Last-mile delivery has a multibillion-dollar blind spot: the moment between "Delivered" and "Received." Professional refund fraud rings have built a service economy inside that gap. BLE beacons and decentralized networks like Nodle ConnectX close it — turning every package into its own witness, with a cryptographic chain of custody that pays honest customers faster and shuts fraudulent claims down with evidence.
How BLE beacons and decentralized networks are turning last-mile delivery into a verifiable chain of custody, and why professional refund fraudsters are running out of places to hide
For years, the weakest point in e-commerce sat at the precise moment a driver tapped "Delivered" on a handheld scanner. Once that scan was posted to the retailer's system, visibility vanished. What happened in the next five minutes, whether a neighbor grabbed the box, whether the customer brought it inside, whether it sat for an hour in the rain, was invisible to the merchant. The retailer operated on trust and a photograph, and the photograph was easy to game. This represented a multi-billion dollar e-commerce fraud risk and a massive tax on retailers and their customers.
That information gap has become a multibillion-dollar industry. Professional refund fraud now operates as an actual service sector, complete with tiered pricing, customer support channels on Telegram, and recruitment of logistics insiders. According to research from Appriss Retail and the National Retail Federation, return fraud contributed $101 billion in losses to retailers, and for every $100 in returned merchandise retailers lose $13.70 to return fraud. The NRF's 2025 Retail Returns Landscape report, produced with Happy Returns, found that 9 percent of all returns are now fraudulent. Among those, the sharpest growth areas are overstated return quantities, empty-box returns, and decoy returns using counterfeit items.
The scale has moved past nuisance. It has become a structural cost that every honest customer pays for in higher prices and tighter policies.
Two technological shifts have arrived in time to close the gap. The first is the continued maturation of Bluetooth Low Energy tags and beacons. The second is the emergence of decentralized location networks such as Nodle ConnectX, backed by product documentation that describes how smartphone-based BLE discovery works at network scale. Together they create something retailers have never had before, which is a cryptographic chain of custody for a $40 order.
Before looking at how the technology works, it helps to understand what it is up against. This is no longer opportunistic porch theft by bored teenagers. It is organized crime with a service model.
In November 2023, the US Attorney's Office for the Northern District of Oklahoma unsealed an indictment against ten members of an international fraud ring known as the Artemis Refund Group. The group operated from April 2019 through October 2023 with co-conspirators in Singapore, Canada, and the United Kingdom. Their business was simple. Customers would buy a product from a targeted retailer, then pay Artemis 15 to 20 percent of the purchase price for a guaranteed fraudulent refund. Artemis handled the lying. The victim retailers included Amazon, Walmart, Target, Wayfair, Dell Technologies, Dick's Sporting Goods, HP, and Adidas.
A parallel operation ran out of Dearborn, Michigan. Sajed Al-Maarej, just 25 years old, operated a Telegram-based refund service called Simple Refunds that targeted more than 50 retailers. Leonardo Vidal, a 29-year-old from Wilkes-Barre, Pennsylvania, ran a competing service called Ressu Refunds. The two men eventually conspired, with Vidal acquiring Simple Refunds from Al-Maarej in December 2022. Between them, they moved $6,067,168 in fraudulent refunds. Al-Maarej was sentenced in December 2024 to three years in prison. Vidal got 30 months in February 2025.
The tradecraft inside these operations reveals how far the gap between "delivered" and "received" has been weaponized. According to court documents, Al-Maarej and Vidal recruited insiders at UPS and the United States Postal Service who would input false scans into tracking histories. Their fake scans could make a delivered item appear lost, stolen from the mail, or returned to sender. In one instance documented by prosecutors, Al-Maarej sent a retailer an envelope filled with plastic toy frogs instead of the tools he claimed he was returning, then collected the refund when the tracking scan was posted at origin. The goods never went back.
Another federal case in Tampa involved Brock David Fischer of Iowa and Miguel Angel Fortier Jr. of Milwaukee, both operating under aliases ("iFruit" and "Destined") as administrators of a chat-room marketplace called "the Service". Prosecutors alleged the co-conspirators gained unauthorized access to the tracking platform of a multinational shipping company and entered false tracking data on merchandise shipped on behalf of victim retailers. In just five months, the scheme produced nearly 10,000 fraudulent returns and $8 million in losses.
These cases share a pattern. The fraud happens in the seam between carrier tracking and customer receipt, in the window when nobody but the customer can say whether the package arrived. Plausible deniability is the product being sold.
The ambient conditions help explain why the scams scale. Americans expect to return nearly $850 billion in merchandise in 2025, according to the NRF, with online returns running at 19.3 percent of sales. Behind that volume sits a striking attitudinal finding from the 2025 Retail Returns Landscape. Close to half of consumers say they believe "bending the truth" is acceptable when making returns.
Porch piracy adds another layer of cover. SafeWise's 2025 U.S. Package Theft Report estimates that roughly 250,000 packages are stolen every day in the United States. More than 104 million packages were stolen in the past twelve months, costing American consumers about $15 billion. Retailers absorbed another $22 billion in refunds, replacements, and reshipments, according to ZFLO Technologies data cited in the same report. The average stolen package is worth $204 according to Lombardo Homes' 2025 package-theft study.
For the honest consumer whose box actually was taken, retailers have no good way to distinguish them from the fraudster who is using porch piracy as a story. So retailers refund both. And the cost of refunding both goes into every future price tag.
This is where BLE beacons and decentralized networks change the math. A modern beacon is a small circuit board roughly 30 by 10 millimeters, around 7 grams, carrying a radio, a tiny processor, and a printed battery. It broadcasts a unique identifier at configurable intervals, and its signal strength can be tuned for short-range or broader detection depending on deployment.
On its own, a beacon is just a pinger. It becomes useful when something is listening. Traditional tracking approaches require fixed gateways or cellular GPS tags, both of which add cost and complexity that make per-package tracking economically impossible for anything but freight-class shipments. Decentralized location networks solve this by using the phones already in everyone's pockets.
The Nodle Network is built on this model, and ConnectX is the enterprise product layer built for locating and connecting Bluetooth devices and tags at scale. The product documentation explains the smartphone-based infrastructure: phones act as edge nodes, detect BLE devices, and route data back to device owners without requiring retailers to build fixed reader infrastructure.
A European insurance and mobility player, Roole, has become one of the clearest proof points. In Nodle's 2026 case study, "Nodle to Track 1 Million Vehicles for Roole in 2026", the companies describe a three-year deployment built on ConnectX and BLE tags, with nearly 40 percent recovery rates and millions of euros in recovered value. Roole's own media coverage of vehicle theft trends in France underscores the broader demand for layered anti-theft systems, including Bluetooth beacons.
The Paragon-ID partnership pushes the cost curve further. Paragon-ID's battery-free BLE tags remove the most expensive and failure-prone component from the device. Combined with Nodle ConnectX and the broader Nodle documentation stack, the result is a per-package tracking approach that aims to cost pennies and requires no fixed infrastructure from the retailer.
Here is what the delivery event looks like when the package can attest to its own location. As the driver approaches the residence, the driver's scanner logs a high-strength BLE handshake with the package beacon. The beacon is physically near the device that marked it delivered, a fact the beacon itself confirms rather than takes on faith. When the resident brings the box inside, their phone, running the retailer's app or another ConnectX-enabled workflow, registers the beacon at an interior location with a distinctive signal profile. Even if the resident does not open the app, a passing neighbor's device running any participating app can ping the beacon in situ. Thirty minutes of indoor dwell time produces a data log that cannot easily be argued away.
Every common refund-fraud narrative runs into this ledger.
The "jammer defense" no longer holds. A fraudster claims a signal jammer disabled their doorbell camera so there is no footage of the theft. BLE operates with frequency-hopping and short bursts. Even under interference, the package continues to broadcast, and the network of surrounding devices produces redundant witness logs. The camera going dark becomes suspicious rather than exculpatory.
The "stolen from the porch" defense falls apart against dwell time. If the beacon and the customer's phone sit together inside the house for three hours after the alleged theft, the timeline on the INR claim contradicts itself. Retailers can see it without needing a confession.
The "driver kept it" defense, which has been weaponized by actual fraudulent-scan operations like the Al-Maarej and Vidal schemes, becomes observable. If the beacon's signal remains with the truck after the "delivered" scan, the package never reached the customer, and responsibility sits with the carrier. If the beacon moved to the customer's coordinates and stayed there, the customer received it.
The "box of rocks" substitution is harder to pull off when the beacon is sewn into the product packaging rather than the shipping carton. Send back an empty box without the beacon inside, and the retailer sees a return scan with no corresponding product signal.
None of this requires the customer to do anything. The beacon is passive, the network is passive, and the proof generates itself in the background. For 99 percent of honest customers, the experience is indistinguishable from current delivery. For the fraudster, a once-invisible attack surface becomes a record of facts.
Under the current system, retailers carry the burden of disproving a lie. Because proving a negative is difficult and customer loyalty is expensive to rebuild, retailers default to paying. Appriss Retail says its systems are trusted by more than 60 of the top 100 U.S. retailers, yet fraud keeps climbing, because the underlying signal is weak. AI can only find patterns in data that exists.
Location-aware beacons produce a new primary source. A retailer facing an Item Not Received claim can pull the Handshake Certificate for that shipment, a cryptographically verified log of where the beacon traveled, when it crossed the doorway, and how long it sat inside the residence. The claim gets evaluated against a fact rather than a story. Honest customers whose packages really were stolen from the porch get their refunds faster because the log shows the beacon leaving the property with an unidentified device. Fraudulent claims get declined with evidence attached.
For retailers, the downstream effects are significant. The NRF / Happy Returns 2025 report suggests that return fraud and exploitative behavior are now mainstream business problems, while Happy Returns notes that consumers still strongly value free returns. The goal is not to punish customers. The goal is to pay the right ones.
The shift from reactive claims management to preemptive verification is the kind of structural change that tends to arrive quickly once the unit economics work. For a decade, per-parcel tracking was reserved for expensive or regulated goods. Falling beacon costs, battery-free tag designs, and crowdsourced coverage networks have collectively brought the economics within reach of standard e-commerce.
The Roole deployment on Nodle is one of the clearest real-world validations of this model, and the Paragon-ID partnership shows how battery-free BLE tags expand the economics further. Retailers who adopt systems like ConnectX will stop arguing about what happened after the delivery scan, because the package will have already said so.
For the professional refund operators working out of Telegram channels and encrypted chat rooms, the margin has always come from exploiting information asymmetry. When the package becomes a witness, the asymmetry closes, and the business model closes with it.
The Nodle Network combines decentralized BLE connectivity with battery-free beacon technology from Paragon-ID to deliver verifiable last-mile tracking at a price point that finally makes sense for e-commerce. To learn how your business can build a cryptographic chain of custody for every shipment, visit Nodle ConnectX and the Nodle product documentation.
