Ravelin has published research showing that merchants now view customers and criminals as posing a similar eCommerce fraud risk. Average losses among enterprise merchants reached USD $11.4 million, or GBP £8.4 million, over the past year, the study found.
The survey of more than 1,500 fraud and payments professionals across 10 countries found that 66% of merchants had seen fraud increase. It also found that 64% had experienced AI-enabled fraud or abuse in the past 12 months, while 43% reported a rise in customer fraud.
The findings suggest a shift in how retailers assess online fraud. While the use of stolen payment cards remains the biggest source of losses, false chargebacks and refund abuse now rank just behind it. This suggests more merchants are losing money through actions by their own customers as well as organised criminal groups.
Merchants now place first-party fraud by customers and third-party fraud by criminals at the same level of risk to their business, according to the research. Detecting customer abuse remains difficult, with six in 10 respondents saying they cannot confidently distinguish between legitimate refund requests and fraudulent ones.
AI pressure
AI appears to be widening the challenge. Nearly seven in 10 merchants said they should be doing more to combat fraud, yet three in 10 said they do not use AI in their anti-fraud systems.
At the same time, 66% of respondents said AI attacks accounted for at least 5% of their fraud losses. For one in five, AI-related fraud represented more than 15% of losses.
The report lists card testing, falsified refund claims, automated fraud by AI agents and targeted probing of fraud controls among the forms of AI-enabled abuse affecting merchants. These tactics let attackers test systems and scale attempts more quickly than before, adding strain to teams already dealing with payment fraud and policy abuse.
Regional comparisons suggest uneven trends across markets. In the UK, 15% of merchants reported significant increases in fraud, compared with 7% in France and 10% in Germany.
Merchant response
Merchants remain divided on how strict their fraud controls should be. Almost half, or 49%, said they preferred a dynamic approach that adjusts checks according to the customer and transaction. A further 43% said they would rather block as many suspicious transactions as possible, even if some genuine customers are affected. Only 8% said they preferred to allow as many shoppers as possible despite the added fraud risk.
That tension also appears in concerns about reputation and customer experience. The study found that 64% of merchants had seen their share price fall after media coverage linked their brand to fraud. Yet 29% said public image and the effect on customer experience were obstacles to improving fraud detection.
Refunds and chargebacks stand out as particularly sensitive areas. Fraudulent chargebacks, where a customer disputes a valid transaction with their bank, and refund abuse, where customers exploit returns or refund policies, have become more prominent in merchants' loss rankings. Refund abuse was selected by 28% of merchants as one of the two costliest forms of fraud, up from 21% a year earlier.
The same table showed payment fraud from stolen card details remained the top issue, though its share fell from 61% to 56%. Account takeover declined from 30% to 24%, while promo abuse and supplier fraud edged higher.
Martin Sweeney, Chief Executive Officer at Ravelin, said: "The line between professional syndicates and abusive customers is blurring. At the same time, AI is turning up the heat, enabling criminals and consumers to automate and commit fraud at scale. This is a new phase of eCommerce fraud. As it evolves, merchants should ensure they understand, quantify and prevent the full range of threats."
The research was carried out among senior professionals working in fraud, risk, finance, payments, compliance, operations and product roles. Respondents came from retail, travel and hospitality, digital goods and marketplace businesses with annual revenue above USD $50 million or more than 450 employees.
The results highlight the limits of approaches focused narrowly on payment fraud alone, as merchants face a broader mix of abuse tied to customer behaviour, returns and account activity.
Sweeney said: "Our findings lay bare the shortcomings of traditional approaches to fraud detection in the face of changing fraud. Instead of focusing narrowly on payments, fraud teams need to understand customer behavior more holistically. By taking into account disparate data like past purchases, returns, and customer lifetime value (CLV), AI-based tools can help merchants gain this holistic view. Such an approach can help merchants better manage their risks, by ensuring more good customers get the frictionless experience they deserve, while stopping bad actors."