Fraud and Chargebacks at a Glance
Card fraud and chargebacks are two problems with one answer: stay accurate, not aggressive. The goal is a low dispute ratio, not zero fraud — chasing zero costs you more in lost legitimate sales than the fraud ever would.
| Your situation | Best-fit move | Why it works |
|---|---|---|
| Getting disputes you don’t recognise | Clear billing descriptor + refund before chargeback | Avoids the £20–£40 non-refundable dispute fee |
| Hit by “unauthorised” or “not received” claims | Log device ID + IP for Visa CE 3.0 | Friendly fraud is up to 75% of chargebacks |
| Cross-border or high-value card sales | Route through 3D Secure 2 | Shifts fraud liability to the issuer |
| Dispute ratio creeping up | Watch it against scheme thresholds | Visa/Mastercard flag “excessive” at 1.50% |
UK card fraud hit £1.17bn in 2024 (UK Finance), with remote-purchase losses near £400m. Merchants win only about 36.5% of fraud-coded disputes, so prevention beats fighting. Figures verified May 2026.
Main Types of Fraud and Chargebacks
Not every chargeback is fraud, and not every fraud ends in a chargeback. Knowing which type you face decides your defence — and which card-scheme reason code lands on your account.
| Type | What it is | 2026 scale |
|---|---|---|
| Card-not-present (CNP) fraud | Stolen card details used online | ~£400m, cases +22% (2024) |
| Authorised push payment (APP) | Customer tricked into paying a scammer | £450.7m in 2024 |
| Friendly fraud / first-party misuse | Real cardholder disputes a genuine purchase | Up to 75% of all chargebacks |
| Processing / consumer disputes | Duplicate charge, item not received, cancelled sub | Visa codes 12.x / 13.x |
Visa groups disputes into four families: fraud (10.x), authorisation (11.x), processing error (12.x) and consumer dispute (13.x). Mastercard mirrors them — 4837 for fraud, 4853 and 4855 for disputes.
How a Chargeback Works
A chargeback runs in stages, and the clock is tight. The issuer assigns a reason code, pulls the funds, and you get a short window to respond with evidence — a process called representment — or accept the loss.
Visa’s Claims Resolution (VCR) framework splits disputes two ways. Allocation auto-assigns liability for fraud and authorisation cases; Collaboration handles processing and consumer disputes through evidence exchange. Mastercard’s Dispute Resolution works much the same way.
Timing is unforgiving. Cardholders usually have 120 days to dispute; under VCR your response window has been cut to around 20 days, and processors such as Adyen enforce tighter 9–18 day deadlines. Miss it and you lose by default.
Lose the first round and you can escalate to pre-arbitration and arbitration — but each step adds fees and risk. We’d only fight on when the evidence is genuinely on your side.
What Fraud and Chargebacks Cost
A chargeback costs more than the sale. You lose the goods, the original processing fee, and a non-refundable dispute fee — then your time fighting it. We see the dispute fee surprise people most.
| Provider | Dispute fee | If you fight and lose | Fee refunded if you win? |
|---|---|---|---|
| Stripe | £20 + £20 counter | £40 | Counter £20 only |
| Worldpay | £20 flat | £20 | No |
| PayPal | £12 (£24 high-volume) | £12 / £24 | No |
| Adyen | €25 (~£21) | €25 | No |
| Mollie | €19–€35 | €19–€35 | No |
| Square | £0 | £0 | N/A |
Winning is hard. Merchants recover about 36.5% of fraud-coded disputes and 56.6% of non-fraud ones, but after fees and second chargebacks net recovery is often just 12–18%. Verified May 2026.
The bigger cost is invisible: false declines. Globally they cost retailers around $443bn a year — roughly nine times actual fraud losses — so over-blocking quietly bleeds far more than the disputes themselves.
How to Prevent Fraud and Win Chargebacks
Prevention beats representment every time. We’d build the cheap, high-impact defences first, then keep evidence ready for the disputes that still slip through.
1. Fix your billing descriptor. Make the name on the customer’s statement match your trading name and website. A surprising share of friendly fraud is just unrecognised charges.
2. Turn on the basic filters. Address (AVS) and CVV checks, device fingerprinting and velocity rules catch most opportunistic fraud cheaply, before it ever reaches a dispute.
3. Route risky orders through 3D Secure 2. High-value, cross-border or odd-looking payments should face a 3DS2 challenge — a pass shifts fraud liability to the issuer.
4. Log CE 3.0 evidence now. Record device ID and IP on every order. Visa’s Compelling Evidence 3.0 needs two prior undisputed transactions, 120–365 days old, to deflect friendly fraud.
5. Refund before the chargeback. If a customer complains, a refund loses the sale but dodges the £20–£40 fee and protects your ratio. We’d refund rather than risk the ratio.
6. Build a compelling evidence package. For non-fraud disputes, signed delivery, tracking and customer-service logs target the 56.6% win rate. Submit exactly what the reason code demands.
3D Secure, Liability Shift and Scheme Monitoring Programmes
3D Secure 2 is your strongest fraud lever. When a payment is authenticated — by biometric, app or passcode — fraud-chargeback liability shifts from you to the issuing bank, and you keep the funds.
But exemptions cut both ways. Claiming a low-value (under £45), Transaction Risk Analysis or merchant-initiated exemption skips the challenge and lifts conversion — but it also hands the fraud liability straight back to you.
How much CNP fraud 3DS2 stops on its own isn’t cleanly published. UK Finance reports that all security measures together prevented £1.45bn of unauthorised fraud in 2024 — we treat that as indicative, not a 3DS2-specific figure.
The schemes also police your ratios. In April 2025 Visa merged its programmes into VAMP, flagging merchants “above standard” at a 0.50% ratio and “excessive” at 1.50% — cut from 2.20% on 1 April 2026.
Breach those and the fees bite: Visa charges roughly $5–$10 per event. Mastercard’s EFM fraud programme triggers at 50 basis points and its ECM dispute programme at 1.50%, with fines escalating toward $100,000 a month.
Common Mistakes to Avoid
The expensive mistakes here are strategic, not sloppy. These five quietly cost merchants either revenue or their standing with the card schemes — and every one is avoidable once you know to look.
Five mistakes that cost merchants money
- Over-tightening fraud rules. Aggressive blocking creates false declines, which cost around nine times what fraud does. 40%–60% of wrongly declined customers never return.
- Watching the fee, ignoring the ratio. The £20 fee stings, but breaching the 1.50% VAMP/ECM or 50 bps EFM threshold brings fines and possible termination.
- Submitting weak evidence. Fighting a dispute without the IP address and device ID that CE 3.0 demands is an automatic loss.
- Not using 3DS on risky orders. Skipping authentication on high-value or cross-border payments leaves you carrying fraud liability you could have shifted.
- Missing the response window. The 9–20 day deadline is hard. Miss it and liability is allocated against you with no chance to argue.
When to Compare Fraud-Prevention Tools
You don’t need new fraud tools until the numbers say so. We’d watch three signals rather than the calendar.
First, when your dispute ratio approaches 1% — act well before the 1.50% scheme threshold. Second, when card-not-present or cross-border volume climbs. Third, when chargebacks cluster on one reason code.
At that point a dedicated tool — Stripe Radar for Fraud Teams at 5p per screened transaction, or a CE 3.0 automation — can pay for itself. We’d compare on your own dispute data, not a headline.
Frequently Asked Questions
What is friendly fraud, and why does it matter so much?
Friendly fraud — or first-party misuse — is when a genuine cardholder buys something, receives it, then disputes the charge with their bank, claiming it was unauthorised or never arrived. It accounts for up to 75% of all chargebacks. Motivations range from honest confusion over an unclear billing descriptor to deliberate “cyber-shoplifting”. Because the cardholder is the one disputing, the only reliable defence is Visa’s Compelling Evidence 3.0, which uses device and IP history to prove they really transacted with you.
Does 3D Secure 2 stop all chargebacks?
No. A successful 3DS2 authentication shifts liability for fraud-coded chargebacks (Visa 10.4, Mastercard 4837) to the issuing bank, so those become the bank’s problem rather than yours. But it does nothing for non-fraud disputes — items not received, duplicate charges, cancelled subscriptions or “goods not as described”. And if you claim an SCA exemption to skip the challenge, you also give up the liability shift on that transaction.
What chargeback ratio is safe?
Aim to stay below 1%. Visa’s VAMP programme flags merchants as “excessive” at a 1.50% dispute ratio (reduced from 2.20% on 1 April 2026), and Mastercard’s ECM programme uses the same 1.50% line over two consecutive months. Its EFM fraud programme bites earlier, at 50 basis points. Crossing these brings per-event fees and escalating monthly fines, so treat 1% as your internal alarm — well before the scheme acts.
Is it worth fighting a chargeback?
It depends on the reason code and your evidence. Merchants win around 36.5% of fraud-coded disputes and 56.6% of non-fraud ones, but after dispute fees, staff time and the risk of a second chargeback, net revenue recovery is often only 12–18%. Fight when you hold strong evidence — delivery proof, CE 3.0 device and IP matches, customer-service logs. For weak cases, a pre-emptive refund usually costs less than losing the fight.
What evidence actually wins a dispute?
It varies by dispute type. For fraud-coded disputes, Visa’s Compelling Evidence 3.0 wants two prior undisputed transactions from the same cardholder, 120–365 days before the disputed one, matching at least two data points — and one must be the IP address or device ID. For non-fraud disputes, signed delivery confirmation, tracking, and a record of customer-service contact carry the most weight. Submit exactly what the reason code asks for; vague evidence loses.
How We Researched This Guide
How we researched this guide
Sources. Fraud and loss figures come from UK Finance’s 2024 Annual and H1-2025 fraud reports. Dispute rules and thresholds come from Visa (CE 3.0, VAMP) and Mastercard (EFM, ECM) programme documents; dispute fees from provider pricing pages.
Open and forward-looking items. We flag rather than assert what’s unsettled. The exact share of CNP fraud that 3D Secure 2 prevents on its own isn’t cleanly published, so we treat UK Finance’s broad prevention figure as indicative only.
Verification date. Fees, thresholds and scheme rules were verified in May 2026. Provider pricing and scheme thresholds change — the VAMP excessive ratio itself dropped to 1.50% on 1 April 2026 — so confirm current figures before acting.
Affiliate disclosure. Some links on our payment processing pages are affiliate links. This guide is editorial content and our recommendations are not influenced by commercial relationships. See our editorial policy for details.