Read “The State of Fraud and Abuse” report
Predicting ecommerce fraud trends is like predicting the weather. You lean on science, past experience, common sense and the evidence before you to lay out what people can expect to be coming their way.
One other similarity: There is no way on earth you’re going to get it completely right.
Fraud and those who practice the dark art are by their nature unpredictable. That’s the whole point. By behaving in unexpected ways, fraudsters trip up the experts at least long enough to make off with a staggering amount of valuables that can be converted to cash.
But, of course, with both the weather and online fraud, that doesn’t mean you don’t try to predict what’s coming, what to prepare for and what to work on to ensure that what’s ahead doesn’t do significant damage.
And so, with that as the cheery backdrop, here are our five 2025 retail fraud predictions:
1) Whatever changes you expect to happen will happen a lot faster than you expect
Why not start with a slam dunk? Just as fraud fighters have expanded and accelerated their ability to protect merchants from fraud and abuse, professional fraud rings have embraced innovation to speed up their evolution of evil.
Criminal fraud rings and even lone-wolf basement-dwelling fraudsters have benefited from the rise of generative AI, the improvement of bot technology and the relentless digitization of the world. With each of these advancements, the cost of doing business as a fraudster has declined. The barrier to entry of becoming an online scam artist has never been lower.
That low bar has created a lucrative industry that is growing quickly. In 2018, consultancy Juniper Research projected that online fraud would cost businesses $22 billion that year. By 2022, the projection was $41 billion. In 2023, the number was $48 billion. Ultimately, Juniper put the cost of online fraud between 2023 and 2027 at more than $343 billion.
Saying that ecommerce fraud will advance faster than we expect might not be the boldest prediction on the planet, but it is a useful one through which to view all the other predictions you encounter during this prediction-happy time of year.
2) The nascent industrialization of fraud will reach warp speed in 2025 and a tipping point
See No. 1 above. Seriously, while fraud has long been a global operation, the corporate nature of so many attacks in 2024 began to feel like something new. Expect more, faster.
In 2024, online brands continued to defend themselves against a fraud ring based in Southeast Asia that had been reformulating for two years in an attempt to avoid detection. After largely going underground following a huge holiday blitz in 2022, the ring resurfaced around the 2023 holiday season and worked for months, making off with an estimated $280 million in goods nationwide in the U.S..
These industrial-sized fraud operations benefit from all the technological advances we discussed in our first prediction. But they also benefit from building corporate-like structures with multiple revenue streams, teams focused on different aspects of operations and governments in developing countries that tend to look the other way as the rings break the law and haul in enviable profits. Because they tend to operate in lawless regions of the world, these organized crime rings can rely on a workforce built through human trafficking.
Criminal fraud rings are organized and profit-oriented enterprises
Signifyd Senior Manager, Risk Intelligence Xavi Sheikrojan spends his days studying fraud rings and devising ways to stay a step — or several — ahead of them. He says more and more they are highly sophisticated and operate in ways that anyone who’s worked in the corporate world would understand.
Given the success of these mega-fraud rings and the apparent lack of consequences, expect them to grow in size and number. They will continue to be a threat to online brands and their profits.
As these sophisticated rings grow more numerous and their attacks become more frequent, however, law enforcement and international agencies will step up the pressure they are applying. Already, grassroots organizations like Operation Shamrock and international agencies, including the United Nations Office on Drugs and Crime, are working to untangle the networks of cybercriminals that prey on consumers through fraud and engage in human trafficking to build their workforces.
2025 will be the year enforcement actions are launched against at least one of these rings.
3) We’ll look back at 2024 as the good, old days when it comes to first-party fraud and abuse
First-party fraud and abuse was bad in 2024, make no mistake. Online merchants worldwide told the Merchant Risk Council (MRC) that it was the second leading risk problem they faced. The first? Refund and policy abuse, which let’s face it, is first-party abuse by another name.
Consumer abuse, a subset of first-party fraud consisting primarily of false claims that an item never arrived or arrived in poor condition, was up by as much 15% year over year during several months of 2024, Signifyd data shows. In July, the MRC issued an email warning to online retailers that a major consumer abuse attack was underway — most likely being run by a professional criminal ring.
By its nature the increase in first-party fraud and abuse attacks will rise and fall — the closing months of 2024 are seeing year-over-year declines in consumer abuse, according to Signifyd data.
But we don’t see that as a reason for complacency. We believe the conditions are in place for first-party fraud and abuse to continue upward as a long-term trend.
First, the idea of taking advantage of retailers’ policies and tactics has become a popular topic of discussion on social media platforms. Consumers post boastful accounts of getting away with refund and returns abuse. Professional scammers offer their services — they’ll do the dirty work for a cut of the profits — on social media.
And professional fraud rings have branched out, moving away from predominantly focusing on payments fraud. Retailers and their fraud protection providers have made payments fraud harder to pull off. Consumer abuse is a relatively new territory for professional fraudsters and it provides another revenue stream for the criminal rings they run like a business.
So professional rings now launch their own schemes involving promo abuse, unauthorized reselling, loyalty fraud and returns fraud in addition to their payments fraud operations as a way to diversify their lines of business.
4) The continuing rise of generative AI will further complicate fraud fighters’ lives
The democratization of gen AI has increased the toolset of fraudsters from the most sophisticated global rings to lone-wolf operators just getting a start in the business. So far, fraudsters have deployed gen AI to upgrade and scale phishing attacks. As Signifyd CEO Raj Ramanand told CNN’s Julia Chatterley, the days of the odd and obvious phishing emails from a Nigerian prince are long past.
“With a lot of the large language models out there today,” Ramanand told CNN, “you can quickly ask a question to the model, to be able to say something like, “Hey tell me how to write this in the format of it coming from a great company so it looks like a customer service email.”
Signifyd’s Raj Ramanand on AI-enhanced phishing
Criminal rings, like the rest of the world, are embracing generative AI and finding new ways to conduct business with the technology. Signifyd CEO Raj Ramanand talks to CNN’s Julia Chatterley about one way that Gen AI is changing the face of fraud.
But fraudsters and criminal rings are quickly graduating to even more sinister uses, according to Xavi Sheikrojan, Signifyd senior manager, risk intelligence. Now, criminals rely on deepfakes to launch social engineering scams against customer service reps and sales associates. The AI-created impostors trick retail workers into filling phone orders with stolen credentials or “making orders right” by re-sending a product or issuing a refund when neither is deserved.
“They take over the whole identity,” Sheikrojan says of gen-AI-powered fraudsters. “And not only the credit card details. Not only the email. Not only the phone number. But also the face, the voice, and also even the pauses and the tone of voice.”
Access to AI-driven assistants also means fraudsters no longer need to hone high-level programming skills in order to launch a large bot attack, Sheikrojan says. Instead, fraudsters can ask smart machines to assemble the code for them.
The answer for merchants who are the potential victims of AI-enabled fraudsters is to keep up with the technological arms race. Just as learning machines can increase the speed, scale and efficiency with which fraud rings can operate, machine learning models can quickly and accurately detect patterns that mean potential trouble for online brands.
Once identified, merchants or the tools themselves can decline the orders or add the appropriate friction to a transaction to ensure that the buyer raising concerns is a legitimate customer.
5) Fraud attacks and fraud attackers will continue their shape-shifting ways
As we said, the changes in fraud that you expect will likely come faster than you expect. The other thing: The changes in tactics that come your way will no doubt include some you hadn’t seen coming.
It’s what committing fraud is all about, right? The idea is to keep fraud fighters off balance, to attack from the shadows, to add just enough twists to old tricks to make them new again.
And, of course, more than ever before, typical customers will join professional fraudsters in the threat mix, as we’ve seen in the recent escalation in first-party fraud.
In the past year, Signifyd has seen new methods of address manipulation aimed at clouding the clues that indicate an order is headed to a location tied to a history of fraud.
As new address chicanery became better known among fraud fighters, a new tactic emerged: Fraud rings used hotels and motels as unwitting go-betweens in a form of mule fraud.
Rightful credit card holders turned to fraud-as-a-service outfits to outsource bogus returns while splitting the profit from illegitimate refunds. Others practiced a form of unprincipled arbitrage: They simultaneously ordered identical products from low-priced, overseas marketplaces with their slow fulfillment and from Amazon with its next-dasy delivery.
The idea was to receive and use the higher-priced version from Amazon immediately. Once the lower-priced version arrived days or weeks later, the customer would return it to Amazon for the bigger refund — thus getting both the low price and the fast delivery by taking advantage of Amazon’s generous return practices.
This constant iteration and evolution among those committing fraud means that merchants must be constantly iterating and evolving, too. The good news: The tools, expertise and lines of communication among fraud fighters are all improving. The state of the art in fraud protection has moved from rules-based systems to scoring solutions to machine-learning-based decision engines to commerce protection platforms backed by a financial guarantee.
Meanwhile, industry groups are bringing experts together for strategy sharing and networking. The Merchant Risk Council has expanded its footprint in recent years and is adding to its programs around the world.
Fraud professionals move from playing defense to offense
While it’s not a brand new trend, we expect fraud and risk teams in 2025 to be seen more commonly as business optimizers rather than as a defensive force. Prerit Uppal, Adobe’s group manager of payment and risk, talks about how that change manifests itself in the real world.
And the way fraud and risk professionals are being perceived is also changing. The most successful organizations understand that risk teams are not simply a defensive wall against bad things happening. Fraud and risk teams are business optimizers — teams that ensure that online brands are not building bad customer experiences or missing out on revenue from legitimate sales that are incorrectly turned away.
The risk-professional-as-business-optimizer is a trend that will continue to accelerate in 2025. That’s one prediction you can bank on — as sure as the sun will come up tomorrow.
Photo by Getty Images
Want to know more about what’s ahead for fraud and abuse? Let’s talk.
Latest posts
