Chargeback Handling and Prevention for Online Payments

Chargebacks Are a Cost of Doing Business Online

A chargeback occurs when a cardholder disputes a transaction with their bank, and the bank reverses the payment. For the merchant, this means lost revenue, a chargeback fee (typically 15-25 EUR), and potential damage to your processing relationship if rates get too high.

You cannot eliminate chargebacks entirely. But you can reduce them significantly and handle disputes effectively when they arise.

Understanding the Chargeback Flow

Card Payment Chargebacks

1. Customer contacts their bank to dispute a charge
2. Bank initiates a chargeback, debiting your PSP
3. PSP debits your account and notifies you
4. You have 7-14 days to submit evidence (representment)
5. Bank reviews evidence and decides
6. If you win: funds returned. If you lose: chargeback stands.
7. Either party can escalate to arbitration (expensive, rarely done)

SEPA Direct Debit Chargebacks

SEPA DD chargebacks work differently:

• Within 8 weeks: Customer can request a refund for any reason. No dispute process. The money is simply returned.
• 8 weeks to 13 months: Customer can claim the debit was unauthorized (no valid mandate). You must prove the mandate exists.
• After 13 months: No further chargeback rights.

The 8-week unconditional window makes SEPA DD riskier for one-time transactions but manageable for subscription billing where you have an ongoing customer relationship.

Chargeback Reason Codes

Understanding why chargebacks happen helps you prevent them:

Fraud (Reason codes: 10.x for Visa, 4837/4863 for Mastercard)

The cardholder claims they did not make or authorize the transaction. This includes genuine fraud (stolen card) and friendly fraud (customer made the purchase but claims they did not).

Prevention:

• Implement 3D Secure 2 for all card transactions (shifts liability to the issuer)
• Use Address Verification Service (AVS) to match billing address
• Screen for velocity patterns (multiple transactions from the same card in quick succession)
• Send order confirmation and delivery notification emails (evidence for disputes)

Not Recognized (Reason codes: 13.1 for Visa, 4853 for Mastercard)

The cardholder does not recognize the charge on their statement.

Prevention:

• Use a clear, recognizable billing descriptor. "SANDORIAN BV" is better than "SP*XYZ123"
• Include your website URL or phone number in the descriptor
• Send transaction confirmation emails with the exact amount and description

Product/Service Not Received

Customer claims they paid but never received the product or service.

Prevention:

• Use tracked delivery for physical goods and store tracking numbers
• For digital products, log access/download events with timestamps
• For SaaS subscriptions, maintain detailed login and usage logs
• Send delivery confirmation emails

Product Not as Described

Customer received the product but it does not match the description.

Prevention:

• Accurate product descriptions and images
• Clear terms of service and refund policy
• Easy-to-find customer support (customers who can reach you do not call their bank)

Duplicate Processing

Customer was charged twice for the same transaction.

Prevention:

• Idempotent payment processing (see our article on idempotency)
• Deduplication checks before submitting charges
• Clear order confirmation showing a single charge

Building the Dispute Response System

Automated Evidence Collection

When a chargeback notification arrives, your system should automatically gather relevant evidence:

class ChargebackEvidenceCollector
{
    public function collect(Chargeback $chargeback): ChargebackEvidence
    {
        $payment = $chargeback->payment;
        $order = $payment->order;
        $customer = $order->customer;

        return new ChargebackEvidence(
            transactionDetails: [
                'date' => $payment->created_at,
                'amount' => $payment->amount,
                'description' => $payment->description,
                'ip_address' => $order->ip_address,
                'device_fingerprint' => $order->device_fingerprint,
            ],
            customerDetails: [
                'email' => $customer->email,
                'registration_date' => $customer->created_at,
                'previous_purchases' => $customer->orders()->paid()->count(),
            ],
            deliveryEvidence: $this->collectDeliveryEvidence($order),
            authenticationEvidence: $this->collect3DSEvidence($payment),
            communicationHistory: $this->collectEmails($customer, $order),
            usageEvidence: $this->collectUsageLogs($customer, $order),
        );
    }
}

Evidence That Wins Disputes

For each chargeback type, provide targeted evidence:

Fraud claims:

• 3D Secure authentication proof (liability shift)
• AVS match result
• Customer's IP address and geolocation
• Previous successful transactions from the same card
• Delivery confirmation to the cardholder's address

Not received:

• Shipping tracking number with delivery confirmation
• For digital: access logs showing the customer used the product
• Delivery notification emails sent to the customer

Not as described:

• Product description as shown on your website
• Terms of service accepted by the customer
• Customer support interaction showing no complaint was raised before the chargeback

Response Workflow

class ChargebackHandler
{
    public function handle(ChargebackNotification $notification): void
    {
        // 1. Record the chargeback
        $chargeback = Chargeback::create([
            'payment_id' => $notification->paymentId,
            'reason_code' => $notification->reasonCode,
            'amount' => $notification->amount,
            'deadline' => $notification->responseDeadline,
            'status' => 'received',
        ]);

        // 2. Collect evidence automatically
        $evidence = $this->evidenceCollector->collect($chargeback);
        $chargeback->update(['evidence' => $evidence->toArray()]);

        // 3. Assess whether to fight or accept
        if ($this->shouldAccept($chargeback)) {
            $chargeback->update(['status' => 'accepted']);
            return;
        }

        // 4. Queue for review and submission
        $chargeback->update(['status' => 'pending_review']);
        ChargebackReviewNeeded::dispatch($chargeback);
    }

    private function shouldAccept(Chargeback $chargeback): bool
    {
        // Auto-accept if: amount is very small, no evidence available,
        // or customer has a history of legitimate complaints
        return $chargeback->amount < 500 // cents
            && ! $chargeback->hasStrongEvidence();
    }
}

Monitoring and Thresholds

Card networks impose chargeback rate thresholds:

Visa: Chargeback ratio above 0.9% triggers the Visa Dispute Monitoring Program (VDMP). Above 1.8% enters the Excessive program. Penalties include fines and potential termination.

Mastercard: Excessive Chargeback Program triggers at 1.5% chargeback ratio. Penalties escalate monthly.

Calculate your ratio: Chargebacks received in a month divided by transactions processed in that month.

Track this ratio daily and set alerts well below the threshold:

// Daily chargeback rate check
$transactions = Payment::where('created_at', '>=', now()->subDays(30))->count();
$chargebacks = Chargeback::where('created_at', '>=', now()->subDays(30))->count();
$rate = $chargebacks / max($transactions, 1);

if ($rate > 0.005) { // Alert at 0.5%, well below Visa's 0.9% threshold
    Alert::critical("Chargeback rate at {$rate}%");
}

Prevention Is Cheaper Than Disputes

The most effective chargeback reduction strategies:

1. Make customer support easy to reach. A customer who can get help from you will not call their bank.
2. Use 3D Secure 2 for all transactions. It shifts fraud liability and proves authentication.
3. Use clear billing descriptors. Unrecognizable charges drive "not recognized" disputes.
4. Offer easy self-service refunds. A refund costs less than a chargeback.
5. Send proactive communication. Order confirmation, shipping updates, subscription renewal notices.

Chargebacks are manageable when you build systems that prevent them, collect evidence automatically, and respond within deadlines. Track your chargeback ratio obsessively. The goal is not zero chargebacks (impossible) but a sustainable rate well below network thresholds.