10.4: Other Fraud – Card Absent Environment

Card-not-present fraud gets worse as more business moves online and it probably doesn’t shock anyone at this point. 10.4 chargebacks create a major problem because they put all the responsibility on merchants to prove the transaction was actually valid without being able to point to a physical card that was swiped or inserted. Merchants face financial damage beyond losing the original sale amount – you’re also looking at the chargeback fees on top of that and if these disputes start piling up, you could wind up with account restrictions from your payment processor.

Prevention strategies have become quite a bit more capable lately – that’s the good news. Most merchants use advanced authentication methods along with machine-learning fraud detection systems that can flag suspicious activity before the transactions actually go through.

How It Works

Cardholders who find an unfamiliar charge on their statements tend to set events in motion fast. Maybe it’s a charge from some random website they’ve never even heard of. Maybe it’s a subscription service they never signed up for in the first place. Either way, most cardholders will grab their phone and call the customer service number that’s printed on the back of their card.

Representatives who take these calls are going to ask quite a few questions about the suspicious transaction. They’ll want to know if anyone else in the household has the card information and they’ll also ask if the cardholder has ever done any business with that merchant before. Almost every bank will also ask the cardholder to fill out and submit afraud affidavitas part of their usual process.

After the bank reviews everything and decides that fraud most likely took place, they’ll file the chargeback under fraud reason code 10.4. Reviews usually wrap up within just a few days of the phone call – the transaction amount gets reversed and a chargeback notification goes to the merchant’s payment processor.

Most merchants learn about these chargebacks either through their payment processor’s online portal or through an email alert. That message includes all the relevant transaction info along with the exact reason code that triggered it. Merchants face a harsh reality – they’ve already lost those funds from the original sale by the time they even find out about the chargeback.

This timeline can catch merchants off guard with how fast everything moves. From the time a cardholder first places that fraudulent charge to when the merchant actually receives the chargeback alert it might only be one to two weeks. Merchants need to stay alert for those early warning signs – like multiple orders going to different shipping addresses or buying patterns that just look weird compared to normal customer behavior.

How it Affects Chargeback Prevention

A 10.4 chargeback puts you at a big disadvantage right from the start. These particular fraud disputes have some of the lowest win rates across the entire payments industry. Most merchants lose roughly80% of the timeif they choose to fight back against these claims.

Once you start to add up all the different costs that are involved, the financial hit becomes tough. Every 10.4 dispute that you lose means you’re out the product value, any shipping costs you covered and the full transaction amount that gets reversed. On top of all that, you still have to pay the chargeback fee that your processor charges. A small $100 fraudulent transaction can quickly wind up costing you $150 or more after all these fees add up.

Your merchant account is going to take a hit in this whole process as well. Payment processors watch your chargeback ratio very closely and they take it really seriously when those numbers start going up. Once your ratio goes past that1% threshold, you can expect your processing fees to increase really quickly. At that point, some processors are going to put your account on probation with very tight oversight laws. Some processors will just close your merchant account completely and sadly they can do this with very little warning.

Your business type determines how much danger you face from these chargebacks. Merchants who sell downloadable goods and online services usually see 10.4 chargeback rates that go above 2% of their total transactions. Physical product sellers usually manage to keep their rates below 0.5%. It’s mostly about how quickly fraudsters can get money from whatever you’re selling to them.

10.4 chargebacks are tough to stop and the biggest reason is that you’re almost always going up against organized criminals who have spent years perfecting their methods. These fraudsters are experts at covering their online tracks and they always come prepared with stolen credit cards that already have all the right billing information programmed in. Whatever fraud detection system you currently have running will completely miss these transactions because everything looks legitimate when the order is actually going through your checkout process.

Example Scenarios

Fraud has this tough way of hitting merchants when they least expect it and some of the ways it happens would probably shock most business owners. These merchants get hit even harder because chargebacks seem to come out of nowhere. One day everything looks fine and then suddenly they’re rushing to figure out what happened to their bottom line and how they missed all the warning signs.

Your revenue is steady, customers seem happy with what they’re buying and there haven’t been any big operational problems along the way. Around three months ago your payment processor actually experienced a pretty big data breach – except that nobody knows about it yet. Not you, not your customers and apparently not even the payment processor has figured out what happened at this point.

Here’s are a couple examples:

• Another case involved an online electronics store that thought they had done everything correctly. They received an order for three laptops worth $4,500 with Miami as the destination. Everything checked out – billing address matched the card perfectly, the CVV was valid and the customer even picked up the phone when they called to verify. Everything seemed legitimate on the surface. Small red flags were hiding in plain sight but the merchant didn’t catch them. It turned out the shipping address was a freight forwarder and the order came in at 3 AM local time. Uh oh. Two weeks later, the chargeback hit their account because the cardholder had been sound asleep in Seattle when that order went through.
• Travel bookings can be tough enough to catch even the most experienced operators off guard when they least expect it. One small tour company got what looked like an everyday last-minute booking for a luxury cruise package. Payment came through for the full $8,000 straight away, no questions asked and they even sent over a passport copy to verify their identity. All the checks were done, the paperwork looked to be in order and everything seemed to work out just fine. No chargeback showed up until after the cruise had already sailed, leaving the operator stuck with no way to get their money back – it turns out that the scammer had stolen the credit card information and the ID papers they needed, so everything matched up just fine when the company ran their checks.

Fraudsters who managed to get their hands on these stolen card numbers aren’t in any rush to use them instantly. Criminal operations like this are fairly strategic about their timing too – they’ll usually sit on batches of stolen payment data for weeks or even months, just waiting for the right time to make their move. Once they decide it’s time to act they start signing up for multiple subscriptions with your service, each account made with a completely different email address to make everything look real and each of these seemingly separate accounts gets funded with payment cards from that same batch of stolen data.

Requirements and Timeframes

Once you receive a Reason Code 10.4 chargeback, the clock starts ticking instantly. You have just 30 days to respond with all your evidence. Missing this deadline means that you’ll lose the dispute. No second chance or extension will come from the bank.

Cardholders get quite a bit more time to file their disputes. They have up to 120 days from the transaction date to claim fraud and this longer window means that you need to keep records for at least four months. Sometimes a transaction from way back in the previous quarter can come back to bite you.

Visa has laws about what evidence you need to send in. Proof of delivery with either a signature or tracking number is required. IP address verification matters – it should match their billing address and previous successful transactions with the same card help prove the customer actually authorized this order.

Back in 2019, something happened that caught the merchant community off guard – the response time for chargebacks got cut from 45 days down to just 30 days. Most merchants had no warning that this was coming and it left them rushing to adapt. Merchants now have far less time to pull together all their documentation and build a strong case with this new timeline. With chargebacks you don’t have much time and each day matters a great deal.

Documentation laws are very strict. You should include the order information and any customer communication records you have on file. Show whatever authentication methods you used to verify the cardholder. Use device fingerprints and geolocation data because they improve your case. Without strong evidence backing you up your odds of winning drop quite a bit.