Key Fraud Takeaways From the 2026 MRC Report

The 2026 Global E-commerce Payments and Fraud Report from the Merchant Risk Council (MRC) shows fraud teams operating under growing pressure from several directions at once: persistent fraud activity, tighter resource expectations, data and technology challenges, and rising post-purchase abuse.

MRC’s report is based on survey responses from 1,278 merchant professionals involved in e-commerce payment and fraud management. We previously discussed our insights from the payments section of the report. Now, we’re taking a deep dive into what the report can tell us about fraud. Here are our key takeaways.

Cost Pressures Are Reshaping Fraud Management Priorities

For several years, fraud teams have tended to prioritize reducing fraud and chargebacks or improving customer experience ahead of minimizing operating costs. That balance appears to be changing.

In 2026, 29% of fraud professionals ranked minimizing fraud-related operating costs as their top priority, up from 20% in 2025 and 10% in 2024. Over the same period, reducing fraud and chargebacks fell to 37%, while improving customer experience fell to 34%. For the first time in MRC’s research, the three priorities are statistically close to one another.

This does not mean merchants have stopped caring about fraud reduction or customer experience. A more reasonable reading is that cost has become harder to separate from those goals. Fraud teams still need to block bad transactions, but they are now doing so under greater financial scrutiny.

The pressure is visible in expected spending. MRC reports that 52% of senior fraud professionals expect spending on staff and talent to stay flat or decrease over the next two years. For fraud management tools and technologies, 44% expect spending to stay flat or decrease. At the same time, 56% still expect tool and technology spending to increase, down from 63% in the prior year.

MRC members show a different pattern. Among MRC members, 51% rank improving the customer experience as their top fraud management priority, compared with 33% of non-MRC enterprises.

Only 13% of MRC members rank minimizing costs first, compared with 30% of non-MRC enterprises. This difference may reflect the profile of MRC members, many of whom have more mature fraud operations and a stronger focus on customer impact.

Time is becoming part of the cost discussion as well. MRC found that 52% of fraud professionals spent more time on fraud prevention management over the past year, while 51% expect time spent to increase over the next year. Only 13% said they spent less time on fraud prevention over the past year. As a result, 62% say reducing time spent on fraud management will be a moderate or major factor in future investment decisions.

Fraud Attacks May Be More Focused

Fraud remains nearly universal among surveyed merchants, with 98% reporting at least one type of fraud attack over the past 12 months. However, the average merchant experienced fewer different types of fraud attacks. In addition, each type of fraud taken on its own affected fewer merchants than last year.

Unfortunately, that doesn’t mean that fraud is on the decline. In fact, the percentage of orders that proved fraudulent and the portion of revenue merchants lost to payment fraud both increased compared the 2025 report.

One possible conclusion that could be drawn from this is that some fraudsters may be choosing more carefully the methods they use and the types of merchants they target. If a fraudster learns through experimentation or knowledge sharing that certain types of fraud are more effective against certain types of merchants, they’re less likely to cast such a wide net with their attacks.

The top five attack types still affected at least one-third of merchants:

• 41% Refund and policy abuse
• 38% Real-time payment fraud
• 37% Phishing, pharming, and whaling
• 36% First-party misuse
• 33% Card testing

MRC members again differ sharply from non-MRC enterprises. They report more types of attacks, with an average of 5.2 attacks compared with 3.8 for non-MRC enterprises. They are also more likely to report first-party misuse, card testing, refund and policy abuse, account takeover, and triangulation schemes. MRC notes that this may reflect both higher exposure and better detection.

At the same time, MRC members report stronger fraud outcomes. Their fraud rate by revenue is 0.6%, compared with 3.9% for non-MRC enterprises. Taken by order, MRC members have a fraud rate of 0.3%, a fraction of the non-member average of 4%. This is despite MRC members rejecting fewer orders due to suspicions of fraud (2.8% vs. 5.2%).

Data and Technology Gaps Are the Biggest Merchant Pain Points

The report makes clear that data and technology are among the most difficult parts of fraud management. MRC found that 80% of merchants report at least one data or technology-related challenge, while 81% report at least one challenge related to adapting and staying up to date.

The top data and technology issues include effectively using data to manage fraud, AI and machine learning accuracy, data availability and access, and fraud tool customization. Each was cited by at least one-quarter of merchants.

These findings suggest that the main issue is not simply whether merchants have tools. Many merchants appear to struggle with how well those tools fit their data, workflows, and decision processes.

MRC members report even greater difficulty in some areas. The report notes that they are more likely to cite data availability and access, effective use of data, and gaps in fraud tool capabilities. Roughly half of MRC members, 49%, cite gaps in fraud tool capabilities and features, compared with 24% of merchants overall.

The top areas merchants plan to improve over the next 12 months also point back to data and technology:

• 47% Improving fraud prevention AI and machine learning accuracy
• 43% Fraud orchestration
• 41% Increasing automation of fraud prevention
• 39% Improving payment and refund policies
• 38% Expanding data availability and access

These priorities suggest that merchants are trying to make existing systems work better together, rather than adding tools in a disconnected way. The emphasis on automation and data access also fits with the staffing and time pressures described elsewhere in the report. When teams are not expecting large increases in headcount, the appeal of better data flow and more efficient case handling is easy to understand.

First-Party Misuse and Refund Abuse Continue to Rise

Post-purchase fraud remains one of the clearest pressure points in the report. MRC defines first-party misuse as fraudulent or abusive behavior committed by a customer after receiving a purchased product or service. It defines refund and policy abuse as cases in which customers use dispute protections to obtain illegitimate refunds. Both have ranked among the most widespread fraud types in recent years.

Most merchants report an increase in first-party misuse. In 2026, 64% of merchants report a meaningful increase, including 25% who say it increased by 25% or more. Only 10% report a decline. MRC members are somewhat less likely to report increases, at 38%, compared with 70% of non-MRC enterprises.

Merchants pointed to several causes. The most common reason cited for rising first-party misuse is consumers learning how to “game the system,” at 39%. Increased e-commerce sales and orders follows at 35%. Other cited factors include the emergence of fraud-as-a-service, consumers using AI to misrepresent delivered items, and issuing banks making disputes easier to submit.

The average reported cost to resolve a single first-party misuse dispute rose to $82, up from $74 in 2025 and $78 in 2024. This includes related costs such as operations, software, and fees.

MRC reports that 61% of merchants saw an increase in refund and policy over the past year, including 20% who saw an increase of 25% or more. Only 10% reported a decrease.

The most common type of refund and policy abuse reported was false claims that goods were not received, cited by 52% of merchants, followed by returns of used or damaged goods followed at 44%.

MRC members again appear to have a different experience. Only 27% report an increase in refund and policy abuse, and they are less likely to report several return-based forms of abuse. This may suggest stronger policies, better detection, or simply different business models on average than the non-MRC sample.

Fraud Strategy Is Becoming an Operations Problem

Many fraud findings in the report point to the same underlying issue: fraud management is increasingly shaped by operational capacity. The challenge is not limited to identifying bad transactions. It involves deciding where to monitor, what to automate, which disputes to fight, how much time teams can spend, and which tools can be maintained well enough to produce reliable results.

Fraud programs are likely to keep diverging across merchant segments. Larger and more mature merchants may have stronger infrastructure, better data access, and more specialized teams. Smaller or more constrained organizations may need to focus on narrower sets of controls that produce measurable value.

In both cases, the direction of fraud strategy appears tied less to any single tool and more to the ability to match controls with available resources, customer expectations, and risk tolerance.