We've made some changes to our API
You're viewing documentation for our latest API. This will not impact your integration, but you will need the documentation relevant to you. If you have an account with Checkout.com you have received an email confirming which version to use.
Unsure which version you need? Contact Support
You're viewing documentation for our latest API. You can access the previous version if you need it.
Risk management
Frequently asked questions
Disputes arise when a customer queries a transaction with their card issuer – usually because the customer suspects fraud. The issuer then creates a formal dispute, which immediately reverses the payment (chargeback), and debits your account for both the payment amount and a dispute fee. For example, £15 for merchants in the UK.
You will then have the opportunity to challenge the dispute, and to provide the issuer with evidence of the legitimacy of the transaction.
For more information, see our disputes guide.
When a dispute is raised against a payment, a chargeback is initiated. The chargeback will immediately reverse the payment, and debit your account for both the payment amount and a dispute fee. The card network will hold these funds for the duration of the dispute process.
Based on the outcome of the dispute:
Dispute won - The disputed amount (chargeback) will be returned to your account.
Dispute lost - The disputed amount (chargeback) will be lost. You can take your case to arbitration if you want to argue your case further.
For more information, see our disputes guide.
In short, Strong Customer Authentication only applies to you if both of the following statements are true:
- You are located in the EEA or in the UK, and
- The card issuing bank is also located in the EEA or in the UK
Our Fraud Detection solution gives you the power to control what happens to the payments you process. Your risk strategy can be controlled from the Dashboard.
For more information about Fraud detection, see our Understand the Fraud Detection solution guide.
Each payment that has the risk set to true using our Unified Payments API will be assessed against the risk assessment rules you set in the Dashboard. You can set up your risk strategy, utilizing the Dashboard.
Yes. You can blocklist the following attributes in Fraud Detection:
- BIN
- card number
- email address
- email domain
- payment IP
- phone
Learn how the dispute process works on our Documentation site.
The expiry date for each dispute is specified in your Dashboard account.
We recommend you pay particular attention to Amex disputes, because they have a tighter time frame for re-presentment than other card schemes.
Learn more about how the disputes process works.
No. Card schemes require you to submit evidence as either a JPEG or PDF file. If you have an audio recording that supports your claim, we recommend transcribing its contents in order to submit that as evidence.
In addition, you cannot submit video files, links to third-party websites (a screenshot may be submitted if relevant), or file downloads. The issuer will not accept these as evidence. You also cannot ask for the card issuer to contact you for more information.
No. If you’ve already fully refunded the customer, we will automatically defend against the dispute by sending the issuer the refund information. You will not be debited the disputed amount, but you will be charged a dispute fee.
If you've partially refunded the customer, you still need to respond to the part of the dispute that covers the unrefunded amount. Once you've accepted or challenged that part of the dispute, we will send the evidence of your partial refund to the issuer.
You're not required to provide us with any supporting documents to re-present or deal with pre-arbitration for a fraud dispute, unless the payment was 3D Secure-authenticated by a third party.
If the payment was 3DS-authenticated by us, our Disputes team will proceed with re-presentment or dealing with pre-arbitration, using our internal authentication log as reference.
If the payment was 3DS-authenticated by a third party, which we do not recommend, you will need to provide us with the authentication log.
SCA, introduced by the revised Payment Services Directive (PSD2), is an upgraded security measure, used to authenticate online card payments. It came into effect on December 31, 2020 in the European Economic Area (EEA), and on September 14, 2021 in the UK.
3DS2 is the new version of the 3D Secure authentication protocol. It is the best way to implement SCA, adding multi-factor authentication and data-rich risk analysis to online card payments.
Learn more from the following resources:
If your business's bank and your customer's bank are in the EEA, the deadline for SCA readiness was December 31, 2020.
If your business's bank and your customer's bank are in the UK, gradual enforcement began in June 2021. Full enforcement begins on March 14, 2022.
We've compiled an SCA Compliance guide, which details how your business can comply with regulation.
You need to make sure that card payments you accept are either submitted with a 3D Secure (3DS) enabled flag, an exemption tag, or correctly flagged as a merchant-initiated or recurring transaction.
Learn more in our SCA compliance guide.
Yes, in some cases, 3DS1 may comply with Strong Customer Authentication and the issuer may still be using that version.
This is when the liability for fraud-related chargebacks shifts from you to the card issuer (generally the customer’s bank). For example, your customer denies they made a purchase, suspecting someone has stolen their card details.
The shift occurs when an online card payment is authenticated with 3DS. For more information, see our SCA compliance guide.
A retrieval request (also known as a request for information or soft chargeback) is a request from the customer's bank (the issuer) asking for more information about a transaction.
The issuer may do this before raising a formal dispute, or use it instead of a dispute, if they can no longer raise one because too much time has passed since the transaction.
No money is taken from your account at this stage. You should provide the requested information to the issuer as quickly as possible. And, if you think the transaction being questioned is not valid, it's best to refund the customer to avoid the potential of a formal dispute being raised.
If you act promptly, you may prevent a chargeback.
Visa and MasterCard (exception – Health Services in US) no longer support retrieval request, which has been replaced by Pre-dispute Resolution.
On the Dashboard, go to the Disputes tab.
This is where you can view all of your disputes and chargeback related information.
The rolling reserve is a percentage of your transactions that we hold as a reserve to cover any potential chargebacks or refunds.
If no losses are incurred, the reserve will be released to you at the time specified by your Merchant Services Agreement (MSA).
For more information, see Fixed and rolling reserve FAQs.
You can use our fraud detection system to prevent fraud and chargebacks by setting risk and transaction filtering rules.
You can also use our authentication technology to enable 3D secure (3DS) for your payments.
This means, in the event of fraud or chargebacks, it's the issuer that becomes liable for losses.
To learn more, see our Risk Management documentation pages.
You can set up risk rules in the Dashboard. Follow our Fraud detection guide to set up rules that reflect your risk strategy.
When the issuer raises the dispute, the payment is reversed. The disputed amount, along with a separate dispute fee, is deducted from your account as a chargeback.
The card network will hold these funds for the duration of the dispute process. Depending on the outcome of the dispute, these funds may be returned to you, or be lost.
If Checkout.com is your direct acquirer, we will manage your disputes. If you're currently using our gateway-only services through a third-party acquirer, we will not manage your disputes. In this case, contact your direct acquirer for support.
Once you've submitted your evidence, the issuer will review it and decide whether to accept or decline liability for the disputed amount. They may take up to 55 days to get back to you with their decision.
Go to the Dashboard and then the Risk tab, where you can access our fraud detection system. From there, go to Decline Lists and then the Risk Strategy tab. This is where you can add, edit and delete entries to be blocked from processing on your account.
Account management
Integration
Payments and refunds
Reporting
Risk management
Ecommerce platforms