Unauthorized Transaction Chargebacks: Evidence, Prevention & Freeze Risk
Unauthorized transaction disputes are treated as fraud claims by banks. The cardholder denies authorizing the purchase, shifting the burden of proof entirely to you. These carry critical freeze risk and have low win rates without strong authentication.
What “Unauthorized” Means
Section titled “What “Unauthorized” Means”This dispute occurs when:
- A cardholder claims they did not authorize the transaction
- The card was used without the cardholder’s knowledge or permission
- A family member or employee used the card without authorization (“family fraud”)
- The cardholder genuinely doesn’t recognize the charge due to unclear billing descriptor
Critical distinction: Unlike “product not received,” this is a fraud claim. The cardholder is saying the transaction itself was fraudulent.
Common Triggers
Section titled “Common Triggers”- Stolen card credentials used for online purchases
- Account takeover where fraudsters access customer accounts
- Family fraud (child, spouse, employee using card without permission)
- Unrecognized billing descriptor causing legitimate cardholders to report fraud
- Weak or missing authentication at checkout (no 3DS, no CVV)
How Banks Evaluate Unauthorized Claims
Section titled “How Banks Evaluate Unauthorized Claims”Issuers default to the cardholder on fraud claims. Their decision process:
- Authentication: Was 3D Secure (3DS) or equivalent used?
- Device evidence: Does the device/IP match the cardholder’s history?
- Cardholder affidavit: Did the customer file a fraud report or police statement?
- Transaction pattern: Does this match the cardholder’s typical behavior?
Default position: Banks side with cardholders on fraud claims unless you provide compelling authentication evidence proving the cardholder participated.
Win Likelihood: Low (10-25%)
Section titled “Win Likelihood: Low (10-25%)”Win probability: Low
You can improve odds only with strong authentication:
Evidence That Wins
Section titled “Evidence That Wins”✅ 3D Secure authentication (3DS2) showing cardholder completed verification
✅ AVS and CVV match confirming billing address and security code
✅ Device fingerprint match showing transaction from customer’s known device
✅ IP address history matching previous successful orders
✅ Account activity post-purchase (logins, downloads, usage)
✅ Customer communication discussing the purchase before or after transaction
✅ Delivery to verified address with signature (physical goods)
Evidence That Rarely Works
Section titled “Evidence That Rarely Works”❌ Proof of delivery alone (doesn’t prove cardholder ordered it)
❌ Terms and conditions acceptance (fraudster can accept)
❌ Generic transaction records without authentication
❌ “We have fraud prevention” statements
❌ Customer service notes without direct cardholder verification
❌ Refund offers made after dispute filed
Freeze Risk Assessment: Critical
Section titled “Freeze Risk Assessment: Critical”Freeze risk: Critical
Why unauthorized disputes are extremely dangerous:
- Fraud rate tracking: Counts toward fraud rate (separate from dispute rate)
- Lower thresholds: Fraud rate thresholds are stricter (0.5% vs. 1% for disputes)
- Immediate action: 2-3 fraud disputes can trigger holds or reserves
- Network penalties: Visa/Mastercard monitor fraud rates and impose fines
- Account termination risk: High fraud rates can lead to permanent account closure
Critical thresholds:
- 0.4% fraud rate: Monitoring begins
- 0.6% fraud rate: Reserve or hold highly likely
- 0.75% fraud rate: Account freeze or termination risk
Even one unauthorized dispute significantly impacts your fraud metrics.
Prevention: Stop Fraud Before It Happens
Section titled “Prevention: Stop Fraud Before It Happens”Essential Fraud Prevention Tools
Section titled “Essential Fraud Prevention Tools”- 3D Secure (3DS2): Mandatory for high-risk transactions - shifts liability to issuer
- Address Verification Service (AVS): Validates billing address matches card
- CVV verification: Confirms customer has physical card
- Stripe Radar: Machine learning fraud detection (included with Stripe)
- Device fingerprinting: Track and flag suspicious devices
- Velocity checks: Limit transactions per card/IP/email in short timeframes
Operational Best Practices
Section titled “Operational Best Practices”- Clear billing descriptors: Use recognizable business name on statements
- Email confirmations: Send immediate order confirmation with clear merchant info
- Customer verification: For high-value or suspicious orders, call to verify
- Shipping address validation: Flag mismatches between billing and shipping
- Manual review: Review orders with fraud signals (VPN, mismatched data, high value)
- Delay fulfillment: 24-48 hour hold on suspicious orders allows fraud detection
Authentication Requirements
Section titled “Authentication Requirements”For card-not-present transactions:
- Always collect CVV (never store it)
- Enable 3DS for transactions over $100 or from new customers
- Require account creation for digital goods/services
- Use Stripe Radar rules to require 3DS for high-risk orders
For card-present transactions:
- Use EMV chip readers (liability shift)
- Require PIN for debit cards
- Check ID for high-value purchases
Clear Verdict: When to Fight vs. Accept
Section titled “Clear Verdict: When to Fight vs. Accept”Fight Only If You Have:
Section titled “Fight Only If You Have:”✅ 3D Secure authentication logs showing cardholder completed verification
✅ Device/IP match with customer’s historical data
✅ Account activity post-purchase (logins, usage, downloads)
✅ Direct communication with verified cardholder about the purchase
✅ Fraud rate below 0.4%
Accept Immediately If:
Section titled “Accept Immediately If:”❌ No 3D Secure or strong authentication
❌ First-time customer with no history
❌ Suspicious order signals (VPN, mismatched addresses, unusual behavior)
❌ Fraud rate already elevated (greater than 0.5%)
❌ Multiple fraud disputes in past 60 days
❌ High-value transaction without verification
Strategic acceptance: If you’re near fraud thresholds, accepting weak fraud cases before they become disputes can save your account. Fighting and losing increases your fraud rate.
Response Timeline
Section titled “Response Timeline”You have 7-21 days to respond. Missing the deadline = automatic loss.
Action plan:
- Day 1: Review transaction for authentication and fraud signals
- Day 1-2: Gather all evidence (3DS logs, device data, account activity)
- Day 3-5: Build compelling narrative with authentication proof
- Day 5-7: Submit response via Stripe Dashboard
What to Submit If Fighting
Section titled “What to Submit If Fighting”Your evidence package should include:
- Authentication proof: 3DS logs, AVS/CVV match results
- Device evidence: IP address, device fingerprint, browser data
- Account activity: Login timestamps, usage logs, downloads
- Customer communication: Emails, chat logs, support tickets
- Delivery proof: Tracking, signature (physical goods only)
- Transaction history: Previous successful orders from same customer
Format: PDF with clear sections. Lead with 3DS authentication proof. Make it obvious the actual cardholder participated.
The 3D Secure Advantage
Section titled “The 3D Secure Advantage”3D Secure (3DS2) shifts liability from you to the issuing bank when:
- Authentication is successful (cardholder completes verification)
- The dispute is for unauthorized use
- You followed proper 3DS implementation
Result: If you have successful 3DS authentication, you typically auto-win unauthorized disputes, and the chargeback is reversed.
Implementation: Enable 3DS in Stripe Dashboard → Settings → Radar → Rules
Assess Your Dispute Risk (30 seconds)
Related guides: 10.4 Fraud • Fraud Card-Not-Present • When NOT to Fight • 1% Chargeback Rate