What’s refunding? Fraudster: “It’s like pulling off a heist in broad daylight with the store’s blessing.” (Yes, that’s a real quote.)
Refund scams and schemes kicked into overdrive during the COVID-19 pandemic and never disappeared. They’re so much a part of the online criminal ecosystem now that, just as there used to be carding guides everywhere to introduce young fraudsters to the tricks of credit card fraud, there are refunding guides as well.
I’m not sure that all merchants have understood how significant or entrenched this fraud has become. It’s not a trend that will disappear — it’s now part and parcel of the online fraud landscape. As we continue into 2025, I want to get the message across that merchants need to think beyond payment fraud and especially include protection against refund fraud.
The best way I can think of to showcase how important this is is to give it to you directly from a fraudster. In this article, I will quote from a popular Refunders’ Playbook from the dark net and highlight some of the most important things to note from it. What I found striking about the guide was how it clearly shows the truth of things fraud fighters have tried to explain for a long time.
So, as this fraudster says: “Welcome to refunding, a practice that’s been revolutionizing fraud while most of you were still fumbling with stolen card numbers.”
Refunding: What & How
Let’s be clear about the definition of refunding here because fraudsters certainly are:
“Refunding, in its essence, is the art of purchasing items, keeping them, and still managing to get your money back.”
How? “It’s all about manipulating the system, making the company believe you have a legitimate claim for a refund when you’ve actually received and kept the product.”
Fraudster Focus #1: “It’s a game of psychological manipulation”
To really clean up with refunding, fraudsters need to become familiar with the policies and customer support processes of the specific merchants they’re targeting. I’ve heard more stories than I can count of customer service representatives who recognize a fraudster’s voice on the phone line when they hear it because they’ve heard them so many times before. Those fraudsters are efficient, breezing through the steps of the process like a dance.
At the same time, to outsmart retailers who give their reps more latitude about blocking refund fraud, fraudsters also learn which techniques and personas to use for greatest effect with individual support personnel: sob story, distracted mother, angry customer threatening legal action, lover of a particular sports team the rep also supports, etc.
The guide shows that this isn’t the occasional rare instance of a particularly savvy fraudster. Fraudsters are entirely conscious of how this works, and they advise each other about how to get the best results:
“The key to successful refunding is knowing which technique to apply to which retailer and product. It’s a game of psychological manipulation, exploiting customer service protocols and sometimes, straight-up technical [hijinks].”
Merchant Takeaway: Preventing this kind of fraud has to be an effort that includes more than the fraud prevention department, and the internal training you provide has to take the psychological aspect of the challenge into account, unpack its deviousness for your audience, and give tools for handling it.
Fraudster Focus #2: It’s all about ROI
I say this so often that I probably sound like a broken record, so this time, I’m letting these fraudsters speak for themselves.
The fraudster guide educates its readers to aim for “a profit-maximizing masterpiece,” which “maximizes profits while minimizing risk.” That’s as good an explanation of ROI as I’ve ever heard.
It cautions, “Don’t get too greedy or obvious.” “Remember, this game is about balance — between risk and reward, between greed and caution.”
Merchant Takeaway: If you make fraud or abuse too difficult for a fraudster, they’ll leave in search of an easier target. They aren’t interested in you, specifically. It’s all about their return on investment.
Fraudster Focus #3: “The cold, hard math of customer retention”
Where customers see a great experience, fraudsters see an opportunity. They’re completely, coldly, calculating about this:
“You might wonder why retailers don’t just tell refunders to [buzz] off. The answer lies in the cold, hard math of customer retention.”
Fraudsters even track the importance of smooth returns to customers — just like your own business probably does!
“The average lifetime value of a customer far outweighs the cost of a few fraudulent refunds.
91% of customers say a good return policy influences their decision to shop with a retailer again. Companies that make returns easy experience a 357% higher conversion rate.”
And they understand what that means for them: “For big retailers, it’s often cheaper to eat the cost of some fraudulent refunds than to implement stricter policies that might drive away legitimate customers. They’re playing a numbers game, and for now, the math favors a lenient approach.” As the guide also notes, “This creates a sweet spot for refunders.”
That even impacts the most likely geography for an attack: “Interestingly, refunding has found its most fertile ground in the United States. The reason? America’s almost fanatical devotion to customer satisfaction. In a country where “the customer is always right” isn’t just a saying but a way of life, companies are more likely to cave to demands, creating a perfect ecosystem for refunders.”
Merchant Takeaway: It’s time to stop creating “the perfect ecosystem for refunders.” You don’t need to accept fraud as the price of providing a great customer experience. Instead, start personalizing the returns process so that good customers get the service they deserve and fraudsters and abusers are identified early and stopped from exploiting the system.
Fraudster Focus #4: “The smartest fraudsters don’t limit themselves”
Fraud fighters tend to think in terms of the categories we use to make sense of and analyze the ever-evolving, complex landscape of online fraud. But fraudsters, almost by definition, are outside the box kind of people. If they see rules, they look for loopholes. If they see a process, they find ways to exploit it.
They mix techniques, attack types, and more. Refunding is no exception: “We’re pretty smart, so we don’t limit themselves (sic) to one technique. Combining carding and refunding can create a powerful one-two punch.”
Rather than laying out their own funds for the initial item, fraudsters can purchase goods using a stolen payment method and then pretend they never received the item, or it was damaged, or the box was empty, or… You get the idea. This guide explains exactly how to do it all. It even recommends that fraudsters get into the habit of cheating twice within the same scam, so they end up with not one but three items for free.
Merchant Takeaway: Don’t fall into the trap of limiting your thinking according to the categories that make analysis easier because fraudsters won’t. They’ll do whatever works, and they’ll do it as often as they can.
Fraudster Focus #5: Gift cards are a bonus
Gift cards are always a favorite among the criminal fraternity. They have a place in the refunding world as well. The guide gives the example of attacking Amazon:
“Bonus Round: If you’re feeling extra spicy, you can use Amazon Gift Cards (AGC) to add another layer of obfuscation. Card AGCs, load them onto your account, buy the item, refund it, then transfer the AGC balance to another account. Rinse and repeat for maximum profit.”
Merchant Takeaway: Remember, gift cards are free money as far as fraudsters are concerned. Make sure your business is protected.
Fraudster Focus #6: Professional and self-aware
The stories about fraudsters you read in the news often show criminals giving themselves away through laughably obvious arrogance or incautious behavior. The thing is, by definition, those are the ones who got caught. The ones who get away are smarter.
“Remember, this game is about balance — between risk and reward, greed and caution. The most successful players aren’t just skilled; they’re adaptable. So keep your wits sharp, your methods fresh, and your digital footprint light.”
This guide is clearly written by someone who takes their nefarious craft seriously. They’re writing for an audience of emerging criminals who want to do the same. Again, it comes back to ROI; if they invest in getting it right, they’ll reap the rewards.
Merchant Takeaway: Don’t let the need to fight fires distract you from the bigger picture. Ensure your team has time to track trends, learn from mistakes, and strategize to protect the future. Fraudsters take their work seriously, so you can’t let them get ahead.
Fraudster Focus #7: Always pushing the boundaries
There is not much that surprises me about fraud these days, but I was impressed by how creative and considered this guide was. The author obviously looks across the whole user journey, trying to refine the techniques and processes available to commit the perfect refunding crime.
Here are some examples of the recommendations in the guide that stood out to me:
- Check that the item is in stock before requesting a replacement
- Vary your approach to avoid raising suspicion
- Use a VPN or residential proxy when social engineering — they can log your IP
- Don’t copy excuses verbatim — customize them to sound natural
- Consider the “water damage” excuse for high-value items: “The box was soaked through and has completely broken my item.”
This guide says the best results come when you tailor your trickery to the time, merchant, and item.
Merchant Takeaway: If fraudsters are tailoring their approach, fraud fighters can’t do less. Invest in identity-focused intelligence so that criminals can’t make a habit of taking advantage of your business.
Final Thought
I must admit I enjoyed this particular guide very much, which is why it was still fresh in my mind — especially as I began to think about the challenges of refunds, returns, and the year ahead. This fraudster is smart, sarcastic, and sure of themselves.
What I find more sobering, however, is that this clever criminal put this guide together not to entertain me or my fellow fraud fighters but to make our work harder. It’s a playbook to teach fledgling fraudsters how to expand their abilities and scope of attack. It’s detailed, clear, and effective.
The more resources like this I see, the more obvious it becomes to me: Fraud fighters need to ensure their company is invested in a holistic, identity-based approach to customers that will help them accurately identify legitimate, cheating, and fraudulent users and provide the appropriate experience for each one. It’s always been important, but it’s now urgent, as well.
Doriel Abrahams is the Principal Technologist at Forter and host of ‘What the Fraud?,’ where he monitors emerging trends in the fight against fraudsters, including new fraud rings, attacker MOs, rising technologies, etc. His mission is to provide digital commerce leaders with the latest risk intel so they can adapt and get ahead of what’s to come.