Why Does a Merchant Sometimes Get Charged Back the Cost of Fraudulent Transactions?
A small business owner notices a fraudulent charge got refunded to the customer, but instead of the loss landing on the bank that issued the card, it shows up as a deduction from the merchant’s own account.
At a glance
When a fraudulent charge is disputed, the cost is generally assigned based on which party failed to follow the security steps designed to prevent that type of fraud. If a merchant processed a transaction in a way that didn’t meet the applicable verification standard, the card networks and issuing banks can shift the resulting loss back to the merchant through a chargeback, even though the merchant wasn’t the one who committed the fraud.
How liability gets assigned
Card payment systems operate on a set of rules, largely set by the major card networks, that determine who bears the cost when a transaction turns out to be fraudulent. Broadly, liability tends to fall on whichever party had the weaker link in the verification chain for that particular transaction. A merchant who accepted a card swipe without chip verification when chip technology was available, for example, may bear more responsibility than one who processed the same card correctly. This liability-shift framework is separate from, but related to, how a payment app might handle a mistaken transfer, since both involve deciding who absorbs a loss after money has already moved.
Common reasons liability shifts to the merchant
- Card-not-present transactions. Online or phone orders, where the physical card can’t be verified, generally carry higher fraud risk, and merchants accepting these transactions often bear more liability by default.
- Outdated processing technology. If a merchant’s payment terminal doesn’t support current chip or contactless verification standards, and a fraudulent transaction could have been prevented by that technology, liability can shift toward the merchant.
- Failure to follow verification steps. Skipping ID checks, ignoring a security code mismatch, or bypassing a system’s fraud flags can also make a merchant more likely to absorb the cost.
- Chargeback disputes decided against the merchant. Even when fraud prevention steps were followed, a merchant can still lose a chargeback dispute if documentation is incomplete or the issuing bank’s review favors the cardholder’s claim.
Why this system exists
The core idea behind chargeback liability rules is to create an incentive for every party in a transaction, cardholders, merchants, and banks alike, to adopt stronger security measures. Placing cost on whichever party had the ability to prevent the fraud but didn’t is meant to push the entire payment system toward better practices over time, even though it can feel unfair to an individual merchant absorbing a specific loss.
How this connects to consumer protections
From a cardholder’s side, this liability-shifting system is part of why disputing a fraudulent charge on a personal account is often relatively straightforward: consumer protection rules generally limit an individual’s exposure to fraud losses, which means the cost has to land somewhere else in the chain, and that’s frequently the merchant or their payment processor. A bank’s decision to delay or flag a transaction for extra verification is part of that same broader effort to catch fraud before liability ever has to shift at all.
Worth remembering
A merchant bearing the cost of a fraudulent transaction isn’t random; it typically reflects a deliberate rule structure that assigns loss based on which party in the transaction had the tools to prevent it and didn’t use them. Understanding this framework helps explain why the same fraud type can play out differently across two businesses using different payment processes.