Premium / Reason Code Guides / Visa 10.4
REASON CODE GUIDE · VISA

Visa 10.4: Other Fraud – Card Absent Defense Playbook

The most filed Visa chargeback code. Evidence requirements, critical mistakes, and winning response frameworks for card-not-present fraud disputes.

Response Window 30 days from notification
Merchant Difficulty High liability defaults to merchant
Category Fraud 10.x series
Threshold $0 no minimum transaction
Dispute Rate ~40% of all Visa disputes

What This Dispute Means

Visa reason code 10.4 is filed when a cardholder claims they did not authorize a card-not-present (CNP) transaction. It is the single most common Visa chargeback code and accounts for roughly 40% of all Visa disputes. The overwhelming majority of 10.4 cases arise from e-commerce purchases where the physical card was never presented at a terminal.

Unlike consumer dispute codes, the cardholder is asserting that they had no knowledge of or involvement in the transaction. That distinction is critical: you are not defending whether a product was delivered — you are defending whether the legitimate cardholder authorized the purchase in the first place.

In a card-not-present environment, liability defaults to the merchant unless you can demonstrate that the legitimate cardholder placed the order. If you processed the transaction without 3DS2 authentication, you are carrying the full liability. Your only path to winning is proving authorization through behavioral and technical evidence tied to the cardholder's known identity.

Network Coding

All four major networks code CNP fraud disputes under different codes. If you process across multiple networks, the evidence requirements overlap significantly, but timelines and submission processes differ.

Network Code Official Name
Visa 10.4 Other Fraud – Card Absent Environment
Mastercard 4837 No Cardholder Authorization
American Express F29 Card Not Present Fraud
Discover UA02 Fraudulent Transaction – Card Absent

Required Evidence

Winning a 10.4 rebuttal is almost entirely a data exercise. These three categories form the foundation of every response. Missing any one of them significantly reduces your probability of success, regardless of what else you submit.

#1 — Transaction authorization data

The technical record of what happened at the moment of authorization. This proves the system accepted the transaction — not just that a payment was processed.

Data Point What to Submit
AVS Result The Address Verification System result code showing the billing address entered at checkout matched the card on file. Include the full result code (e.g., Y = full match).
CVV Result Confirmation that the card security code was correctly entered at checkout. A passing CVV result is corroborating evidence that the cardholder had the physical card (or at minimum the security code).
3DS2 Authentication If you used 3D Secure authentication and the cardholder authenticated, include the authentication response code. A successful 3DS2 authentication shifts liability to the issuer — this is your strongest possible evidence.

#2 — Device and identity evidence

Technical data linking the session that placed the order to the cardholder's known identity and device history. This is the core of every winning 10.4 response.

Evidence Type What to Submit
IP Address & Geolocation The IP address of the session that placed the order, plus geolocation data showing the city/region. Compare this to the cardholder's billing address region and to prior authenticated sessions.
Device Fingerprint A browser or device fingerprint tied to the transaction session. If this fingerprint matches prior authenticated sessions for the same account, include that history. This is powerful evidence the same device — and likely the same person — placed this order.
Prior Purchase History Transaction records showing the same device, IP range, or account placed previous orders that were not disputed. A pattern of legitimate purchases from the same device is difficult for a cardholder to explain away.

#3 — Order and account activity

Evidence that the cardholder's account was actively engaged with the transaction — before and after the charge.

Evidence Type What to Submit
Shipping Address Match Confirmation that the shipping address matches the cardholder's billing address or a previously used ship-to address on their account. A mismatch requires explanation; a match is supporting evidence.
Email Engagement Order confirmation email delivery and open records. An email opened by the recipient at the cardholder's address shortly after the order was placed suggests awareness of the transaction.
Post-Purchase Activity Account logins, product usage, download logs, or support contacts after the transaction date. Any engagement with the purchased product after the charge is strong evidence the cardholder was involved.

Strongly Recommended Evidence

Required evidence establishes that the transaction passed technical authorization. Strongly recommended evidence establishes that the cardholder's specific identity was present. The distinction matters because issuers can accept your required evidence while still ruling for the cardholder if there is no behavioral link to the specific person.

#4 — Account creation and history

Evidence Type What to Submit
Account Age The date the account was created. An account created months or years before the disputed transaction, with the same email and shipping address, is consistent with a long-term customer — not a fraudster.
Profile Consistency Evidence that the email address, phone number, and shipping address on the account at the time of the transaction had been there since account creation. New address additions immediately before the disputed charge warrant scrutiny; longstanding profile data supports your case.

#5 — Customer communications showing awareness

  • Order confirmation email opened by the recipient — include open timestamp and IP where available.
  • Any reply or follow-up email from the customer after the order was placed, even about an unrelated topic — proves they are active in the account.
  • Shipping notification emails that were opened, including tracking link clicks.
  • Support contacts referencing the order by product name, order number, or other specific detail — a fraudster would not follow up about the item they supposedly did not authorize.

#6 — Signed terms and checkout consent

  • A screenshot or record of the checkout consent flow, showing the cardholder agreed to purchase terms at the time of the transaction.
  • Signed terms of service if your checkout requires explicit acceptance.
  • For subscription products: the original recurring billing authorization with full timestamp and IP address.
Critical Insight

Visa 10.4 is won or lost on device and IP data. If you cannot tie the transaction to a device fingerprint or IP that matches the cardholder's known location, your chances of winning drop significantly. Invest in fraud tools that capture this data at checkout — retroactively trying to reconstruct device attribution after a dispute is filed is rarely successful.

Supporting Evidence

These items rarely win a dispute on their own, but they round out your case and become important if the dispute escalates to Visa arbitration.

#7 — Product and delivery documentation

  • Order confirmation showing exactly what was purchased, when, and at what price.
  • For physical goods: carrier tracking number and delivery confirmation to the address the cardholder provided.
  • For digital goods: access logs and usage records showing the product was downloaded or used after the charge.
  • If the product required the customer to create or log into an account: session logs showing account activity post-purchase.

#8 — Fraud tool outputs and risk signals

  • Output from any fraud scoring tool you use (e.g., Kount, Signifyd, Stripe Radar) showing the transaction's risk assessment at the time of authorization. A low-risk score from your fraud system, combined with other evidence, reinforces that the order appeared legitimate.
  • Any positive identity verification outputs — phone number verification, email verification, or knowledge-based authentication results.
  • Evidence the shipping address was verified against a USPS or commercial address database before fulfillment.

Critical Mistakes

Most merchants lose 10.4 disputes not because they lack a defense, but because their rebuttal is poorly assembled. Arbitrators have seen every variation of a weak response. These are the mistakes that consistently result in lost disputes.

Mistake #1: Submitting a generic denial without IP or device data

A bare statement that "the order was valid" or "we processed the transaction correctly" is not evidence. Visa arbitrators are looking for technical signals that prove the cardholder was present at the transaction — not assurances from the merchant that everything was fine.

What to do instead

Pull the IP address, geolocation, and device fingerprint from your payment processor or fraud tool logs immediately when a dispute arrives. This data exists at authorization time — if you have not archived it, start doing so now for future transactions.

Mistake #2: Relying on AVS alone as a primary defense

An AVS match confirms that an address was entered correctly — it does not prove the cardholder entered it. A fraudster who purchased stolen card data along with the billing address will also pass AVS. Submitting AVS as your sole evidence signals to the reviewer that you have nothing stronger.

What to do instead

Use AVS as a corroborating signal, not a foundation. Pair it with device fingerprint, IP geolocation, and prior purchase history. AVS is evidence that supports your case; it cannot carry your case on its own.

Mistake #3: Missing the 30-day response window

A late submission is automatically rejected regardless of how strong your evidence is. Visa is strict on its deadlines — there are no extensions and no appeals for late responses. The 30-day clock starts from the date of the chargeback notification, not from when you notice it.

What to do instead

Set up automated alerts for incoming disputes and assign a single owner to monitor response deadlines. Use a calendar reminder for the response due date the day you receive the notification. Build your response within the first two weeks so you have time to review before submitting.

Mistake #4: Addressing the wrong dispute type

Submitting proof of delivery when the dispute is about authorization — not receipt — is one of the most common and avoidable errors. A 10.4 dispute is not saying the item never arrived; it is saying the cardholder never authorized the purchase. Delivery evidence does not respond to that claim.

What to do instead

Always read the specific dispute code and the cardholder's stated reason before assembling evidence. Build your response around the actual claim — for 10.4, that means authorization evidence, not logistics documentation.

Mistake #5: Including irrelevant documents that dilute your response

Return policies, product descriptions, and general company terms are not evidence of cardholder authorization. Including them pads the submission without adding evidentiary value — and makes the reviewer work harder to find what matters. Reviewers processing high volumes give more weight to concise, focused responses.

What to do instead

Include only documents that speak directly to whether the cardholder authorized the transaction. Lead with your strongest technical evidence. Label everything clearly. Keep the response to the minimum necessary to make your case.

Winning Response Framework

Structure matters as much as content. Arbitrators review dozens of responses simultaneously — a well-organized rebuttal that leads with the strongest evidence gets more weight than a dense document dump. Follow this sequence for every 10.4 response.

Step 1 — Identify the chargeback clearly

Template Language
Case Number [DISPUTE_REFERENCE_NUMBER] We are responding to the Visa 10.4 chargeback against the [MM/DD/YYYY] transaction made by [CARDHOLDER_NAME] in the amount of [$AMOUNT]. Please find our response and supporting documentation attached.

Step 2 — Summarize your case explicitly

State the facts of the authorization in plain language. Do not make the reviewer infer authorization from your documents — lead them to the conclusion directly.

Template Language
This transaction was placed by the authorized cardholder. The order was submitted from IP address [IP_ADDRESS], located in [CITY, STATE] — consistent with the cardholder's billing address region. The transaction passed AVS and CVV verification. The device fingerprint matches [NUMBER] prior authenticated sessions on this account. The customer's account was created on [ACCOUNT_CREATION_DATE]. Prior orders on [DATE_1] and [DATE_2] were processed from the same device without dispute. The cardholder has not contacted us to report any unauthorized use of their account prior to filing this chargeback. The following documentation is attached: - IP address and geolocation report - Device fingerprint and prior session history - AVS and CVV verification records - Order and account history - Post-transaction account activity

Step 3 — Sequence your evidence by strength, not chronology

Put your strongest evidence first. Reviewers pay the most attention at the start and fade as the document grows longer. IP/device data belongs on page one — not buried at the end.

Priority Evidence Type
First IP address, geolocation, and device fingerprint — linked to prior authenticated sessions if available.
Second Post-transaction account activity — logins, product access, email engagement, support contacts after the charge date.
Third AVS and CVV confirmation, 3DS2 authentication results if applicable, authorization approval code.
Last Account history, prior transaction records, checkout consent, order confirmation details.

Step 4 — Label and explain each exhibit

Every piece of documentation should be named, numbered, and given a one-sentence explanation. Do not make the reviewer guess what they are looking at — context shapes how evidence is perceived.

Template Language
Exhibit A: IP Address and Geolocation Report IP address [IP_ADDRESS] resolves to [CITY, STATE, COUNTRY]. This IP is within 12 miles of the cardholder's billing address zip code. Our logs show [NUMBER] prior logins from the same /24 IP range on [DATE_1], [DATE_2], and [DATE_3].

Real-World Examples

Winning Example — Software Subscription

The situation: $149 annual software subscription. Cardholder disputed 45 days after purchase claiming "I never authorized this charge. I don't know this company."

Opening statement submitted:

Opening Statement
"The cardholder authorized this transaction. The order was placed from IP address 72.45.183.201, which geolocates to Portland, OR — matching the cardholder's billing zip code within 8 miles. The device fingerprint matches 6 prior authenticated sessions on this account, including a login 3 days before the disputed charge. The account was created 14 months before this transaction. Following the charge, the cardholder logged in twice and used the software for a total of 4.2 hours before filing the dispute."

Evidence provided (in order submitted):

Page Evidence
1 IP geolocation report showing 72.45.183.201 in Portland, OR — same metro area as billing zip. Session log showing same device fingerprint across 7 sessions, including 3 days before purchase and twice after.
2 Usage logs showing 4.2 hours of active software use across 3 sessions after the disputed charge date, with feature activity timestamps.
3 AVS result: full match. CVV result: match. Account creation date: 14 months prior. Prior transactions on the account with no disputes filed.
4 Order confirmation email sent to cardholder's registered email address with open event recorded 2 hours after purchase.

Result: Chargeback successfully represented. Claim abandoned.

Why it won:

  • Device fingerprint matching 6+ prior sessions directly contradicts the "I don't know this company" claim — the cardholder had clearly used the account many times
  • Post-charge software usage proves the cardholder had access and used the product — impossible to square with an unauthorized transaction
  • IP geolocation consistent with billing address removes any ambiguity about whether this was a stolen card used from a different location
  • Account age of 14 months establishes a long customer relationship, not a one-off fraudulent transaction
Losing Example — Online Electronics Store

The situation: $312 purchase of wireless earbuds. Cardholder disputed 15 days after purchase claiming "I did not make this purchase. This is fraud."

What they submitted:

Response Submitted
"We dispute this chargeback. The order passed our address verification and the CVV code was entered correctly at checkout. The order was shipped to the customer's billing address via UPS and delivered on [date]. We have been in business for 12 years and use secure payment processing. The customer is attempting to defraud us by keeping the product and reversing the payment."

Result: Dispute ruled in cardholder's favor.

Why it lost:

Mistake Explanation
AVS/CVV as primary evidence These are entry-level authorization signals, not proof the cardholder placed the order. A fraudster with stolen card data including the billing address will also pass AVS and CVV.
No IP or device data The only evidence linking the order session to the cardholder was address verification — nothing showed who was behind the keyboard.
Delivery as authorization evidence Proving the item arrived at the billing address does not prove the cardholder ordered it. A 10.4 dispute is about authorization, not delivery.
Accused the customer "Attempting to defraud us" is adversarial and irrelevant. Reviewers respond to evidence, not allegations.

What they should have submitted:

  • IP address of the order session with geolocation data confirming it matched the cardholder's location
  • Device fingerprint showing the same device had placed prior orders or logged into the account
  • Post-delivery account activity — any login, email engagement, or support contact after the charge date
  • Prior purchase history from the same device or account showing a pattern of legitimate orders

Before You Submit

Run through this checklist before finalizing your response. A complete response takes 15 minutes to review — an incomplete one may cost you the dispute.

Authorization data

  • Authorization approval code from payment processor included
  • AVS result code included (full match preferred)
  • CVV verification result included
  • 3DS2 authentication result included if applicable

Device and identity evidence

  • IP address of the order session recorded and included
  • Geolocation of the IP address compared to cardholder's billing address
  • Device fingerprint or browser fingerprint from the transaction session
  • Prior sessions from the same device or IP range documented

Account and behavioral evidence

  • Account creation date included — must predate the disputed transaction
  • Prior orders from the same account without disputes documented
  • Order confirmation email delivery and open record included
  • Post-transaction account activity (logins, product use, email engagement) documented

Response structure

  • Opening statement explicitly addresses authorization — not delivery
  • Evidence organized by strength, not chronology
  • Each exhibit labeled and explained in one sentence
  • No irrelevant documents included (return policies, product descriptions)
  • Response submitted within 30 days of dispute notification

Proactive Prevention

The most effective 10.4 defense is the evidence you collect before a dispute is ever filed. These steps reduce your exposure and build a documentation trail that makes responses straightforward.

Action Why It Matters
Implement 3DS2 authentication A successful 3DS2 authentication shifts chargeback liability to the issuer for fraud disputes. This is the single most effective protection against 10.4 disputes. For high-risk transactions, 3DS2 is not optional — it is your liability shield.
Capture and archive device fingerprints at checkout Device fingerprint data must be captured at the moment of transaction — it cannot be reconstructed after the fact. Use your payment processor or a fraud tool that captures this automatically and stores it linked to the transaction record.
Log IP addresses with geolocation at every transaction Store the full IP address plus geolocation in your transaction records. Many merchants capture the IP but not the geolocation — both are needed for a credible 10.4 defense.
Enable usage tracking for digital products Log every login, download, and significant usage event with timestamp and IP address. For subscription services, session data is among your strongest evidence that the cardholder was actively using the account they claim to know nothing about.
Build post-purchase email sequences Order confirmations, shipping notifications, and follow-up emails create an engagement record. Track open events and clicks. Every email interaction creates documented evidence of the cardholder's awareness of the transaction.
Monitor for dispute-to-transaction lag Friendly fraud disputes filed weeks after the purchase — especially after product use — are a different risk profile than disputes filed within hours of the transaction. Building behavioral analytics helps you identify and prioritize strong rebuttals.
About This Guide

This playbook is updated at least twice annually to reflect changes in Visa's dispute rules and issuer practices. Document Version: 2026.1 · Last Updated: March 2026 · Covers: Visa 10.4 / Card-Not-Present Fraud

Related Guides

Continue building your chargeback defense knowledge:

Visa · Consumer Dispute Visa 13.1: Merchandise / Services Not Received Mastercard · Fraud Mastercard 4837: No Cardholder Authorization Amex · Fraud Amex F29: Card Not Present Fraud