Chargeback Fraud
What is Chargeback Fraud?
Chargeback FraudOften called 'friendly fraud': a cardholder makes a legitimate purchase, then disputes the charge with their issuer to obtain both the goods and a refund.
Chargeback fraud, also known as friendly fraud or first-party fraud, occurs when a cardholder genuinely buys goods or services and then files a chargeback under reason codes such as Visa 13.1 ('Merchandise/Services Not Received') or Mastercard 4853 to obtain a refund while keeping the item. Card networks' consumer-protection rules (Regulation Z in the U.S., the UK Consumer Credit Act 75, PSD2 in the EU) shift the initial loss to the merchant, who then pays a non-refundable chargeback fee. Digital goods, streaming subscriptions, gaming microtransactions and high-value electronics are disproportionately abused. Defences include detailed proof of delivery, signed receipts, device fingerprinting, 3-D Secure 2 (which generally shifts liability to the issuer), velocity checks, and chargeback-alert services such as Ethoca and Verifi.
● Examples
- 01
A customer receives an iPhone delivery then claims 'item not received' with their bank.
- 02
A gamer chargebacks 12 months of in-app purchases after a Twitch ban.
● Frequently asked questions
What is Chargeback Fraud?
Often called 'friendly fraud': a cardholder makes a legitimate purchase, then disputes the charge with their issuer to obtain both the goods and a refund. It belongs to the Attacks & Threats category of cybersecurity.
What does Chargeback Fraud mean?
Often called 'friendly fraud': a cardholder makes a legitimate purchase, then disputes the charge with their issuer to obtain both the goods and a refund.
How does Chargeback Fraud work?
Chargeback fraud, also known as friendly fraud or first-party fraud, occurs when a cardholder genuinely buys goods or services and then files a chargeback under reason codes such as Visa 13.1 ('Merchandise/Services Not Received') or Mastercard 4853 to obtain a refund while keeping the item. Card networks' consumer-protection rules (Regulation Z in the U.S., the UK Consumer Credit Act 75, PSD2 in the EU) shift the initial loss to the merchant, who then pays a non-refundable chargeback fee. Digital goods, streaming subscriptions, gaming microtransactions and high-value electronics are disproportionately abused. Defences include detailed proof of delivery, signed receipts, device fingerprinting, 3-D Secure 2 (which generally shifts liability to the issuer), velocity checks, and chargeback-alert services such as Ethoca and Verifi.
How do you defend against Chargeback Fraud?
Defences for Chargeback Fraud typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Chargeback Fraud?
Common alternative names include: Friendly fraud, First-party fraud, Chargeback abuse.
● Related terms
- attacks№ 234
Credit Card Fraud
Unauthorized use of payment-card data — from card-present skimming to card-not-present online theft and BIN attacks — to extract money from cardholders or merchants.
- attacks№ 804
Payment Fraud
Any deceptive scheme that diverts money through the payment system, covering card, wire, ACH, real-time-payment and digital-wallet abuse.
- attacks№ 821
Phishing
A social-engineering attack in which an attacker impersonates a trusted party to trick a victim into revealing credentials, transferring money, or running malware.
- attacks№ 010
Account Takeover (ATO)
An attack in which a criminal gains unauthorised control of a legitimate user account and uses it to steal funds, data, or commit further fraud.