What Discover Reason Code UA23 Means
Discover reason code UA23, Fraud — Card Not Present, No Auth, is filed when a cardholder disputes a card-not-present transaction that was processed without obtaining a valid authorization from the issuer. This code specifically targets the failure to obtain proper authorization — the merchant processed the transaction without a valid auth code, or the authorization obtained was expired, declined, or invalid.
The combination of card-not-present fraud and no valid authorization creates the worst possible position for merchants. A valid authorization code is the foundational defense for any chargeback; without it, there is almost no defense available. 3D Secure authentication is the secondary defense that can shift liability to the issuer when present.
UA23 combines CNP fraud with a failure to obtain authorization. UA06 is CNP fraud where authorization was properly obtained but 3DS was absent. UA23 adds the failure to authorize as a separate liability element — making it significantly harder to defend than UA06.
Cross-Network Equivalent Codes
| Network | Code | Title | Notes |
|---|---|---|---|
| Discover | UA23 | Fraud – Card Not Present, No Auth | This page |
| Visa | 11.3 | No Authorization | Visa no-auth code |
| Mastercard | 4808 | Warning Bulletin/Authorization | Mastercard authorization failure |
| Amex | F29 | Card Not Present | Amex CNP fraud code |
Common Trigger Scenarios
- Transaction forced after a decline. A declined transaction is force-posted using a voice authorization code or bypassing the standard approval process, creating an unauthorized charge with no valid issuer authorization.
- Expired authorization settled late. An authorization was obtained but the transaction was not settled within the authorization validity window, resulting in settlement without a current valid auth code.
- Authorization obtained for different amount. The settled amount differs from the authorized amount in a way that invalidates the original authorization, and the cardholder disputes the charge.
- System error bypassed by manual processing. A system error caused the authorization step to be skipped, and the transaction was processed without verifying issuer approval.
- CNP fraud on top of authorization failure. A fraudster made an unauthorized CNP transaction, and the merchant compounded the problem by processing without proper authorization.
Key Deadlines & Timeframes
| Milestone | Timeframe | Notes |
|---|---|---|
| Cardholder Filing Window | 120 days | From the transaction date |
| Merchant Response Window | 30 days | From Discover dispute notification |
| Pre-Arbitration | 30 days | If Discover rejects representment |
Evidence You Will Need
- Valid authorization code — a Discover-issued authorization code that was current and valid at the time of transaction settlement
- 3D Secure authentication record — CAVV/AAV and ECI code showing successful 3DS authentication, which shifts liability to the issuer
- Authorization response record — the full authorization response showing the issuer approved the transaction amount
- Settlement timing documentation — proof the transaction was settled within the valid authorization window
- CVV2 and AVS match results — card verification and address verification results as supporting evidence
Learn Exactly How to Package and Present This Evidence
The Fraud Defense Guide covers the evidence format for UA23 representments, authorization documentation requirements, and when a dispute is better accepted than contested.
Learn exactly how to package and present this evidence →How Merchants Lose This Dispute
- No valid authorization code. Processing without a valid issuer auth code is the defining failure for UA23 — this dispute is almost impossible to win without one.
- Expired authorization settled late. Settling after the authorization validity window has passed results in no valid auth code at the time of settlement.
- Force-posted transactions. Force-posting a transaction after a decline creates a transaction with no valid issuer approval, which cannot be defended against UA23.
- No 3DS on top of no auth. Without either a valid authorization or 3DS authentication, there is no defense mechanism available for this dispute.
Get the Step-by-Step Winning Strategy
Our Fraud Defense Guide covers the complete UA23 representment structure and authorization documentation requirements.
Get the step-by-step winning strategy →Response Framework Overview
- Locate the authorization record first — a valid auth code is the only primary defense for UA23. Without it, assess whether contestation is viable.
- Check for 3DS authentication data — CAVV/AAV and ECI code can shift liability to the issuer and substitute for a strong authorization record.
- Verify settlement timing — confirm the transaction was settled within the authorization validity window and document this.
- Include all verification results — CVV2 match and AVS results as supporting evidence in the representment package.
Prevention Tips
- Never process a transaction without a valid authorization code. Forced transactions and settlements without current auth codes are the primary cause of UA23 disputes.
- Settle transactions within the authorization validity window. Most authorizations expire after a set period; settling late invalidates the auth code.
- Implement 3D Secure on all CNP transactions. 3DS is the secondary liability shift mechanism that can protect against UA23 even when the authorization is questioned.
- Never force-post a declined transaction. A decline means the issuer has rejected the charge. Force-posting creates an unauthorized transaction with no valid auth code.
Frequently Asked Questions
How is UA23 different from UA06?
UA06 is CNP fraud where authorization was obtained but 3D Secure was absent. UA23 adds the failure to obtain proper authorization as a separate element — making the merchant position significantly weaker because the foundational authorization defense is also missing.
Can 3D Secure fix a UA23 dispute if there is no auth code?
3DS authentication shifts fraud liability to the issuer, which can resolve the dispute in the merchant’s favor. However, 3DS does not address the underlying authorization failure. Both defenses working together provide the strongest protection.
How long does a cardholder have to file a UA23 dispute?
120 days from the transaction date. The merchant response window is 30 days from Discover’s notification.