What a Customer XO conversation with Jordan Gesky, ecommerce CX leader at SYRN, reveals about where ecommerce fraud hides, where fraud actually lives now, and why a brand’s own disconnected teams are the biggest enabler
Ask most operators to picture ecommerce fraud and they still see a stolen credit card at checkout. That is the trailer version. Where ecommerce fraud hides today is further downstream, in the gaps between the teams that run a brand: marketing builds the promotion, ecommerce chases the orders, the warehouse processes returns, and support absorbs whatever is left. The most expensive losses are not a single dramatic breach. They are ordinary looking refunds, returns, and redemptions that no one system connects into a pattern.
That’s the argument at the center of the Customer XO episode “Your Data Silos Are the Real Fraud Engine,” Wyllo’s podcast for ecommerce customer experience leaders. Host Jordan Shamir sits down with Jordan Gesky, an ecommerce CX leader who came up through big-box retail before spending close to a decade in customer experience, to make an uncomfortable case: the biggest enabler of modern fraud is rarely the fraudster. It is the brand’s own disconnected data.
The stakes are not small. The National Retail Federation’s 2025 returns research put total US returns near $850 billion and found that roughly nine percent of returns are fraudulent, with tactics like empty box and box of rocks returns widely reported by retailers that track the problem. Most of that loss books quietly, as a return or a refund, precisely because it never trips the systems built to watch checkout.
Watch the Episode
Also on Apple Podcasts and Spotify.
Fraud Moved. Your Org Chart Did Not
The shape of ecommerce fraud has shifted from the transaction to the relationship. Payment fraud at checkout still exists, but it is well defended and it leaves an obvious trail: a chargeback, a dispute code, a clear counterparty. The fraud that is growing lives after the sale, in returns, claims, and promotions, and it rarely announces itself. It looks like a customer being a customer.
That shift matters because most detection is still pointed at the front door. Brands invested in screening the order and left the rest of the journey lightly watched. Meanwhile the people who exploit policy have learned exactly where the blind spots are, and they tend to sit between departments rather than inside any one of them.
Data Silos Are the Real Fraud Engine
Here is the mechanism the episode is named for. Follow one abusive pattern through a typical brand and you watch it slip between four teams. Marketing launches a promo code. Ecommerce celebrates the order spike. The warehouse receives a return and refunds on scan. Support fields the follow-up. Each team sees its own sliver, each sliver looks normal, and the data from one function almost never reaches the next.
Abuse settles into that space between policies. A code leaks on the marketing side, gets redeemed at scale on the ecommerce side, converts to a refund on the returns side, and no single system assembles the dots into something anyone can act on. As Gesky puts it, the biggest enabler is not an organized ring, it is the org chart. Without shared signals and automated triggers, the person who ran a play once and got paid has simply learned the path of least resistance, and nothing in the data stopped them from running it again.
The Scams That Live in the Gaps
The episode grounds the thesis in the tactics CX teams actually see.
- Return label switching. A shopper edits or reroutes the prepaid return label so the carrier scan shows the item heading back while the package goes elsewhere, or nowhere. The scan triggers a refund, the goods never return, and the loss books like an ordinary return. Wyllo’s guide to preventing returns fraud covers the operational controls.
- Leaked and abused discount codes. A private or influencer only code gets posted publicly, sometimes on TikTok, and spreads the instant someone screenshots it. Browser extensions apply codes automatically at scale. By the time the margin report looks wrong, the orders have already landed. This is classic policy abuse territory.
- Fake damage and never arrived claims. Manufactured photos and false delivery disputes turn the support queue into a payout channel, a core piece of post-purchase fraud.
None of these require breaking into anything. They exploit the seams in how offers and returns are created, distributed, and honored.
Fraud Versus Abuse, and Why It Matters
One of the more useful distinctions Gesky draws is between fraud and abuse. Fraud is deception: a stolen instrument, a faked return, a fabricated claim. Abuse is stretching a legitimate policy past the point it was designed for, like the shopper who returns worn items every time or reclaims a new customer discount on a tenth account. The right response differs. Fraud calls for hard controls. Abuse calls for policy design and judgment, because the person on the other end is often a real customer whose behavior you want to reshape rather than block. Blur the two and you either wave through deception or alienate good customers. Naming them separately is the first step to closing the gap between them.
Protect the Team, Not Just the Margin
Sitting in that gap, absorbing every hard call, is the CX team. A recurring theme of the conversation is that constant judgment calls without support or data burn people out. When a rep has to decide, alone and in the moment, whether a tearful email is a genuine service failure or a practiced script, and gets no signal from the systems around them, the job becomes exhausting and the decisions get inconsistent.
The healthier model gives agents context, not just scripts. It also retires the reflex that the customer is always right in favor of something more useful: treating customers fairly based on what the data actually shows. A shopper who used a code that leaked is often worth a warm reply and a small goodwill gesture. A pattern of new accounts hammering the same code, or a repeat swap-return profile, deserves a closer look. That is customer intent doing the work, not a blanket policy that punishes everyone to catch a few.
How Wyllo Helps
Wyllo is the risk intelligence platform for commerce, built to connect the behavior of the same customer or cluster across orders, accounts, returns, and support interactions, so the pattern that hides between your teams becomes a single, decisionable view.
- Wyllo Return Fraud and Abuse Prevention applies risk models to return label switching, empty box claims, and serial returners, and supports risk based return policies so friction scales with the signal.
- Wyllo Bot and Reseller Detection surfaces promo code exploitation, multi-account and new customer offer abuse, and scraping, so a leaked code does not quietly become your top performing campaign.
- Wyllo Claim and Policy Abuse Prevention catches policy exploitation upstream, before it hardens into a refund or chargeback no one can trace.
- Wyllo CX Support puts risk scores and next best actions inside the tools your agents already use, so the person making the call can see the customer’s full history in the moment.
The point is not to treat every return or discount as a threat. It is to connect the signals so you know which ones are. Judgment over rules.
Frequently Asked Questions
Where does ecommerce fraud hide today?
Increasingly after the sale, in returns, refunds, claims, and promotions, rather than at checkout. It hides in the gaps between a brand’s marketing, ecommerce, warehouse, and support teams, where no single system connects the behavior into a pattern. That is why losses often book as ordinary returns or refunds instead of flagged fraud.
Why are data silos a fraud risk?
Because abuse crosses departments while data usually does not. A leaked code, a scaled redemption, and a fraudulent refund can be three views of the same actor, but if marketing, ecommerce, and returns each see only their piece, no one assembles the full picture and the same tactic keeps working.
What is return label switching?
Return label switching is a post-purchase scam in which the shopper alters or reroutes the prepaid return label so the carrier scan shows the item returning while the package goes elsewhere or nowhere. The scan triggers a refund, but the brand never recovers the goods, and the loss is easy to miss because it books like an ordinary return.
What is the difference between fraud and abuse?
Fraud is deception, such as a stolen payment method or a faked return. Abuse is stretching a legitimate policy past its intent, like reclaiming a new customer discount on multiple accounts. Fraud calls for hard controls, while abuse calls for smarter policy and judgment, because the person is often a genuine customer.
How can brands close the gaps in where ecommerce fraud hides without adding friction for good customers?
Connect promotion, order, return, and support data so patterns are visible across teams, then score intent at the customer level rather than judging one event at a time. Trusted customers keep a low friction path while risky patterns get a closer look, which protects both margin and the relationship.
Where Ecommerce Fraud Hides: Bringing It Together
The reason the same scams keep working is not that they are sophisticated. It is that they are distributed. They borrow a little from marketing, a little from ecommerce, a little from the warehouse, and a little from support, and they count on those four never comparing notes. The brands that get ahead of this over the next few years will not be the ones with the harshest policies. They will be the ones that connect what each team already knows and read intent across the whole journey, so a genuine customer gets generosity and a coordinated pattern gets clear eyes.
Fraud moved. The advantage goes to whoever closes the gaps first. Curious where ecommerce fraud hides in your own data? Explore the Wyllo platform for connected intelligence across the full customer journey, or start with Wyllo Return Fraud and Abuse Prevention where most of the hidden loss lives.