The Fraud Line: Where Aggregator Margin Actually Goes and Why Most Controls Miss It
A clean sale is not the same as a kept sale. A gift card can clear every check at the moment of purchase, from valid card to authorized payment and code delivered, and still turn into a loss weeks later. Gift cards are roughly four times more prone to chargebacks than physical goods (Riskified), and in the US, the average chargeback now runs about $110 USD (Mastercard / Datos Insights, 2025). A chargeback is what happens when a cardholder’s bank reverses a payment after the fact: the aggregator has already shipped the value, but the money is clawed back. For a business working on a thin spread between buy and sell price, it doesn’t take much of that to erase a good month.
And the newest version of the problem doesn’t even look like fraud when it lands. Over the 2025 holiday season and into 2026, retailers began seeing AI-generated images used to fake “damaged” or “never arrived” claims, fabricating proof that was convincing enough to pass the basic checks built into most refund systems (PYMNTS, 2026). It’s not a fringe tactic: deepfake detection firm Pindrop estimates roughly three in ten retail fraud attempts are now AI-generated (Fisher Phillips, 2026). The money looks safe. Then it isn’t.
The four patterns hitting resellers in 2026
Most reseller fraud falls into four shapes, and they don’t all behave the same way.
Stolen-card bulk buys. A fraudster uses a stolen card number to buy gift cards in volume, then resells or drains them before the real cardholder notices. When the cardholder disputes the charge, the reseller eats the chargeback, and the goods are already gone. Speed is the aggregator’s enemy here: a gift-card chargeback lands about twice as fast as one on physical goods (Riskified), so the value is usually drained long before the dispute arrives.
Account takeover. A fraudster gets into a legitimate customer’s account through a leaked password or a phishing scam and buys under that trusted identity. Because the account has a clean history, the purchase looks normal and sails through the usual checks. It’s now the single most common path: around 61% of account-takeover attacks target ecommerce, and 27% of consumers name it among the leading causes of financial loss (SEON, 2026).
Refund abuse. A real customer buys, receives the value, then claims a problem to get their money back while keeping what they bought. This is bigger than most aggregators assume: analysis of over a million refund claims found nearly one in four refund dollars was abusive (Riskified), and it’s part of a wider shift, with first-party (“friendly”) fraud now the leading fraud type globally at about 36% of reported fraud, up from 15% a year earlier (chargeback.io, 2026).
AI-generated “didn’t receive” claims. The 2026 version of refund abuse. The customer fabricates evidence with an AI image or a doctored screenshot to prove a code never arrived or didn’t work, then claims a refund or a chargeback on a code they have in fact already used.
Why most controls miss it
Here is the part that catches finance and operations teams out. Most fraud tooling guards the front door: is this a real card, is the payment authorized, does this look like a legitimate buyer. Those checks are good at stopping the first pattern, the stolen-card buy, at the moment of sale.
But three of the four patterns don’t strike at the front door. Account takeover uses a real, trusted account. Refund abuse and fabricated-claim fraud happen after the sale has cleared, when the money already looks banked. The check passed. The loss happened anyway. You can have “fraud protection” switched on and still lose margin all afternoon, because the protection is watching the one door the fraud didn’t come through. And once the loss lands, fighting it back is a losing game: merchants win only about 17% of fraud-related chargeback disputes they contest (chargeback.io, 2026). Prevention at the right point is far cheaper than recovery after the fact.
“But our payment processor already handles this”
Most aggregators already work with a card payment processor, he company that authorizes and settles the card payment, separate from the platform that actually delivers the gift card, and it’s these processors that deal with chargebacks. True, but only up to a point. A processor can help you dispute and sometimes recover a fraudulent chargeback, a process called representment, where you submit evidence to argue the charge was legitimate. That helps with stolen-card fraud.
It does very little for the other three. Representment doesn’t stop account takeover, because the account looked legitimate. It doesn’t catch refund abuse, because the transaction was real. And it struggles against a convincing AI-generated claim, because the fabricated evidence is designed to pass exactly the review a dispute triggers.
What you can do about it
Because each pattern lands at a different point, the fix is a different control at each point, not one switch. With most fraud now landing after authorization, prevention has to move downstream too. Three moves do most of the work, and an aggregator can put them in place before the next holiday peak:
- Add a post-purchase fraud control, not just a checkout one. A dedicated fraud tool (a tool like Riskified, for example) watches account behavior and refund patterns after settlement, which is exactly where account takeover and refund abuse live. Your card payment processor’s checks largely stop at authorization; this is the layer that doesn’t.
- Build a chargeback reconciler so you never miss a representment deadline. Disputes are won or lost on whether you submit the right evidence in time, and the windows are tight. A lightweight reconciler, the kind you can now stand up quickly with something like Claude, pulls each dispute, matches it to the order and delivery record, and flags the deadline so winnable cases don’t lapse by default.
- Check a customer’s chargeback history before you onboard them. The cheapest fraud to avoid is the customer you never sign. Pull a prospective B2B customer’s chargeback and dispute history during onboarding, the same way you’d run a credit check: a high prior rate is the clearest signal you’ll be absorbing their losses later.
The point isn’t any single tool. It’s that “do we have fraud protection?” is the wrong question. The right one is where, in the path from purchase to delivery to refund, does each kind of loss actually happen and is anything watching that exact point?
The question to actually ask
For a gift card aggregator, fraud is more than a security line item; it’s a margin line item. The chargeback, the abused refund, the faked claim all come out of the same thin spread the whole business runs on. So map your own four patterns against your stack before the next holiday peak, and ask where each one is actually caught.