Chargeback fraud costs merchants billions annually. Learn how true fraud and friendly fraud lead to disputes and how to prevent them before they hit your ratio.
Chargeback fraud occurs when cardholders or criminals exploit the dispute process to reverse legitimate transactions. It takes two primary forms: true fraud, where stolen card data is used without the cardholder's knowledge, and friendly fraud, where the actual cardholder makes a purchase and then falsely disputes it. Friendly fraud accounts for 40% to 70% of all chargebacks and is the harder category to prevent and prove, because the transaction looks completely normal at every stage.
Effective defense requires layered prevention: authentication tools like 3D Secure, real-time fraud scoring, device intelligence, and pre-dispute alerts that intercept disputes before they become formal chargebacks. When chargebacks do occur, merchants need to respond quickly with evidence that meets each card network's specific requirements for the relevant reason code. The goal isn't zero chargebacks, but a consistently low ratio and a strong representment process for the disputes that get through.
Chargeback fraud represents one of the fastest-growing financial threats to online merchants today. Unlike traditional fraud, where a criminal uses stolen credentials to make a purchase, chargeback fraud exploits the dispute resolution process itself. Cardholders file chargebacks, claiming they never received goods, didn't authorize transactions, or that items arrived damaged, when, in reality, these claims are often false.
For merchants, this can mean lost revenue, operational costs, and reputational damage. This year, chargeback fraud will accountfor billions in annual losses across the ecommerce ecosystem, affecting retailers of all sizes. This guide walks you through every aspect of chargeback fraud, from understanding how it occurs to implementing proven prevention strategies that keep your business protected.
Chargeback fraud occurs when a cardholder or fraudster initiates a dispute with their card issuer, falsely claiming a transaction was unauthorized or that goods never arrived. Unlike traditional fraud, where the merchant is the primary victim of a criminal's actions, chargeback fraud weaponizes the dispute system that's designed to protect legitimate consumers.
The cardholder files a claim, and their bank automatically credits their account while the merchant loses the funds and the product or service. The burden falls on the merchant to prove the transaction was legitimate through representment evidence. This inverted liability structure makes chargeback fraud uniquely dangerous: fraudsters have minimal risk, merchants face maximum exposure, and the process can take months to resolve.
Chargeback fraud flourishes because the dispute process prioritizes consumer protection. Card networks like Visa and Mastercard built their systems to make it easy for legitimate customers to recover money if they're wrongly charged. Fraudsters exploit this protective framework by filing false disputes, knowing merchants often lack the documentation or technical capability to fight back effectively.
When merchants don't respond or submit weak evidence, chargebacks stick. Even when merchants win, they've already incurred processing fees, operational costs, and time. Over time, high chargeback ratios trigger penalties, processing restrictions, or outright account termination.
There's two distinct types of fraud in the payments space: true (criminal) fraud — the type most people think of when they hear the term "fraud"— and friendly fraud.
With criminal fraud, chargebacks arise when the cardholder discovers the fraudulent chargeback, and these cases are typically easier to lose because the cardholder genuinely didn't authorize the transaction.
Friendly fraud, on the other hand, accounts for 40% to 70% of all chargebacks in various merchant categories, making it a larger threat than true fraud for many businesses. The challenge is that from a transactional standpoint, friendly fraud looks identical to a legitimate purchase. The same cardholder, same shipping address, same device — everything appears normal. Yet, the dispute claim is deliberately dishonest.
Friendly fraud, also called first-party or chargeback fraud, happens when a cardholder disputes a legitimate charge to get a refund. Unlike traditional fraud, where a criminal uses a stolen card, friendly fraud is committed by the actual cardholder. The term "friendly" only refers to the fact that the customer is known, not that the fraud is harmless. In reality, it causes serious financial and operational problems for businesses.
First, either a fraudster uses stolen card data to purchase goods, or a legitimate cardholder receives goods but files a false claim. Next, the cardholder or their card issuer initiates a dispute. The issuer temporarily credits the cardholder's account and notifies the merchant's processor, and the merchant then has a limited window — typically 7 to 10 calendar days — to respond with evidence that the transaction was legitimate.0
If the merchant doesn't respond or submits weak evidence, the chargeback is upheld and the funds remain with the cardholder. If the merchant responds with strong evidence, the case goes to arbitration, where the card network makes a final determination.
The problem is speed (or a lack of it): merchants who detect chargebacks late or respond after the deadline automatically lose. Even responsive merchants may lose if their evidence doesn't match the card network's specific requirements for that reason code. The entire process is stacked against merchants because the system assumes chargebacks are valid unless proven otherwise, and the standards of proof are rigid and technical.
The financial impact of chargeback fraud extends far beyond the initial transaction value. Each chargeback carries direct costs, such as the lost sale amount, the chargeback fee (typically $15–$100 per dispute), and payment processor charges. A single $500 transaction might result in $650–$700 in total losses once fees are applied.
But the damage multiplies at scale. Merchants with high chargeback ratios face:
For high-volume merchants, these secondary costs can exceed the direct chargeback losses. A merchant processing 50,000 transactions monthly with a 1% chargeback ratio (500 chargebacks) might incur $10,000–$15,000 in direct losses, plus $5,000–$10,000 in additional processing fees, plus $20,000+ in operational costs and fraud tools.

Chargeback fraud takes multiple forms, each with distinct characteristics and prevention techniques. Understanding these categories helps merchants target their defenses more effectively.
Friendly fraud is the most common form of chargeback fraud. The cardholder purchases an item legitimately, receives it, and then disputes the charge claiming non-receipt, unauthorized use, or damage. Some friendly fraudsters are opportunistic, spotting a chargeback loophole and exploiting it once. Others are serial fraudsters who repeatedly make purchases with no intention of paying, knowing they can dispute transactions through their bank.
Friendly fraud is difficult to combat because the transaction itself appears completely legitimate; the same person who authorized and charged the card is the one filing the dispute. From a merchant's standpoint, you cannot distinguish between a friendly fraud dispute and a genuine mistake during the transaction.
Friendly fraud scales because chargebacks are easy to file and consequences for the cardholder are minimal. Even if a bank suspects friendly fraud, the cardholder can claim buyer's remorse, confusion, or an honest mistake. Banks often rule in favor of cardholders to maintain customer relationships, and this dynamic incentivizes repeat friendly fraud behavior.
First-party fraud is a subcategory of friendly fraud where the intent is explicitly criminal rather than merely deceptive. The cardholder knowingly purchases goods, receives them, and deliberately files a false chargeback to keep both the merchandise and the payment. This is distinct from friendly fraud motivated by buyer's remorse or a genuine dispute.
First-party fraudsters view chargebacks as a free shopping mechanism. Some operate systematic schemes, purchasing high-value items from multiple merchants across weeks or months, then filing coordinated chargebacks. These fraudsters often target merchants with lenient return policies or high-value digital goods, where evidence of delivery is hardest to prove.
True fraud involves a criminal using stolen card data to make unauthorized purchases. The legitimate cardholder discovers the fraudulent transaction when reviewing their statement and files a chargeback. From the cardholder's perspective, they're a victim. From the merchant's perspective, they've shipped goods to an address they have no way of knowing is fraudulent, and they lose the sale when the chargeback is upheld.
True fraud differs from friendly fraud in that the cardholder genuinely didn't authorize the purchase. However, merchants still lose and face chargeback fees, and the criminal who stole the card data has zero financial accountability.
True fraud is often harder to prove in representment than friendly fraud, because the merchant cannot point to actions or behaviors of the legitimate cardholder, and evidence of delivery and customer communication alone may not be sufficient. Reason codes for true fraud sometimes include clauses requiring merchants to prove they verified the cardholder's identity, which is a standard that can be impossible to meet retroactively.
New account fraud occurs when fraudsters open accounts or use newly compromised cards to make high-value purchases before the legitimate cardholder detects the fraud. The criminal may target high-ticket items like electronics, luxury goods, or services, then file chargebacks immediately after receiving the goods.
New account fraud is particularly damaging because the pattern is concentrated: multiple chargebacks clustered around the same time period or originating from the same source. Fraudsters know that legitimate customers have time to notice unauthorized transactions, so they operate with speed and volume.
BIN attacks are sophisticated fraud schemes where criminals use algorithms to generate valid credit card numbers based on stolen Bank Identification Numbers (BINs); a BIN is the first 6 digits of a card number that identifies the issuing bank.
Criminals generate thousands of complete card numbers by adding different numbers to the BIN, then test them on merchants' websites to identify which numbers are active. Card testing involves making small purchases (often under $5) to verify which card numbers work without triggering fraud alerts. Once fraudsters identify valid cards, they use them for larger purchases or sell the card data to other criminals.
Merchants experience card testing as a pattern, with dozens or hundreds of small failed transactions, followed by a smaller number of successful purchases, followed by chargebacks. Card testing is particularly damaging to digital goods merchants and subscription services because chargebacks come with no recourse; the merchant cannot claim the customer received goods, since refunds and chargebacks on digital items are assumed valid.
Affiliate abuse is a fraud category specific to performance-based marketing. Affiliates drive traffic to a merchant's website and earn commissions for sales generated through their links.
In affiliate abuse schemes, the affiliate either places malicious code on their site that tricks visitors into purchasing through false claims, or the affiliate themselves make purchases and then dispute them through chargebacks. The merchant loses the sale and the chargeback fee, and the affiliate keeps the commission. In some cases, affiliates deliberately drive low-quality traffic or traffic that they know will result in chargebacks. This type of fraud is especially insidious because the affiliate relationship appears legitimate on the surface.
When a cardholder files a dispute, they must select a reason code, which is a standardized code that identifies the nature of the complaint. Card networks assign specific reason codes to different types of disputes, and these codes determine the standards of evidence merchants must provide in representment. Understanding reason codes is essential because they dictate which evidence is admissible and how the card network will evaluate the case.
A chargeback reason code is a short alphanumeric code — typically two to four digits — that the issuing bank attaches to a chargeback when it's filed. Each code corresponds to a specific category of dispute, such as fraud, an authorization error, a processing mistake, or a customer complaint about goods or services.
Visa uses a system of reason codes for disputes, with separate codes for fraud and non-fraud chargebacks. For fraud-related disputes, the primary Visa codes are:
For Card-Not-Present fraud specifically, Visa expects evidence including authorization records, billing and shipping address verification, and customer communication. Visa's Chargeback Efficiency (CE) 3.0 framework, introduced to shift fraud liability toward merchants, requires that merchants provide specific evidence within 5 business days or face automatic chargeback uphold.
Mastercard uses a different set of reason codes, including:
Mastercard has also introduced expanded dispute chargeback programs, including Risk Innovation Programs (RIP) that allow issuers to pass certain disputes directly to merchants without full chargeback processes.
This means merchants see disputes earlier but have limited time to respond. Mastercard similarly expects strong evidence for fraud representment, including proof of customer identity verification, transaction authorization, and delivery confirmation.

Effective fraud prevention is layered. No single tool or strategy eliminates fraud entirely, but a combination of technologies and processes reduces fraud occurrence significantly and generates evidence that supports representment when chargebacks do occur.
Modern authentication methods add friction to the checkout process, but this friction blocks fraudsters who rely on speed and volume. Strong authentication includes:
Authentication also generates evidence. If a cardholder files a chargeback claiming they didn't authorize a transaction, evidence that they passed 3-DS authentication is compelling in representment. Card networks increasingly expect authentication evidence in fraud chargebacks, particularly for Card-Not-Present transactions.
Fraud screening tools analyze each transaction in real-time and assign a risk score. Rules-based systems check for red flags like mismatched billing and shipping addresses, impossible shipping times, or purchases of high-risk items. Scoring algorithms weigh factors including:
Risk scores guide decision-making: low-risk transactions proceed smoothly, medium-risk transactions might require additional verification, and high-risk transactions are declined or held for manual review. Fraud screening tools generate transaction records that serve as evidence in chargebacks, demonstrating that the merchant took reasonable care to prevent fraud.
Device fingerprinting and behavioral analysis track the device, browser, and behavior patterns of customers across transactions. When a customer places an order from an unfamiliar device, from a new IP address, or with behavior patterns that differ from their normal activity, the system flags the transaction for additional verification. Behavioral signals include typing patterns, mouse movements, and navigation flow through the checkout process. Legitimate customers follow predictable patterns; fraudsters often move quickly through checkout or behave erratically.
Device intelligence also detects when the same device is used across multiple accounts or payment methods, a hallmark of fraud rings. When a fraudster is testing stolen cards, they often do so from the same device or network. Tracking device patterns reveals these coordinated attacks. This data is valuable in chargebacks because it demonstrates that the merchant detected and flagged suspicious behavior, consistent with industry fraud prevention standards.
Machine learning models train on historical fraud data to predict which transactions are likely to be fraudulent. Unlike rules-based systems, which apply fixed criteria, ML models adapt and learn from new fraud patterns continuously. They identify subtle correlations that humans would miss, such as ma particular product category combined with a certain customer demographic and shipping address has a higher chargeback rate.
ML models also reduce false positives: rules-based systems often flag legitimate transactions, forcing merchants to reject good customers and lose revenue. ML models achieve higher accuracy by learning to distinguish between legitimate unusual transactions (a customer traveling who makes a purchase in a different country) and actual fraud.
A fraud detection system deployed across thousands of merchants learns faster than a system deployed at a single business. This is why third-party fraud prevention platforms often outperform in-house solutions; they have access to aggregated fraud data across industries.
Pre-chargeback alerts intercept fraud at the earliest possible stage when the cardholder first notices the fraudulent transaction. Rather than waiting for an official chargeback to be filed (which triggers dispute processes, fees, and representment requirements), merchants receive an alert that a cardholder has contacted their bank questioning a transaction.
The merchant then has the opportunity to proactively contact the customer, issue a refund, or provide evidence that the transaction was legitimate. If a merchant refunds promptly after receiving a pre-dispute alert, the cardholder never files an official chargeback. The merchant avoids chargeback fees, avoids hitting chargeback ratios, and avoids the dispute process entirely.
Pre-dispute alerts are offered by Ethoca (owned by Mastercard) and Verifi (owned by Visa). ChargebackStop is an authorized reseller of both services, providing merchants access to these alerts integrated into their dispute management workflow. Merchants using pre-dispute alerts report 50–70% chargeback reductions in fraud categories, because disputes are resolved before they become formal chargebacks.
When a chargeback is filed, merchants have limited time and must follow specific evidence requirements to challenge the decision. Understanding when to fight and what evidence matters is critical to representment success.
Not every chargeback is worth fighting. Chargebacks are expensive to defend, consume operational resources, and have success rates that vary by category. Fight chargebacks when:
Don't fight chargebacks when evidence is weak, when the transaction is obviously fraudulent or ambiguous, or when the cost of representment exceeds the transaction value. A merchant processing a $50 transaction doesn't benefit from spending 3 hours compiling evidence to fight a $50 chargeback plus $25 fee.
Card networks specify exactly what evidence is admissible for fraud chargebacks. Generic proof of delivery is often insufficient. Networks expect:
The evidence must be compiled quickly, typically within 5–10 calendar days of receiving the chargeback notification, and formatted according to the card network's specifications. Evidence submitted in the wrong format or after the deadline is automatically rejected. This is why many merchants use chargeback management platforms that can automatically compile evidence, ensure formatting compliance, and submit representments on time.
Chargeback representment is your formal response to a chargeback; it’s your chance to tell the card network and the issuing bank that the cardholder's claim is wrong. When a customer disputes a transaction, the card network doesn't automatically side with them. Instead, they allow you to represent your side of the story with evidence.
Visa's Compelling Evidence(CE) 3.0 framework, implemented in 2024–2026, represents a significant shift in fraud liability. Under CE3.0, Visa is shifting more fraud liability toward merchants, especially those processing Card-Not-Present transactions without strong authentication. The framework incentivizes merchants to adopt 3D Secure 2.0 and other strong authentication methods by reducing chargeback rates for merchants who implement these tools.
Under CE3.0, merchants who fail to implement strong authentication will face higher chargeback rates and stricter representment requirements. Evidence that was previously accepted may no longer be sufficient. This framework accelerates the industry trend toward making fraud prevention a merchant responsibility rather than a shared responsibility between merchants and card networks. Merchants must monitor CE3.0 compliance requirements and adjust their fraud prevention strategies accordingly.
Friendly fraud is the dominant chargeback category in 2026. It accounts for 40–70% of all chargebacks, varies by merchant category and business model, and is uniquely difficult to prevent and prove. Understanding friendly fraud patterns and representment strategies is essential for any merchant combating chargebacks.

Friendly fraud is hard to prove because the transaction appears completely legitimate. The cardholder authorized the charge using their own card, from their own account, and often using their own shipping address. The merchant cannot point to fraud indicators during the transaction itself. Everything was normal. The fraud is in the dispute claim: the cardholder falsely denies making the purchase, or falsely claims the goods never arrived when they did. Proving this false claim requires evidence that contradicts the cardholder's story, and the cardholder has already deposited the goods into their home.
Card networks favor cardholders in friendly fraud cases, especially for high-value transactions or customers with good payment histories. A customer with no prior chargebacks who disputes one $500 transaction is often given the benefit of the doubt. The reasoning is that legitimate customers make mistakes, and networks prefer to absorb small losses rather than frustrate good customers with difficult representment processes. This customer-first policy incentivizes friendly fraud: fraudsters know that first disputes are likely to stick because networks are lenient with first-time disputes.
While individual friendly fraud transactions cannot be detected before purchase, patterns of friendly fraud can be identified and stopped. Friendly fraud perpetrators often exhibit consistent behaviors:
Merchants can block repeat offenders by flagging customers who have filed chargebacks and either declining their future orders or requiring additional verification. Payment processors and fraud prevention platforms track these patterns and automatically flag customers with high dispute histories.
Friendly fraud representment relies on evidence that the cardholder received the goods and knew who the merchant was. Strong evidence includes:
Merchants who collect and organize this evidence systematically win most friendly fraud chargebacks. The problem is that many merchants don't collect this evidence or fail to submit it in the correct format. This is where chargeback management platforms provide enormous value by automatically compiling, formatting, and submitting evidence on merchants' behalf.
ChargebackStop provides comprehensive fraud prevention and chargeback management for online merchants. The platform combines upstream fraud intelligence, real-time dispute interception, and representment management to address chargeback fraud at every stage.
TC40 and SAFE fraud notifications are the first line of defense. These are upstream fraud intelligence feeds from major payment networks and the banking system. When a pattern of fraud is detected, the network broadcasts an alert, and ChargebackStop customers receive these alerts early, before chargebacks are filed.
This early warning allows merchants to identify fraud patterns in their own business, block stolen cards proactively, and review transactions that are likely to be disputed. Merchants using TC40/SAFE notifications report a 300,000+ chargeback prevention rate among the ChargebackStop customer base.
Ethoca Alerts and Verifi RDR, meanwhile, are pre-dispute tools. When a cardholder contacts their bank about a disputed transaction, Ethoca or Verifi alerts the merchant before an official chargeback is filed. Merchants have the opportunity to refund, provide proof of delivery, or communicate with the customer. Many disputes are resolved this way without escalating to formal chargebacks. ChargebackStop integrates these alerts into a single dashboard, so merchants see all pre-dispute activity alongside chargebacks and representment cases. Customers report 50–70% reductions in fraud chargebacks after implementing pre-dispute alerts.
On top of all this, we've got our representment engine, Dispute Recovery. When chargebacks are filed, merchants automatically receive chargeback notifications in the platform. ChargebackStop compiles evidence automatically, formats it to card network specifications, and submits representments before deadlines. The platform tracks every chargeback through the representment process, providing clear visibility into case status and outcomes. With 95%+ of chargebacks being prevented before reaching formal representment stage, ChargebackStop customers avoid the majority of chargeback fees and ratio damage entirely.
Customers can verify transactions, request refunds, and check order status directly through our Transaction Portal. This reduces chargebacks by resolving customer issues before disputes are filed. Customers who have a clear, easy path to get refunds or explanations are less likely to initiate chargebacks.
See your fraud exposure, estimate savings, and get a go-live plan in one call. We're the chargeback prevention company trusted by 1,500+ merchants.
Straight answers to the questions merchants actually ask about chargeback fraud.
For fraud chargebacks, card networks require evidence of authorization and delivery. Essential evidence includes 3D Secure authentication confirmations, delivery tracking with signature confirmation, customer communication, AVS and CVV matches, and proof of customer identity verification. The specific evidence required depends on the reason code and card network. ChargebackStop can help identify what evidence is required for your specific dispute.
Merchants have 5–10 calendar days to respond to chargebacks after notification. The card network then conducts a review, which typically takes 30–60 days. In arbitration or second chargeback phases, the timeline extends further. The entire process from chargeback filing to final resolution can take 2–4 months. During this time, funds are held and the chargeback appears on the merchant's ratio.
Friendly fraud is when a cardholder makes a legitimate purchase, receives the goods, and then files a false chargeback claiming they didn't receive anything or didn't authorize the charge. The cardholder is lying. Friendly fraud accounts for 40–70% of all chargebacks and is the dominant chargeback category for most merchants. It's called friendly fraud because it often appears benign compared to criminal fraud, but it is intentional dishonesty by the cardholder.
Pre-dispute alerts are notifications sent to merchants when a cardholder contacts their bank to dispute a transaction, before an official chargeback is filed. Services like Ethoca (Mastercard) and Verifi (Visa) provide these alerts. When merchants receive a pre-dispute alert, they can contact the customer, provide proof, or issue a refund before the dispute escalates to a formal chargeback. Resolving disputes at the pre-dispute stage avoids chargeback fees and ratio damage. Merchants using pre-dispute alerts report 50–70% reductions in fraud chargebacks.
Fight friendly fraud with proof of delivery and customer communication. Signed delivery confirmations are the strongest evidence. Customer emails, order confirmations, and evidence that the customer accessed or used the goods or services also help. The key is demonstrating that the cardholder received the goods and knew who the merchant was. For digital goods, server logs showing the customer accessed the product are compelling evidence.