What Discover Reason Code UA18 Means
Discover reason code UA18, Fraud — Chip Card, PIN Transaction, is filed when a cardholder disputes a card-present transaction where the chip was read and a PIN was entered. This is Discover’s chip-and-PIN fraud code, applying when the cardholder claims the transaction was unauthorized despite EMV chip authentication and PIN verification.
The central defense is EMV compliance. When a transaction is processed through a certified EMV terminal that successfully reads the chip and verifies the PIN, liability typically shifts to the issuer. If the merchant’s terminal was not EMV-compliant, or the transaction fell back to magnetic stripe, the merchant bears full fraud liability.
UA18 is chip-and-PIN fraud. UA20 covers chip-and-signature (no PIN). UA21 is keyed-entry fraud with no imprint. Each carries different liability rules tied to how the card was processed at the terminal.
Cross-Network Equivalent Codes
| Network | Code | Title | Notes |
|---|---|---|---|
| Discover | UA18 | Fraud – Chip Card, PIN Transaction | This page |
| Visa | 10.5 | Visa Fraud Monitoring Program | Visa card-present fraud |
| Mastercard | 4870 | Chip Liability Shift | Mastercard EMV chip fraud |
| Amex | F24 | No Cardmember Authorization | Amex general fraud code |
Common Trigger Scenarios
- Stolen card with PIN obtained via social engineering. A fraudster observed or tricked the cardholder into revealing the PIN, then used the physical card at a POS terminal.
- Card seized at ATM after PIN capture. The card was stolen after the PIN was skimmed or observed at an ATM, then used for chip-and-PIN purchases at retail locations.
- Counterfeit chip card with captured PIN. A cloned chip card with captured PIN data was used at an EMV terminal, generating a dispute the legitimate cardholder files as unauthorized.
- Merchant terminal fallback to magnetic stripe. Despite presenting a chip card, the terminal fell back to stripe, creating a non-EMV transaction the merchant must now defend without liability shift.
- Friendly fraud. A legitimate cardholder claims chip-and-PIN fraud on a transaction they actually authorized, denying involvement after the purchase.
Key Deadlines & Timeframes
| Milestone | Timeframe | Notes |
|---|---|---|
| Cardholder Filing Window | 120 days | From the transaction date |
| Merchant Response Window | 30 days | From Discover dispute notification |
| Pre-Arbitration | 30 days | If Discover rejects representment |
Evidence You Will Need
- EMV transaction data (ARQC/TC) — cryptographic proof the chip was read and PIN was verified at the terminal
- Terminal EMV compliance certification — documentation confirming your POS terminal is certified for EMV chip processing
- Authorization response with EMV data elements — the issuer auth record showing EMV data was transmitted during the transaction
- PIN verification record — offline or online PIN verification confirmation in the transaction log
- Terminal transaction log — full POS record showing chip read, not magnetic stripe fallback
Learn Exactly How to Package and Present This Evidence
The Fraud Defense Guide covers the evidence format for UA18 representments, EMV documentation requirements, and when a dispute is better accepted than contested.
Learn exactly how to package and present this evidence →How Merchants Lose This Dispute
- Non-EMV terminal (swipe-only). Without chip read capability, there is no liability shift. The merchant bears full card-present fraud liability.
- Magnetic stripe fallback. If the terminal fell back to stripe despite the chip card being present, the EMV liability shift does not apply.
- Terminal not certified or certification lapsed. An uncertified or outdated terminal certification negates the liability shift even if the chip was physically read.
- No EMV data in representment. Failing to include ARQC, TC, and PIN verification records leaves the core defense unsubstantiated.
Get the Step-by-Step Winning Strategy
Our Fraud Defense Guide covers the complete UA18 representment structure and EMV liability shift documentation requirements.
Get the step-by-step winning strategy →Response Framework Overview
- Confirm EMV compliance first — verify your terminal is certified and the chip was read, not swiped.
- Pull the full EMV transaction data — ARQC, TC, and PIN verification record are the core evidence package.
- Include terminal certification documentation — demonstrate your POS system is fully EMV-compliant and current.
- Present the complete authorization record — all EMV data elements from the issuer authorization response.
Prevention Tips
- Keep all POS terminals EMV-certified and software current. Lapsed certifications eliminate the liability shift protection at the worst possible time.
- Disable magnetic stripe fallback where possible. Fallback transactions carry no EMV protection and significantly increase fraud exposure.
- Maintain terminal certification records. Store EMV certification documentation for at least 18 months for use in dispute responses.
- Train staff on chip-required procedures. Staff should not allow customers to swipe a chip card when the terminal can process a chip read.
Frequently Asked Questions
Does EMV chip-and-PIN guarantee a win on UA18?
A compliant EMV terminal that reads the chip and verifies the PIN typically shifts liability to the issuer. Fallback transactions or lapsed terminal certifications do not qualify for the liability shift.
What if the terminal read the chip but did not require a PIN?
That scenario falls under UA20 (Chip Card, No PIN). UA18 specifically covers transactions where both chip data and PIN verification are present in the transaction record.
How long does a cardholder have to file a UA18 dispute?
120 days from the transaction date. The merchant response window is 30 days from Discover’s notification.