4837: No Cardholder Authorization

One thing that catches merchants off guard is the scope of this code. It doesn’t just apply to online orders or card-not-present transactions where fraud feels more intuitive. Reason code 4837 also covers card-present transactions - the kind where a physical card was swiped, dipped, or tapped right in front of you. That broadens the exposure significantly, and it changes how you’ll have to gather your evidence and choose to fight back.

I’ll break down what 4837 means, why it happens, what your options are, and how to build a response that actually has a shot at winning. Whether you’re handling your first dispute or looking to tighten up your process after a string of losses, the goal here is to give you a clear, helpful picture of what you’re working with.

What Mastercard Reason Code 4837 Actually Means

At its core, reason code 4837 is a fraud chargeback. The cardholder is telling their bank that they had no involvement in the transaction whatsoever - they didn’t authorize it, they didn’t benefit from it, and they want their money back.

Mastercard groups 4837 under its “Fraud” dispute category, and that classification carries more weight than a dispute about a product not arriving or a refund not being processed - it’s a direct claim that the transaction itself was unauthorized, which puts the merchant in a harder position to defend from the start.

One thing worth learning about is how Mastercard handles fraud differently from Visa. Visa separates fraud into multiple reason codes depending on the situation. For example, Visa uses code 10.4 for card-absent fraud (like online purchases) and 10.3 for situations involving an incorrect account number. Mastercard takes a different approach and routes nearly all “no authorization” claims through a single code: 4837 - that means you can see the same reason code on a disputed in-store purchase and a disputed online order.

That consolidation is actually helpful context for merchants. When 4837 shows up, it doesn’t automatically tell you if the card was physically present or not. You have to look at the transaction facts to know what you’re dealing with. The reason code is the starting point.

There’s also an important distinction between a true fraud claim and what’s sometimes called “friendly fraud.” In a true fraud case, a criminal used the cardholder’s payment details without their knowledge. In a friendly fraud case, the actual cardholder made the purchase and is now falsely claiming they didn’t. Both disputes can arrive as 4837, and Mastercard’s system doesn’t distinguish between them at the code level.

That’s why 4837 shows up across so many different transaction types and industries - it’s a broad classification that covers a variety of fraud scenarios under one umbrella, and the transaction context is what tells the actual story.

The Timeline Rules That Catch Merchants Off Guard

Deadlines are where merchants lose ground with 4837 disputes, and the difference between the two timelines is pretty serious. A cardholder has as many as 120 calendar days from the transaction date to file a chargeback. The merchant or acquirer, on the other hand, gets just 45 days to respond once that chargeback lands.

That 120-day filing window is a long time. A customer could dispute a transaction from nearly four months ago, and the chargeback would still be valid. For merchants who don’t monitor their accounts closely, that means a dispute can appear well after the original sale is old news.

The 45-day response window shrinks quickly once you factor in how disputes actually get seen. Smaller merchants check their payment dashboards less frequently, and notifications from acquirers don’t always feel urgent. By the time a merchant sees the chargeback and understands what it is, a chunk of that window may already be gone.

Miss the deadline entirely, and the chargeback is automatically decided in the cardholder’s favor. There’s no appeal process for a late response - the funds are returned to the customer and the case is closed. It’s the outcome merchants most want to avoid, because there’s no recovery path once that window closes.

It also helps to know that the 45-day clock starts from when Mastercard processes the chargeback, not necessarily when the merchant receives the notification. That distinction matters because processing and delivery don’t always happen on the same day. Checking your dispute queue multiple times per week is the most reliable way to make sure that you’re not working with less time.

Common Triggers Behind a 4837 Chargeback

Stolen card numbers are one of the most common causes. A fraudster gets hold of card details through a data breach or phishing attack and uses them to make purchases before the actual cardholder even knows anything is wrong.

Account takeovers work a little differently - this is where the fraudster gets into the cardholder’s account and makes purchases from inside it. The card issuer still sees no authorization from the actual cardholder, so the chargeback lands the same way as any other 4837.

Friendly fraud is where things get harder to predict. The cardholder made the purchase themselves but later tells their bank they didn’t - this happens for various reasons - sometimes the person regrets the buy, sometimes they don’t find the merchant name on their statement, and sometimes they’re just trying to get something for free. It’s frustrating because there’s nothing the merchant could have done differently at checkout. How your credit card descriptor appears on statements can make a real difference in how often this happens.

Family fraud follows a similar pattern but is its own category worth learning about. A spouse, child, or other family member uses the cardholder’s payment details without asking. The cardholder reports it as unauthorized and the merchant is left holding the dispute even though the transaction itself went through cleanly.

Certain transaction types draw more of these chargebacks than others. Digital goods are a big one because delivery is instant and there’s nothing physical to return. Subscriptions also see a high rate because cardholders forget they signed up and assume unauthorized activity when they see a charge months later.

Card-not-present transactions carry more exposure across the board. If you don’t have a physical card or a PIN, there’s less friction to stop fraudulent purchases from going through and less evidence for the merchant to use later.

Merchants in travel, software, and gaming tend to see the highest volume of 4837 disputes because they check nearly every box on that list at once.

How to Build a Chargeback Rebuttal That Actually Works

When a 4837 chargeback lands, you have 45 days to respond before the dispute is decided without your input. That window moves fast, so knowing what evidence to pull together before you sit down to write is half the battle.

The strongest rebuttals lead with documentation that ties the cardholder to the transaction. For in-person sales, that means a signed receipt or a chip-and-PIN record showing the card was physically present. For online orders, you want AVS match data, IP addresses, device fingerprinting, and any account login history that shows the purchase came from a recognized device.

Delivery confirmation matters more than you might know. A confirmed delivery to the billing address - with a timestamp - makes it much harder for a cardholder to claim they never authorized the purchase. Pair that with email correspondence or order history and your case gets considerably stronger.

What a Strong Rebuttal Letter Looks Like

Structure your rebuttal letter so it tells a short, logical story. Open with the transaction facts, then walk through your evidence piece by piece, and close by explaining why the evidence supports authorization. Keep it factual and direct - the card network reviewer reading this is not looking for a persuasive essay.

Attach your evidence as labeled exhibits and reference each one in the body of the letter. A disorganized rebuttal - even with great evidence - is easy to dismiss.

There is one more thing worth knowing about here. If an account receives more than 15 fraud-coded chargebacks, Mastercard can block or reroute future disputes from that merchant entirely. A strong rebuttal is not just about winning one case - it’s about keeping your dispute process functional, especially when you consider what happens if you never respond at all. Merchants who accumulate too many fraud chargebacks may also find themselves classified as an excessive chargeback merchant, which carries serious consequences beyond any single dispute.

Keeping 4837 From Becoming a Recurring Headache

The habits that cut back on 4837 exposure are not tough, but they do need consistency. Clear and recognizable billing descriptors, standard review of transaction data for anomalies, and carrying out strong authentication are the types of standard practices that quietly prevent disputes from arising. None of these are one-time fixes - they are part of how a well-run payment operation works day to day.

If 4837 chargebacks have been showing up with any regularity, that’s a signal worth taking seriously instead of pushing aside. Take a close look at your latest dispute process now, while things are calm - not after the next chargeback notification lands. Know where your evidence lives, make sure your team understands the timelines, and check if your fraud prevention tools are doing the job they were set up for. A little preparation now is worth far more than a frantic response later.