.
- Impact: Direct financial loss and operational strain from managing high volumes of disputes.
## Impact Assessment
- Financial: Average loss of nearly $11m per company. CNP fraud is cited as the most expensive type overall.
- Data Breach: Not a typical data breach; impact is financial/transactional.
- Operational: Increased strain on fraud and payments teams dealing with 77% more fraud volume reported by respondents.
- Reputational: Not explicitly detailed, but operational failures in handling abuse can degrade customer experience.
## Indicators of Compromise
- Network indicators: N/A (Focus is transactional/behavioral).
- File indicators: N/A.
- Behavioral indicators: Frequent chargeback disputes (friendly fraud), excessive or suspicious refund claims on otherwise valid purchases.
## Response Actions
- Containment measures: Implicitly, the surveyed professionals are employing measures to track and prevent these specific abuses (e.g., stronger chargeback defense processes).
- Eradication steps: Not explicitly detailed for this summary, but likely involves tightening refund policies and improving transaction monitoring logic.
- Recovery actions: Mitigating financial write-offs related to fraudulent chargebacks and refunds.
## Lessons Learned
- First-party fraud (customer abuse) is a rapidly increasing threat vector, moving beyond just traditional organized criminal activity.
- Shoppers feel more emboldened to commit fraud, with nearly half (47%) of respondents noting increased propensity to attempt fraud.
- Marketplaces are being hit particularly hard by rising fraud volumes.
## Recommendations
- Implement robust transaction monitoring specifically tailored to detect anomalies in refund and returns behavior.
- Enhance chargeback defense mechanisms, focusing on proactively gathering evidence for transactions most likely to result in 'friendly fraud.'
- Review and potentially restrict refund policies that are easily abused, balancing customer goodwill with fraud risk management.