Online merchants are facing a growing wave of chargebacks triggered by scalper fraud and resale schemes—and with the rise of AI shopping agents, these attacks are becoming more sophisticated and harder to detect. 

In the live event ticketing industry alone, friendly fraud—illegitimate disputes of legitimate purchases—now accounts for over one-third of all chargebacks. These “friendly” chargebacks often stem from scalpers or resellers abusing the refund process: for example, buying tickets or limited-edition goods with the intent to flip them, then filing disputes when they can’t resell for profit. 

The result is lost revenue and hefty fees for merchants. Each chargeback not only reverses the sale, but also levies an additional $15–$50 fee on the business. These costs pile up quickly and contribute to eroding margins and damaged merchant reputations. If chargeback rates climb too high, payment processors may even impose fines or revoke a merchant’s account.

E-commerce retailers lost $20 billion to chargeback fraud in 2023, and in 2024, an estimated 73% of online credit-card fraud involved chargebacks. Analysts estimate 75% of all chargebacks are linked to fraud (including “friendly” fraud), and this rate could rise by another 40% by 2026.

In other words, the majority of disputes now originate not from honest mistakes but from deliberate abuse of the chargeback system by bad actors. Chargebacks are also uniquely challenging because their true cost is 2.5 to 3.5 times the original transaction amount once you factor in fees, lost merchandise, and operational overhead. For ticketing companies operating on thin margins, these fraudulent disputes negatively impact profits, no matter how successful sales may be.

Anatomy of the scam: How scalper fraud works

Bulk purchasing with bots

Scalpers employ automated bots and increasingly AI agents to snap up inventory the instant it goes on sale. While traditional bots follow rigid scripts, AI agents can adapt their approach, solve basic challenges, and appear more human-like—making them harder to detect with rule-based security.

Resale on secondary markets

Once they control a chunk of inventory, fraudsters list the items on resale platforms at a steep markup. Ticket prices for hot events can soar 10x above face value on secondary markets due to this artificial scarcity. Not all tickets will sell at those inflated prices, however, especially if supply eventually exceeds demand or fans refuse to pay scalpers. Scalpers are left holding unsold stock that they never intended to personally use.

Friendly fraud chargebacks

Here lies the abusive twist: when stuck with unsold tickets or merchandise, scalpers attempt to get their money back by exploiting the chargeback process. Rather than absorb the loss, a scalper will file a false dispute with the bank, claiming the charge was unauthorized or that the goods were never delivered. In ticketing, it’s become a classic example of malicious friendly fraud: “A scalper purchases a group of tickets, sells them at a markup, then disputes the transaction. Legitimate charge, shady business.” 

By tricking the bank into reversing the charge, the fraudster recoups their costs for the unsold tickets, essentially getting a risk-free refund on a speculative purchase. The merchant, meanwhile, loses the revenue and is hit with the chargeback fee, even though they provided the tickets in good faith.

Payment fraud variants

In more organized resale fraud schemes, scammers may not even use their own funds. Stolen credit cards or hacked accounts are frequently employed to acquire goods for resale. The fraudster flips the products for cash, and when the real cardholder discovers the charges and disputes them, the merchant is left to absorb the chargeback. The scammer walks away with the resale profit, while the merchant loses both the merchandise and the payment. 

According to a recent industry analysis, a significant share of the $100+ billion in U.S. retail fraud losses in 2022 was tied to goods destined for resale via illicit means. In essence, resale fraudsters have turned stolen goods into a currency, knowing the chargeback system will offload the losses onto merchants.

Refund policy abuse

Some scalpers also exploit lenient refund and return policies. In retail and e-commerce, a fraudster might purchase a limited-release item and later claim it arrived damaged or was “not as described,” initiating a return or chargeback while keeping the product. In many cases, fraudsters actually file the chargeback before returning anything to bypass the merchant’s refund processes. This forces a refund on their terms. 

In ticketing, where sales are often final, the chargeback becomes the only path to force a refund when a scalper can’t use or resell a ticket.

Beyond tickets: Resale fraud across e-commerce

While concert and sports tickets have long been a target of scalpers, this form of fraud has proliferated far beyond the live events industry. Any e-commerce sector dealing in limited or high-demand products is at risk:

• Limited-edition retail drops: Sneaker releases, designer apparel drops, collectible toys, and electronics launches (game consoles, graphics cards, luxury handbags) all see scalper bot swarms similar to ticket onsales. When scalpers overestimate demand, retailers may later face a wave of returns or friendly fraud claims from buyers who couldn’t flip the product. 
• Travel and hospitality: Even airlines and hotels see a form of resale fraud. Scammers use stolen cards to book flights or rooms, then resell those reservations (or the points) and let the inevitable chargeback hit the travel provider. Alternatively, they exploit cancellation and refund policies, e.g., booking refundable hotel rooms in bulk during peak season and then canceling those they can’t resell. As a result, travel merchants face chargebacks with no guests in seats or rooms. 
• Marketplace sellers: Online marketplaces (for example, social commerce platforms or auction sites) are rife with fake storefronts selling goods obtained via fraud. A fraud ring might buy electronics with hacked accounts and then fence them on a marketplace under a throwaway seller account. When the dust settles, the marketplace or original retailer gets left with the chargeback. This not only impacts merchants financially but also erodes customer trust in e-commerce ecosystems. 
• High-value luxury goods: Luxury retailers face “retail arbitrage” fraud where criminals purchase high-end goods on stolen cards, resell them (often overseas or via gray markets), and then vanish as the chargebacks roll in. The merchant loses the pricey item and payment.

In all these cases, bots and automation are key enablers that amplify the scale of resale fraud. Bots and malicious agents can create unlimited accounts, evade rudimentary IP blocks, and script every step from adding to cart to checkout. They also masquerade as authorized users (e.g., AI agent spoofing) to slip past basic security. The anonymity of online transactions further emboldens fraudsters: they can cycle through fake identities and rapidly recycle accounts if one gets shut down.

Retailers also incur operational drag investigating disputes and tightening controls. Customers grow frustrated when real orders get flagged or items sell out instantly due to bots. And genuine fans or collectors are alienated by a rigged playing field where only bots seem to “win” limited items. In the live-event space, for example, fan outrage has led to public outcry and regulatory scrutiny.

And with 73% of consumers now using AI for shopping, AI shopping agents add a new dimension to resale fraud, as bad actors hijack these agents for abuse. The challenge has become distinguishing between legitimate AI agents that help consumers and malicious agents that execute fraud. Intent-based detection is critical for differentiating the two. 

Stopping the fraud at the source

Given that bots and automated scripts sit at the heart of modern scalper fraud, businesses are increasingly turning to bot and agent trust management tools as a first line of defense. By detecting and blocking malicious automated activity in real time, merchants can prevent many fraudulent transactions and the subsequent chargebacks before they happen.

Advanced protection must distinguish genuine users from fake ones—and now, legitimate AI agents from malicious ones. This requires analyzing not just what traffic is accessing your site, but why.

For instance, bots might perform perfectly timed clicks and keystrokes or navigate a site structure faster than any human could. AI agents present a different challenge: they can browse more naturally, make contextual decisions, and adapt to site changes. Detecting them requires intent-based analysis that looks at the purpose behind actions, not just behavioral patterns.

DataDome’s multi-layered defense against scalpers & fraud

DataDome helps ticketing platforms and e-commerce businesses stay ahead of scalpers and fraud by detecting and blocking malicious automation—from traditional bots to AI agents—in real time. Our platform analyzes 5 trillion signals daily, detecting behavioral intent to identify and block malicious traffic at the edge. 

What sets DataDome apart is our ability to do all of this without disrupting legitimate users. Our invisible device checks keep friction low for real customers, while stopping automated attacks before they can lead to downstream issues like chargebacks or account abuse. With fast deployment and 24/7 monitoring, the platform is built to scale with minimal overhead, making it a practical and powerful defense for businesses facing constant pressure from resellers, fraud rings, and sophisticated bots.

Recently, DataDome’s Galileo threat research team blocked over 16 million malicious ticket scalping bots targeting a global sports organization in a sophisticated 6-day attack. DataDome blocked the attack without losing any tickets to scalpers. 

Choosing the right defense: How solutions compare

Not all bot mitigation platforms are created equal. Here are key differences to watch for when evaluating solutions, and where DataDome stands out:

• Rule-based vs. AI-powered detection: Legacy tools rely on static rules (like blocking known IP ranges or triggering CAPTCHA after a set number of requests). These catch basic bots but fail against evolving tactics like residential proxies, fingerprint spoofing, and AI agents that adapt their behavior in real time. DataDome uses machine learning to detect new attack patterns in real time and instantly apply protections across the network, minimizing gaps and reducing manual effort.
• Sampling vs. full traffic inspection: Some vendors only inspect a sample of traffic or the first request in a session, letting sophisticated bots slip through. DataDome analyzes every request within 2 milliseconds, ensuring nothing gets through undetected. This is critical during high-stakes events like ticket drops or product launches.
• User experience: Many tools rely heavily on CAPTCHA challenges, frustrating real customers and increasing cart abandonment. DataDome keeps friction low with invisible device checks and a quick slider interaction that captures authentic behavioral signals like mouse movements and touch patterns. 
• Integration & maintenance: Complex deployments and constant tuning slow down many legacy solutions. DataDome integrates in minutes via CDN, DNS, or simple module, and runs on autopilot with 24/7 support and active tuning by our SOC. For lean teams, it delivers enterprise-grade protection without the overhead.
• Coverage across fraud vectors: Bot and fraud threats are converging with AI-powered attacks, and blocking traditional scrapers alone isn’t enough. As AI agents become standard shopping tools, you need protection that distinguishes between legitimate agentic commerce and AI-driven fraud. DataDome protects against scalping, scraping, account takeover, checkout abuse, carding, and more.

Winning the fight against resale fraud

Scalper-driven chargebacks aren’t inevitable. With the right combination of technology, policy, and vigilance, ticketing platforms and e-commerce businesses can block bad actors before the damage is done. Advanced protection, like DataDome’s real-time intent detection, stops fraud at the source, reducing chargebacks, protecting revenue, and restoring trust with customers.

The tactics may evolve, but the strategy remains the same: stop fraudulent transactions before they happen, close the gaps that enable abuse, and adapt quickly to new threats. Taking action now ensures a fairer, more secure experience for every buyer.

Ready to see where your vulnerabilities lie? Take our free vulnerability scan or book a demo to learn how DataDome can help you protect your platform from malicious bots and agents, fraud, and chargeback abuse.