The ultimate guide to chargebacks

January 21, 2016 Risk & Fraud
Jeremy Milk
By Jeremy Milk, Head of Marketing
Jeremy Milk
By Jeremy Milk, Head of Marketing

You’re killing it. Your online business is running on all cylinders, you’re making sales and pulling in transactions. But then you get the letter from your bank. It says there’s been a dispute on a transaction you don’t even remember, and as a result a large sum of money has been pulled from your account. You’re also getting fined. What just happened?

If you haven’t done business online before, you might not be familiar with the term, but what you just experienced was a chargeback.

That feeling when you get a chargeback notice
That feeling when you get a chargeback notice

If you’ve experienced a chargeback, we feel for you. At WePay, we work to insulate the platforms we work with from chargebacks by shouldering all the risk ourselves. It’s a big part of our value proposition, but it puts us in the line of fire.  So we know what it feels like to have transactions refunded, and we’re here to help if we can.

Here’s a little primer on chargebacks for merchants and platforms. Hopefully it cuts back a little on the confusion around chargebacks, if not the financial sting of receiving one.

Okay, start at the beginning. What are chargebacks, and why do they exist?

“Chargeback” is a payment industry term for a very broad set of consumer protections for credit and debit transactions in the U.S., U.K. and many other countries.

The actual mechanism is a little complicated, but at a high level, they allow anybody making a purchase with a card to get an automatic refund from their bank without having to involve the merchant they’re buying from.

You may have invoked this right in the past without knowing it. If you’ve ever seen a suspicious charge on your statement and called your bank to have it removed, for example, what you’ve actually done is initiate a chargeback.

As to why chargebacks exist, they’re actually mandated by law. In the U.S., the law in question is Regulation Z of the Truth in Lending Act of 1968.

The Truth in Lending Act, or TILA, was a landmark bit of legislation that clarified and standardized the rules on consumer credit, then in it’s infancy.

General purpose credit cards had only existed for about a decade at that point, but already debt was exploding as a method of payment. Between the end of WWII and the year TILA passed, Congress estimated that the amount of credit in the country ballooned from about $5 billion to more than $96 billion.

The trouble was that legislation hadn’t kept up. Although some states had acted to protect consumers from predatory lending practices, these protections were limited in scope and difficult to enforce.

Abuses were rampant. For example, it was common practice for banks to sign people up for loans or credit cards without explaining things we take for granted today, like the actual APR or what fees could be assessed for nonpayment.

Sometimes unlucky borrowers didn’t even know they were using credit. A particularly nasty scheme that was common at the time was for contractors to pressure homeowners to borrow against their homes to pay for costly renovations, without explaining that this is what they were doing. Some didn’t find out they’d gotten a loan until they couldn’t make payments and the bank repossessed their house.

It was things like this which drove Congress to include strong protections for people who realized, after the fact, that they’d been swindled. This included a 3-day “cooling off” period for loans, which lets borrowers cancel any loan they’ve entered.

It also included the chargeback, which was intended to let consumers avoid going into debt over shoddy merchandise or things they didn’t actually order.

Wait. I’ve been doing business offline for a long time and I’ve never seen a chargeback before. How is that possible if they’ve been around all this time?

The answer is that all transactions are not created equal.

The card networks make a distinction between transactions where a physical card is swiped and transactions where the credit information is simply entered. The former is considered fairly safe, and the latter, very risky. This is because it’s harder for criminals to counterfeit a physical card and use it in store than to simply enter that number into a form.

Because of the relative safety of face-to-face transactions, the banks have traditionally borne the cost of any chargebacks they incur. Online merchants haven’t been so lucky — chargebacks from their card-not-present transactions come directly out of their pocket.

Yet even that is changing. New rules put into place by the card networks in October 2015 place the chargeback liability on the party in the transaction with the lowest level of fraud-fighting technology. This is intended to speed the adoption of the newer, more secure bank cards with an EMV chip in them.

In practice, it means that merchants who swipe EMV cards rather than running them using the chip will be liable if the transaction results in a chargeback. That’s even if you can’t run the card with EMV because you don’t have a chip-enabled terminal.

In other words, all merchants should start learning about chargebacks, not just those who do business online. And if you’re still using an old terminal to process cards, now might be the time to upgrade.

What actually happens when a chargeback occurs?

It’s more complicated than you might think, because it involves a minimum of two individuals and three financial institutions.

Here’s how this delicate dance is done:

  1. The cardholder notices something is wrong and calls their bank to dispute a charge.
  2. The cardholder’s bank investigates the complaint to determine whether there’s cause for a chargeback. If the complaint is completely ridiculous, the bank might reject the chargeback at this point. But the burden of proof is usually pretty low. Keep in mind: It’s the cardholder’s bank, not the merchants. This means the cardholder is the person the bank has a vested interest in keeping happy.
  3. Once the complaint is determined to be valid, the cardholder’s bank will issue them a provisional account credit for the amount of the transaction.
  4. The cardholder’s bank will then turn around and initiate a chargeback to get its own refund from the merchant’s bank.
  5. The merchant’s bank, called an acquirer, will then do its own research to see if the chargeback is valid. They will often, but not always, alert the merchant of the pending chargeback before they take action.
  6. Assuming the chargeback proceeds, the merchant’s bank will remove the money from the merchant’s account and send it to the cardholder’s bank. They’ll also charge the merchant a fine. The amount varies from financial institution to financial institution, but is usually between $15 and $25.
  7. Once the chargeback is processed, the merchant is given a chance to dispute it by presenting their own evidence that the transaction was valid and should have been completed. Assuming they win, the cardholder will be charged yet again and the merchant will be refunded the price of the transaction. (Although not the fee, usually.)
  8. As an optional step, the cardholder now has an opportunity to appeal the decision if they didn’t get the refund they wanted by rebutting the merchant’s response. This is processed as yet another chargeback, and the appeal will be decided by the card network itself. There’s a $250 fee for arbitration that is borne by whomever ultimately loses the dispute.

That all sounds a little scary. What limits are there on chargebacks?

In theory, a chargeback can only be initiated for four reasons:

  • Technical Error: e.g.The bank accidentally deposited a bunch of money in your account and now it wants it back.
  • Clerical Error: e.g. Whoops, accidentally ran your card twice. Let me refund that for you.
  • Quality problem: e.g. “I ordered the blue one and you sent me a red one. Give me my money back”
  • Fraud: e.g. “Someone stole my card and used it to buy a jet ski and I want my money back.”

In practice, it’s a very broad protection. People can complain to their bank whenever they’re dissatisfied and the bank will usually start the chargeback process for them. The burden is on the merchant to protect themselves through the dispute process.

Do merchants ever win those disputes?

Sometimes, but it’s hardly a sure thing.

According to the Cybersource Online Fraud Report, about 60 percent of chargebacks are challenged by the merchant. Of those, only 41 percent are won.

That means about one in four chargebacks end up being recovered by the merchant — not exactly a reassuring statistic.

So what can I do to dispute a chargeback?

The first step is to determine how much time you have to respond. Chargeback disputes have to be initiated within a narrow window of time after they occur, but the exact window will vary depending on the card network and your financial institution. Typically it’s between 5 and 10 days.

Once you know how long you have, the next step is to gather as much information as you can about the transaction. You’ll want to pay close attention to the reason code given for the chargeback, because this will let you know why the chargeback happened and thus, what kind of argument you should make. (It’s not much use arguing that you delivered an item when the chargeback happened due to identity theft, for example). Each network has its own distinct reason codes, so you’ll need to check with the specific card network.

Once you understand the charge, it’s time to start building your case. You’ll need to fill out a ChargeBack Adjustment Reversal Request, and attach that to a letter outlining why the transaction should be honored.

You’ll also need to provide whatever evidence you have that supports your case. Here’s some ideas for things the bank might accept:

  • The sales receipt or order form
  • Anything you can use to show the customer was satisfied with their purchase (reviews, feedback scores, thank you emails, etc.
  • Any independent quality measures you can provide for your product
  • Proof that the good or service was delivered
  • The customer’s purchase history, if it shows that they’ve bought from you in the past and have been satisfied enough to keep purchasing

You keep saying merchant. But I’m a platform — I don’t actually sell anything myself, just allow people to do transactions with my service. And yet I’m still getting chargebacks. What gives?

It’s important to remember that “merchant” is a word with a very specific meaning in the payments world that is a little different from what it means more generally. Specifically, when we say merchant we generally mean the “merchant of record,” the entity that actually takes possession of the funds once the transaction is completed.

Platforms can be the merchant of record, depending on how their payment settlement works. If the funds from the transaction land in an account you control and then are paid out to someone else in a separate transaction, you’re probably the merchant of record for that transaction. This is called “aggregation.” It’s bad for a lot of reasons.

Chargebacks are one of the dangers associated with aggregation. As the merchant of record, you’re the one that the bank goes to in order to recover funds. This can happen even though you might not be the one responsible for the things that led to the chargeback.

There’s basically two ways to avoid chargebacks as a platform:

  • Adopt a “bring your own merchant account” model where you require everybody who processes payments to have their own merchant account. This makes them the merchant of record, but it also tends to increase friction considerably.
  • Work with a third party processor like WePay that moves the money for you, allowing transactions to occur seamlessly without making you the merchant-of-record.

I’m pretty sure I did everything right, yet I still got a chargeback. What’s going on?

You might be the victim of something called “friendly fraud”.

This is when a customer receives what they pay for, but charges it back anyway. They might be a be fraudster looking to get something for free. They might just be clueless — a surprising number of people initiate chargebacks simply because they forgot that they bought something. Either way, the result is the same: a chargeback and a potential loss for you.

Believe it or not, this kind of fraud is very common. Visa said merchants lost $11.8 billion to friendly fraud in 2012, for example.

I’ve never had a chargeback. That means I’m safe, right?

Not necessarily.

The problem with chargebacks is that while we talk about them like an ongoing cost, in reality they don’t occur at a steady rate. A business can go months or years between chargebacks. Or they might have a bunch of chargebacks, all at once.

In particular, chargebacks tend to come fast and without warning when you’re targeted by the kinds of organized cartels that perpetrate the majority of credit fraud online. These organizations look for places that don’t have adequate fraud monitoring in place, and then try to push through as many bad credit transactions as they can before the security hole is patched.

Having someone like this target you is potentially quite costly — we know some platforms who’ve lost several months worth of profit overnight due to a sudden spike in chargebacks. So it’s very important to be proactive about chargebacks, even if you aren’t currently seeing them.

So how can I protect myself?

You can never fully protect yourself from chargebacks, but you can take measures to make them less likely. Here’s some ideas:

  • Do what you say you’re going to do: Happy customers don’t initiate chargebacks. Shockingly, merchants that honor their agreements, provide high-quality products, and go out of their way to serve their customers receive fewer chargebacks than crooks.
  • Make your refund policy as simple as possible: Sometimes mistakes happen, even when you’re doing everything right. When mistakes happen, your customer has two choices: they can go through you, or they can initiate a chargeback. A simple, easy, and permissive refund policy will help ensure they make the choice that costs you the least money.
  • Be aware of how your charges appear on a credit statement: A shockingly high number of chargebacks occur simply because the cardholder doesn’t recognize a charge they made when they look at their credit statement. This is especially likely if you do business under a name other than your legal business name. If this is the case, you need to be clear with your customers about what name they’ll see on their statements.
  • Consider anti-fraud technology: If you’re a platform, WePay offers this as an integrated part of our payments at no extra charge. Yet individual merchants can benefit from a risk vendor too. In the past few years, vendors like Sift Science and Kount have sprung up offering services that use data about buyers to try to head off fraudulent payments before they go through. This can significantly cut back on chargebacks, but it can also be costly. You have to determine what your risk profile looks like and whether it makes economic sense for your business to implement one of these vendors.

About the author

Jeremy Milk

Jeremy Milk, Head of Marketing

Jeremy is WePay's head of marketing. Earlier, he held marketing and product leadership roles for Intuit QuickBooks, where he got hooked on fintech, and The Clorox Company. He's also a die-hard UNC basketball fan.

More blog posts by Jeremy Milk