Three Types of Policy Abuse CFOs Should Care About

Three Types of Policy Abuse CFOs Should Care About

Policy abuse is soaring, with 75% of eCommerce merchants reporting an increase in the volume of policy abuse in the past two years. How do these grey area fraudulent activities affect online retailers' bottom lines?

Amateur policy abusers and those who are fraud-curious can now find countless practical – and affordable – guides to help them as they make their first steps in policy abuse. Riskified’s Dark Web researchers recently came across a $1-step-by-step guide to scamming fashion eCommerce giant Asos for an order refund.

The very definition of the term policy abuse has shifted. It used to describe loyal customers trying to squeeze out a little extra promotion at a favorite store. Today, it often describes career criminals who specialize in refund-related fraud, sophisticated serial abusers carrying out item-not received (INR), empty box, and other shipping-related scams, and resellers circumventing merchants’ product-limit policies. In addition, merchants combating policy abuse today are facing a rapidly growing industry of fraud-supporting services.

Screen Shot 2021 12 14 at 14.23.21 1

As eCommerce adoption boomed due to COVID-19, 75% of merchants also saw an increase in the volume of policy abuse from 2019 to 2021. 

Friendly fraud has become one of the most common types of attacks impacting merchants globally, rising in the Merchant Risk Council’s rank of most prevalent forms of payment fraud, from fifth place in 2019 to first place in 2021. Return and other policy abuse types, which have recently been categorized separately from friendly fraud, rose from seventh to fifth place. In a recent survey by Riskified, 46% of US merchants said that promo abuse had the biggest negative impact on their revenue in 2019. 

There are several types of policy abuse that can be detrimental to eCommerce businesses – let’s break down the three most common ones you should be paying attention to. 

Refund and return abuse

According to the National Retail Federation, US consumers returned an estimated $428 billion in merchandise in 2020, with double the number of online returns compared to 2019. The pandemic played a major role in this increase, with stores’ return policies easing up to streamline at-home shopping experiences. 

The year at home turned almost everyone into online shoppers and, perhaps unavoidably, into serial or even abusive returners. In a 2020 Propellor survey, one third of customers said they’ve committed INR abuse at least once. Customers have gotten more creative in having their cake and eating it too. Merchants have seen a rise particularly in empty-box returns and INR claims, and the retail sector is experiencing wardrobing: people ordering clothing, wearing it briefly (think Instagram hauls), and returning it for a full refund when they’re done. 

In addition to paying abusive refund claims, eCommerce businesses waste time and money investigating and handling them. By the time an item actually is returned, it is often deemed out of season or aged, even if it’s in good enough shape for resale. Other times, a return doesn’t include the product at all and merchants end up refunding against an empty box. 

On the other hand, merchants who add friction to the checkout flow in an attempt to stop this kind of abuse could discourage loyal customers from completing their purchases. Finding the correct balance is a challenge currently on many online merchants’ minds. 

Promo and referral abuse 

Thirty percent of customers admitted to creating fake accounts to get extra rewards, according to the same Propellor survey. About half of all customers said they believe it’s okay to do so, regardless of if they do or don’t. 

Some merchants see this as an acceptable behavior of enthusiastic customers, or write it off as part of the cost of doing business. But this abuse can have a much more significant impact on bottom lines, because it directly affects merchants’ promotional strategies. Customer misuse of referral promos, coupons, sign-up discounts, and other types of promotion abuse can create inconsistencies in your marketing reports and spend. 

With inaccurate reporting, merchants are unable to measure the effectiveness of the promotion and could also lose user retention on that campaign, based on how much of the stock went to abusers. Being unable to analyze past promos could impact strategy for future campaigns, likely resulting in a decline in customer acquisition and loss of revenue. 

Reseller abuse 

Resellers who circumvent item limits – usually by creating fake accounts to get more than the per-customer policy amount of products – negatively impact your customer acquisition and overall brand reputation. 

Customers bypassing retailer policy regarding one-item-per-person aren’t necessarily a cause for alarm, but they are a symptom of reseller activity. Typically, an item-limit promotion is intended to create hype and increase brand reputation. Resellers get in the way of this strategy. 

When abusers hoard promo products, you end up with frustrated customers who are unable to purchase the products they want and tend to direct their anger at the brand for failing to police its sales. This undermines loyalty-building efforts in an increasingly competitive environment. It can also lead to inventory scarcity problems, as well as unnecessary and expensive competition with your own products. And the domino effect continues. 

Our solution 

In an era when customers’ satisfaction with a brand depends greatly on the ease of its policies, it’s up to merchants to find the right amount of checkout friction to ban fraudsters while simultaneously welcoming new, legitimate customers. 

Merchants need to deliver clear guidelines around store policies to prevent unknowns for their teams and their customers. Otherwise, retailers should invest in a fraud prevention solution that prevents customers from abusing store policy, while keeping friction away from the customer journey. 


Riskified stops the abuse with Policy Protect. By using advanced machine learning and entity clustering capabilities to block abusers in real-time, Riskified is able to reduce friction for legitimate customers who have earned their perks. Request a demo here.