The Sumsuber

Verification knowledge hub

How to
4 min read

How to Protect Your Business From Chargeback Claims

What are chargebacks?

Chargebacks (also known as “disputed transactions”) are credit card charges that customers request over alleged disputes. This could be an honest user returning something they didn’t intend, or a fraudster seeking to trick the system. Below, we’ve listed the three main chargeback types:

  1. Criminal fraud refers to transactions made using stolen card information, after which the actual cardholder files a chargeback claim.
  2. Company error refers to erroneous transactions made by the company (e.g. incorrect transaction amount).
  3. Friendly fraud is a form of intentional chargeback fraud committed by the actual cardholder. In such cases, customers might falsely claim that they haven’t received the purchase or were unaware of the transaction being made.

Virtually every business faces these three types of chargeback claims. All of them negatively affect businesses through costly fees and time wasted on disputes.

Every year, the number of chargeback claims grows exponentially, with Ecommerce businesses expected to lose up to $20 billion this year due to disputed transactions. That’s 18% higher than in 2020.

Besides incurring high financial losses, chargeback claims can also lead to reputational damage. If payment processors notice an overwhelming chargeback ratio, they may limit the merchant’s monthly volume of payments, terminate their account entirely, or place them in a Terminated Merchant File (TMF), which designates them as an above-average risk for acquirers. Once placed in a TMF, the merchant may have no choice but to use a “high-risk” payment processor, or even create a new legal entity to restart their business.

Since chargeback claims are a complex problem, businesses should use a variety of tools to combat them. Below, we list the four main approaches businesses can take.

Approach #1: Manual payment method verification

When a customer wants to make their first payment, they’re asked to take a selfie with their bank card. This procedure aims to ensure that the customer actually owns the payment card and isn’t making multiple transactions using dozens of cards stolen from other people.

However, this check relies on humans to determine if the payment card is fake or if the customer is an imposter, which isn’t always possible. Moreover, this check can slow down payment processing as it requires the transaction manager to look through every suspicious payment.

Although not perfect, this approach can be useful for companies that process a small number of transactions. However, for big corporations with thousands of transactions per day, it’s virtually impossible to process all customers manually. Besides, manual checks would be too costly to implement as they require a greater workforce to execute.

Approach #2: Automated review

Automatic chargeback reviews require users to pass KYC. To do so, the user has to upload a photo of their bank card, which starts off the card verification process.

The uploaded photo goes through an image check, which analyzes the card’s authenticity and integrity. Then, the card’s data is extracted and analyzed to cross-compare with the information provided by the customer. The extracted data should be used by the service provider only for security purposes and shouldn’t be stored anywhere.

During the data verification process, the system performs name match, country match, IP country vs applicant country check, high-risk email check, cross-check, and calculates an IP risk score.

As a final step, the customer needs to take a selfie with the card or pass a liveness check. The system automatically compares this image to the one provided during registration and analyzes the customer’s unique biological identifiers. Depending on the result, the system either allows or rejects the transaction.

Approach #3: Big data analysis of devious patterns

In addition to verifying personal data, companies might use big data analysis to detect fraud attempts. This approach uses various tools to ingest data from checkout flows, card networks, and bank data to detect anomalies and predict fraud risk. This kind of data is commonly found within various fraud databases, which can be hosted locally, eliminating any network delays, and seamlessly integrated into a company’s workflow. Below, we present a list of the most common tools and databases for fraud detection.

  • IP geolocation and device location (e.g. MaxMind, Locaid)

Exposes the geolocation of an IP address or device based on where the purchase was made and spots unusual patterns. This helps improve compliance by excluding IP addresses identified as proxies, concealed users, and other anonymizers.

  • Device fingerprinting (e.g. Kount, ThreatMetrix)

Identifies a device by analyzing its unique attributes, such as its operating system, the type and version of its web browser, the browser’s language setting, and its IP address. The uniqueness of the fingerprint makes repeat fraudulent requests stand out as it shows the requests are made from the same device.

  • Negative database (e.g. Accertify, Stripe, Sift)

Checks cardholders for previous fraud history. Negative databases give businesses access to global lists of suspicious IP, mailing, and email addresses. Whenever fraud is detected, these databases get updated. Accordingly, businesses are informed if their existing users are detected as fraudsters.

  • Social network data analysis (e.g. Spokeo, BeenVerified)

Investigates individuals, relationships, and other social structures for links to fraud. If the customer shows suspicious behavioral patterns, such as highly frequent location changes over time/geography, the system reports them for possible fraud signals.

  • Fraud scoring services (e.g. Experian, Mastercard, Sage Pay)

Rank all transactions with a fraud score/rating reflecting the level of risk posed to the business. These services can also adjust fraud scores to a company’s risk level.

Approach #4: Implement a clear refund policy

The previous steps are meant to minimize the risk of criminal fraud. However, the possibility of friendly fraud is still present. While a business can dispute friendly fraud in court, it’s less expensive to stop a chargeback before it gets filed in the first place.

Instead of initiating a chargeback, which can incur losses several times more than the original cost of the purchase, the business can encourage their customers to apply for a refund. Yes, it’s true that refunds also imply losses for the business (such as shipping), but they’re less financially and reputationally damaging.

To avoid chargebacks, businesses should implement a clear refund policy that’s easily accessible to customers when they’re purchasing a product. This policy can be relatively strict, but it still should be understandable to the customer. Moreover, if there are any additional charges during the refund process, it will be more convenient for customers to learn about them upfront. Otherwise, they might simply file a chargeback.


Although you can never guarantee total protection against fraud, taking the steps discussed in this article can minimize the risks.

It’s important to remember that, before taking any action, businesses should identify the type of chargeback they face.
In case of friendly fraud, a clear refund policy can prevent customers from filing a chargeback.

In case of criminal fraud, businesses can use machine learning algorithms that defend against fraudulent logins and payments. They also look for anomalies in user patterns. However, there are still some blind spots that these systems can’t cover. In this situation, businesses may combine machine learning algorithms with big data analysis.

Don’t let chargebacks hurt you. Let Sumsub help.

See Sumsub in action