Staying Ahead Of First-Party Fraud & Abuse

Uploaded on 2025-03-28 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Ecommerce fraud is undergoing a fundamental shift. While payments fraud has long been the dominant concern for retailers and payment providers, a more complex threat is emerging; first-party fraud and abuse.

This type of fraud, which involves consumers exploiting chargebacks, returns, and refund policies for personal gain, is now driving a significant portion of online retail losses.

New data highlights the severity of this trend. Ecommerce fraud surged by 20% in the past year alone, amounting to over £56 million in reported losses - up from £47 million the previous year.

This growth is being driven, not just by financial pressures on consumers, but by a rise in professional fraud-as-a-service operations, which make it easier than ever for bad actors to exploit online transactions.

The shift towards first-party fraud is partly due to worsening economic conditions. With inflation and the cost-of-living crisis continuing to put pressure on consumers, some are resorting to fraud to ease financial strain. However, it is no longer just individuals engaging in opportunistic refund abuse. Organised fraudsters are now offering sophisticated services that help customers claim refunds fraudulently in exchange for a cut of the money, allowing fraud to be carried out at scale. This has created a grey area where seemingly legitimate refund requests are, in fact, highly coordinated fraudulent operations.

The Evolution Of Fraud Tactics

At the same time, fraud tactics are becoming more advanced. Cybercriminals are exploiting vulnerabilities at multiple stages of the online purchasing journey, from manipulating shipping details to using AI-driven phishing attacks to compromise customer accounts. We are seeing a rise in address and IP spoofing, where fraudsters mask their locations using mobile proxies or breached banking credentials to evade detection. In some cases, fraud rings are placing over 100,000 fraudulent orders in rapid succession, overwhelming merchants and making it difficult to distinguish genuine purchases from fraudulent activity.

Returns and refund fraud, in particular, has become a major challenge for online retailers. While many merchants have already tightened their policies in response to increasing abuse, fraudsters have quickly adapted. Some are creating fake tracking details and counterfeit return labels to trigger refunds without ever returning the item. Others are working with insiders at logistics companies to falsely mark packages as lost or damaged, forcing retailers to issue refunds that should never have been approved. The growing popularity of social commerce, where goods are sold through platforms like Instagram and TikTok, is making it even easier for fraudsters to exploit loopholes in fulfillment and delivery processes.

Strengthening Fraud Prevention Strategies

Retailers need to take urgent action to address this escalating threat. Investing in more sophisticated fraud prevention technologies is essential, particularly solutions that use link analysis to track behavioural patterns and identify repeat offenders. By monitoring transactional data across multiple accounts, merchants can spot connections between fraudulent users based on shared IP addresses, devices, or purchase histories, helping to flag and block suspicious activity before it causes financial damage.

Moreover, tightening refund and return verification processes will be critical, however adding too much friction could incur resentment from loyal customers.

Many retailers are already implementing stricter evidence requirements, such as requiring photo proof for faulty items or leveraging advanced tracking systems to verify lost shipments. However, to further mitigate return fraud and reduce customer frustration, businesses are increasingly turning to machine learning and behavioral analytics to identify patterns associated with serial returners. By analysing purchase histories, return frequencies, and discrepancies in claims, retailers can differentiate between genuine customers and those exploiting return policies.

This data-driven approach allows for more targeted fraud prevention while maintaining a seamless experience for legitimate shoppers.

Looking ahead, social commerce fraud prevention will become an increasingly important focus. With ecommerce sales through social media platforms expected to reach $1.2 trillion globally by the end of 2025, fraudsters will continue shifting their tactics to exploit these channels. Behavioural data from social platforms could help verify transaction legitimacy, adding another layer of security for merchants looking to combat first-party fraud and abuse.

The reality is that fraudsters will always evolve their methods to stay one step ahead. For retailers, the key to long-term resilience is taking a proactive approach to fraud prevention.

By investing in advanced fraud detection, refining policies, and strengthening intelligence-sharing efforts, merchants can better protect themselves from the growing threat of first-party fraud - before it becomes an even bigger financial liability. The time to act is now.

Xavier Sheikrojan is Senior Risk Intelligence Manager at Signifyd

Image: Lima Santos

You Might Also Read: 

New Exploits & Examples Of Online Fraud:

« Rethinking The Role Of Penetration Testing
Half of Employees Use Shadow AI  »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Athena Dynamics

Athena Dynamics

Athena Dynamics focuses on Cyber Security, especially in Critical Information Infra-structure Protection and Enterprise IT Operation Management products and Services.

CyberOne

CyberOne

CyberOne (formerly Comtact) offer a full stack cybersecurity service to ensure our customers understand the cyber maturity of their organisation.

Viavi Solutions

Viavi Solutions

Viavi Solutions is a global leader in both network and service enablement and optical security performance products and solutions.

Stealthcare

Stealthcare

Stealthcare is a full service, global cyber security firm offering solutions that educate, empower and protect.

VietSunshine

VietSunshine

VietSunshine is a leading provider of network security infrastructure and solutions in Vietnam.

HKCERT

HKCERT

HKCERT is the centre for coordination of computer security incident response for local enterprises and Internet Users in Hong Kong.

Ledger

Ledger

Ledger is a leader in security and infrastructure solutions for cryptocurrencies and blockchain applications using its proprietary technology.

Zamna

Zamna

Zamna (formerly VChain Technology) is an award-winning software company building GDPR compliant identity platforms for the aviation industry.

Adlumin

Adlumin

Adlumin Inc. provides the enterprise-grade security operations platform and managed detection and response services that keep mid-market organizations secure.

Lewis Brisbois

Lewis Brisbois

Lewis Brisbois offers legal practice in more than 40 specialties, and a multitude of sub-specialties including Data Privacy & Cybersecurity.

Anonomatic

Anonomatic

Anonomatic’s mission is to make data privacy secure, simple and cost effective. We are Data and Privacy Experts who are passionate about helping organizations solve PII compliance.

LayerX Security

LayerX Security

LayerX's user-first browser security platform turns any browser into the most protected & manageable workspace, by providing real-time monitoring and governance over users’ activities on the web.

Technology Innovation Institute (TII)

Technology Innovation Institute (TII)

TII is a UAE-based research center that aims to lead global advances in AI, robotics, quantum computing, cryptography and secure communications and more.

Technation

Technation

Technation proudly represents the Canadian technology companies that are furthering our nation and the world into the future through innovation, creativity and ingenuity.

BJSS

BJSS

BJSS is an award-winning technology and engineering consultancy for business.

Simpson Associates

Simpson Associates

Simpson Associates is a Data Transformation and managed services provider that helps organisations gain valuable insights from their data and make better-informed decisions.