Protect your apps from refund abuse

Google uses advanced risk modeling to detect fraudulent transactions and help protect you from them. You can, however, add extra protection by implementing refund monitoring software and analyzing your data to identify suspicious refund activity and act to prevent refund abuse.

  • Launch

Why it works

Google Play uses comprehensive fraud prevention systems to detect fake purchases and dishonest refund requests, during the 48 hours after purchase in which refunds are available directly from Google Play. After 48 hours, customers must approach you for refunds. Building a backend that offers a comprehensive view of refunds allows you to gain extra control over your refund process. You can then use this system to detect and act on attempted refund abuse.

Best practices

  • Add a hashed version of the user's ID to the getBuyIntentExtraParams method's accountId parameter so that in-game account IDs are sent to Google. This data helps Google analyze fraud attempts and prevent fraudulent transactions.
  • Monitor refunds in your backend system. Start by sending purchase data (including purchaseToken and orderId) from your apps and games to your server. Then track the refund status of all your orders by combining the use of the Voided Purchases API (to get details of canceled, refunded, or charged-back purchases), Purchased Product API (to get the status of an in-app purchase), and command-line (gsutil) downloads of estimated sales and earnings reports.
  • Analyze data in your backend to identify suspicious users by looking for common signals such as repetitive refunds or large numbers of devices associated with the same user. Then act by, for example, adding account restrictions for suspicious users or banning those accounts.
  • Monitor social media and online auction sites to see if there are any suspicious sales of your in-app products.