Cyberfraud in Retail 2025: Report
A field guide to fraud typologies for cybersecurity practitioners in retail
The impact of cyberfraud is significant for retail brands. According to Gartner, over $48bn was lost to online fraud in retail in 2023.
But this doesn’t factor in losses from outside of the digital customer journey – essentially confined to the website or app – where post payment fraud and refund fraud are beginning to weigh heavily on the bottom line.
In fact, figures from the National Retail Federation suggest that returns fraud could more than double the losses from online fraud to over $101 billion.
The Changing Face of Fraud: Malicious Intent Gets Organized
This report looks at both digital and offline fraud typologies in retail and considers the factors and trends that set the direction for cyberfraud evolution. Since 2022, one thing’s for sure, the phenomenon we discovered of fraud becoming increasingly organized has only accelerated and now the profile of threat actors we track is changing on two fronts.
There’s an increasingly professional presence associated with hardened fraudsters, especially those from Russian ransomware gangs, and an influx of more naïve young people for whom fraud is being normalized on social media. Both of these trends are bad news for retail brands and the second points to an increasingly accepting public sentiment towards casual fraud.
What’s Inside: Research Findings
- Findings from our survey of 2,000+ consumers in UK and US on their exposure and attitudes towards organized and casual retail fraud (hint, it’s bad news)
- Analysis of listings from over 2,000 digital marketplaces frequented by fraudsters, including stolen accounts for digital services such as media streaming, gaming, adult entertainment, consumer SaaS products, as well as gift cards and accounts linked to loyalty or bonus points
- Analysis of the selling price of stolen digital goods and fraud services and the profits made by professional fraudsters
- A breakdown of refund fraud and insider fraud techniques such as Lost in Transit and Did Not Arrive
- An analysis of digital mule recruitment tactics on social media
What You Can Do to Fight Cyberfraud
The second half of the report provides insight and advice for loss reduction, anti-fraud, and cybersecurity professionals in retail.
- Five elements of online retail fraud prevention success
- The fusion of cyber and fraud teams
- Using fraud intelligence to fuel fraud decisioning engines
- The cyberfraud kill chain and the OWASP BLADE Framework for understanding business logic attacks
- Understanding and disrupting malicious intent at the human level and the machine level
- The evolution of bot defense and attack technology, including:
- Four generations of bot management
- OWASP BLADE Pyramid of Pain
- Application of defensive AI in bot management
