What new data from Happy Returns, a UPS Company, and Wyllo reveals about how return fraud really works and why the tools built to stop it keep missing.
For years, return fraud got filed under “policy abuse.” A wardrobed dress. An “item not received” claim. A serial returner gaming the window. Annoying, absorbable, yet ultimately a cost of doing business in ecommerce.
That framing is now dangerously out of date. And it points at the wrong problem.
Here’s the uncomfortable truth underneath the new data: most fraud prevention tools are built to answer one question at checkout — who is this person? Verified email, clean network history, known device, real card. Approve.
But identity is not intent. Knowing who someone is at the moment of checkout tells you almost nothing about what they’re going to do. A perfectly legitimate looking identity can still belong to a serial returner, a buy-wear-return abuser, or someone filing false claims. None of that shows up at checkout. It reveals itself afterward, in behavior, often days or weeks later, across channels your point tools can’t see into.
We pulled the data together in a new report with Happy Returns, a UPS Company, The Hidden Threat in Your Returns, drawn from aggregated, anonymized behavior across the Wyllo network. It reframes the problem entirely.
The Scale and the Concentration of Return Fraud
Start with the headline figure: nearly 1 in 10 returns is fraudulent. On higher value orders the risk concentrates fast. For orders over $500, 1 in 64 involves return fraud, and 1 in 27 is marked by return policy abuse like wardrobing.
But the volume isn’t the real story. The concentration is.
Only about 1% of shoppers get flagged as risky returners. That sliver is 85 times more likely to be flagged than the average customer, and among heavy returners, nearly 1 in 20 carries a fraud flag. These aren’t one-and-done opportunists. 80.6% of repeat fraudsters place another fraudulent order within a month of the first.
The margin damage is precise. A bad actor’s average order value is $591.87, of which $276.72 gets refunded — a 52.6% refund ratio on gross merchandise value. That’s not leakage. That’s a business model.
Which is exactly why a blanket policy crackdown is the wrong reflex. The problem is a tiny, identifiable group hiding inside a sea of legitimate returns. You don’t need to tax the 99%. You need to see the 1%.
One intent. Twenty-seven identities. $565,000.
The clearest picture of how modern return fraud works comes from a single actor Wyllo tracked over 2.7 years. Call them Fraudster A.
Across that window, Fraudster A placed 89 orders at 10 different retailers, generating $565,349 in GMV loss. To stay invisible, they operated behind 25 email addresses, 27 customer accounts, 42 IP addresses, 24 shipping addresses, and 22 billing addresses, cycling through 18 variations of the same first name and deliberately misspelling the last to dodge name matching.
Here’s the part that matters: every one of those identities looked fine on its own.
Twenty-seven clean accounts. Real looking emails and addresses. Nothing that tripped a threshold for the identity-first and point tools evaluating this person one account, one order, one retailer at a time. To each of them, Fraudster A wasn’t a repeat offender; they were two dozen first time shoppers.
The fraud was never in any single identity. It was in the pattern connecting them. And a pattern only becomes visible when you stop checking identity in isolation and start reading behavior across the full journey. That’s the difference between knowing who a shopper is and understanding what they intend to do.
This is the gap organized fraud is built to exploit. Nearly 1 in 5 fraudulent orders now traces back to organized criminal networks — groups that share retailer specific guides documenting which policies break, which support scripts reliably produce refunds, and which locations inspect loosely. Some package it as “refund fraud as a service.” A single working method gets deployed by hundreds of actors before a retailer notices the anomaly, and when a retailer changes a policy to close the hole, the workaround circulates across these communities in hours. Static rules are always a step behind.
Channel is the single biggest operational lever.
If the data points to one decision that moves the needle most, it’s how returns come back.
Mail-in returns carry a 6x higher fraud rate than in-person, box-free, label-free drop-off. The reason is structural: mail-in separates the customer from the moment of inspection. Empty-box returns, “box-of-rocks” swaps, fake-tracking-ID scams, and no proof claims all depend on the absence of real time verification, and any policy that refunds on carrier scan hands fraudsters their payout before anyone checks what’s in the box.
Flip the channel and the math flips with it. In-person drop off with item verification reduces return fraud by at least 85%. Barcode confirmation, product match, and quantity checks provide immediate, physical signals. Layer those with a real time behavioral risk score, and a flagged return simply doesn’t get refunded until it’s been audited.
The Shift: From Protection to Potential
When fraud spikes, the instinct is to tighten everything. Shorter windows. More hoops. Restocking fees across the board.
That’s a tax on your best customers and a speed bump for your worst, who adapt to the new rules faster than you can write them.
The better model flips the logic: friction only where it’s earned. Step friction down when trust is clear. Step it up when risk or abuse appears. Reward the trusted 99% with a frictionless return; route the risky 1% to verification before the refund clears. That’s only possible when you can tell those two groups apart in real time, and you can only do that by reading intent, not just checking identity.
Done right, this stops being loss prevention and becomes a growth lever. Every legitimate customer you don’t punish is retention you keep. Every fraudulent refund you stop before it clears is margin you protect. Risk moves from a cost line to a revenue line.
In the Happy Returns + Wyllo model, that’s three layers working together: in-person item scanning at drop off, behavioral risk scoring that flags risky returns and holds the refund, and AI-powered auditing that confirms fraud before it ever reaches the warehouse, with every confirmed signal feeding back to make the next decision sharper. Trusted shoppers never feel it. The 1% can’t get around it.
Read the Full Report on Return Fraud
The Hidden Threat in Your Returns breaks down the complete dataset, from the behavioral signals that predict fraud, to the the seven factors that make a retailer a target, to the five policy characteristics fraudsters actively trade, and the real Telegram chatter showing how organized networks react the moment a retailer changes refund timing.
If you run risk, CX, or post-purchase operations for an ecommerce brand, this is the clearest look yet at what you’re actually up against — and the model that turns your returns from an exposure into an advantage.
→ Download The Hidden Threat in Your Returns from Happy Returns and Wyllo.
Wyllo is the risk intelligence platform for commerce, combining pre- and post-purchase identity with behavioral signals to determine intent, so brands can adapt every interaction to reward trust, stop abuse, and grow revenue.
Methodology: Findings are based on aggregated, anonymized behavioral and transactional data observed across the Wyllo network between January 2025 and April 2026. “Fraudsters” are defined as unique flagged identities in the Wyllo dataset.
