How to Prevent FTID Fraud: A Merchant’s Playbook

Image of ecommerce return box with altered shipping and how to prevent FTID fraud

FTID is one of the most preventable forms of return fraud once you stop trusting a single signal. Here’s the operational playbook for how to prevent FTID fraud without slowing down honest refunds.

Fake tracking ID (FTID) fraud is costly precisely because it looks legitimate: a carrier scan says “delivered,” your refund automation pays out, and the original product never came back. The good news is that it’s also one of the most preventable return-fraud patterns, because it relies on a single weak assumption you can design around. Apparel brand Everlane, for example, now blocks roughly $30,000 to $40,000 a month in FTID losses with Wyllo by treating returns as something to verify rather than refund on faith.

Return fraud and abuse are a documented and growing cost across retail, as the National Retail Federation’s research on consumer returns tracks year over year, and FTID is one of its harder-to-spot variants. This is a prevention playbook, not a primer. For the full definition and mechanics, see Wyllo’s glossary entry on fake tracking ID (FTID) fraud. Here we focus on what to actually do about it.

FTID in One Sentence

FTID fraud is a return scam in which a bad actor submits a fake or unrelated tracking number so a refund is triggered without the real item ever coming back. It works because three systems don’t talk to each other: carrier tracking confirms movement, return workflows optimize for speed, and refund automation treats a “delivered” scan as proof of a valid return. Preventing it means never letting that single scan be the whole decision.

The Prevention Playbook for How to Prevent FTID Fraud

Reducing FTID exposure is about layered controls, not one rule. The controls fall into three groups: operational, policy, and behavioral.

Stop Paying Refunds on a Scan Alone

The core fix. For any return carrying risk signals, hold the refund until physical receipt and intake verification, rather than releasing it on a delivery scan. Instant refunds are a real loyalty driver, so reserve them for trusted, low-risk returns instead of removing them for everyone.

Verify at Intake

Check that what arrived matches what should have. Weight and packaging consistency checks catch empty envelopes and low-value substitutes. Confirming the returned shipment’s origin and destination catches labels routed to a nearby ZIP to fake a delivery scan. These checks matter most on high-value items.

Validate the Tracking, Not Just Its Status

A tracking number showing “delivered” is not the same as your item arriving at your facility. Carrier systems are built to confirm that a package moved, not what is inside it, as USPS’s own package-tracking documentation reflects. Confirm the shipment’s characteristics match the expected return, not merely that some number cleared a scan.

Risk-Score Every Return

Score returns the way you score orders, using identity, order history, return behavior, and connections to other accounts. That lets honest refunds stay fast while only the high-risk ones get held for verification, so prevention doesn’t become friction for good customers.

Connect Repeat Behavior Across Accounts

FTID is rarely a one-off. The same actor, or a cluster of linked accounts, runs the play repeatedly. Connecting activity across orders and accounts surfaces abnormal return-success rates and the relationships that expose a ring, even when each return looks fine alone.

Align Fraud, Support, and Warehouse

FTID attempts are often paired with social engineering: repeated pressure on support agents to push a refund through quickly. Define when refunds issue on a scan versus on receipt, set escalation criteria for high-value or suspicious returns, and make sure support knows not to override a hold under pressure.

A Real Example of How to Prevent FTID Fraud

Everlane identified FTID as a repeat return-abuse pattern rather than isolated incidents, and now prevents an estimated $30,000 to $40,000 in monthly FTID losses with Wyllo. The lesson isn’t a single rule; it’s pairing logistics data with behavioral intelligence so the pattern is caught before the refund goes out.

FTID vs. Item-Not-Received Fraud

These two get confused because both exploit the gap between tracking data and reality, but they run in opposite directions. Item-not-received (INR) fraud claims a delivered order never arrived. FTID fraud fakes a return that never happened. The prevention logic is the same in spirit: don’t treat one tracking event as proof, and read the intent and pattern around the claim before paying out.

How Wyllo Helps

Wyllo is the risk intelligence platform for commerce. FTID is a precise example of why a single status flag isn’t enough: a “delivered” scan looks like a completed return, but the intent and pattern around it tell the real story. Risk flags the suspicious return; intent decides whether to pay out or verify.

Precision over paranoia.

Frequently Asked Questions

How do you prevent FTID fraud?

Stop paying refunds on a carrier scan alone for higher-risk returns. Verify receipt and contents at intake (weight, packaging, label origin), validate that the shipment matches the expected return, risk-score returns so honest refunds stay fast, connect repeat behavior across accounts, and align fraud, support, and warehouse teams on when a refund can be released.

Can FTID fraud be detected automatically?

Yes. Risk scoring that combines identity, order and return history, delivery outcomes, and cross-account connections can flag the returns most likely to be FTID and route them for verification, while low-risk returns keep getting fast, automatic refunds.

Why isn’t a “delivered” tracking scan enough to approve a refund?

Because carrier tracking confirms that a package moved, not what was inside it or whether it reached your facility. A fraudster can supply a tracking number from an unrelated shipment or route a label to a nearby address to generate a “delivered” scan without returning the real item.

Is FTID the same as item-not-received fraud?

No. INR fraud claims a delivered order never arrived; FTID fraud fakes a return that never happened. Both exploit a gap between tracking data and reality, and both are best prevented by not trusting a single tracking event and by reading the pattern behind the claim.

Bringing It Together

FTID is a loophole, not a sophisticated hack, which is exactly why it’s preventable. It works only when a refund system mistakes a tracking scan for a verified return. Close that gap, verify the high-risk returns at intake, and read the intent and pattern behind a return before the money goes out, and you keep refunds fast for honest customers while shutting the door on the ones gaming the scan.

Curious how risk-scored returns would close your refund-on-scan gap? Start with Wyllo Return Fraud and Abuse Prevention, or explore the Wyllo platform for connected intelligence across the full customer journey.

More from the blog

Customer Stories

Join our Newsletter

Subscribe to our weekly newsletter to get the latest news, updates, and amazing offers.

Want to Learn More?

If you’re an ecommerce brand looking to improve post-purchase experience without increasing risk, this is a partnership worth exploring. Chat with our team to see it in action.

You might also like

Install Wyllo

Select your ecommerce platform to start your free two-week trial.​

See Wyllo in Action

Contact the Wyllo team and we’ll be in touch within one business day to schedule your personalized demo. 

Let's find those
bad actors.

Contact the Wyllo team and we’ll review your system together to identify the bad actors.