What Discover Reason Code UA28 Means
Discover reason code UA28, Fraud — Digital Goods, is filed when a cardholder disputes a transaction for digital goods or services as fraudulent. Digital goods — software, downloads, streaming access, gaming credits, digital gift cards, and similar non-physical products — present a unique chargeback challenge because there is no physical delivery to document.
The defense relies entirely on digital evidence: access logs showing the download or content was accessed, IP addresses linking the activity to the cardholder’s known device, device fingerprints, email confirmation records, and login data. 3D Secure authentication is also critical — it shifts liability to the issuer and is the strongest single defense for UA28.
UA28 is digital goods fraud. UA06 is general CNP fraud. UA12 is the cardholder’s explicit CNP fraud claim. UA28 specifically targets digital products — the evidence requirements focus on proving digital delivery and cardholder access, not physical shipment.
Cross-Network Equivalent Codes
| Network | Code | Title | Notes |
|---|---|---|---|
| Discover | UA28 | Fraud – Digital Goods | This page |
| Visa | 10.4 | Other Fraud – Card Absent | Visa CNP fraud code |
| Mastercard | 4853 | Cardholder Dispute | Mastercard digital goods dispute |
| Amex | F29 | Card Not Present | Amex CNP fraud code |
Common Trigger Scenarios
- Stolen card used to purchase digital goods. A fraudster uses a stolen card number to purchase game credits, software, or digital downloads that are immediately consumed and non-refundable.
- Account takeover for digital content. A fraudster accesses the cardholder’s account and purchases digital goods using saved payment credentials, then claims fraud after the content is consumed.
- Friendly fraud on digital goods. A legitimate cardholder purchases and consumes digital goods, then disputes the charge claiming fraud — particularly common for gaming credits, subscriptions, and digital gift cards.
- Unauthorized family member purchase. A household member purchases digital goods using the cardholder’s saved payment method without explicit permission, and the cardholder disputes the charges.
- No 3DS on high-value digital purchase. A high-value digital goods transaction was processed without 3D Secure authentication, creating no liability shift record for the merchant.
Key Deadlines & Timeframes
| Milestone | Timeframe | Notes |
|---|---|---|
| Cardholder Filing Window | 120 days | From the transaction date |
| Merchant Response Window | 30 days | From Discover dispute notification |
| Pre-Arbitration | 30 days | If Discover rejects representment |
Evidence You Will Need
- 3D Secure authentication record — CAVV/AAV and ECI code showing successful 3DS authentication, which shifts liability to the issuer
- Download or access logs — server logs showing the digital goods were accessed, downloaded, or activated from the cardholder’s IP address
- IP address and device fingerprint — evidence linking the purchase and consumption to the cardholder’s known device and location
- Login records — account access logs showing the cardholder’s credentials were used to initiate the purchase and access the content
- Email confirmation with delivery — order confirmation email sent to the cardholder’s verified email address showing the goods were delivered
Learn Exactly How to Package and Present This Evidence
The Fraud Defense Guide covers the evidence format for UA28 representments, digital delivery documentation requirements, and when a dispute is better accepted than contested.
Learn exactly how to package and present this evidence →How Merchants Lose This Dispute
- No 3DS on the disputed transaction. Without 3D Secure data, UA28 is extremely difficult to win. The merchant bears full CNP fraud liability with no liability shift record.
- No access logs or delivery records. For digital goods, without showing the cardholder’s account or IP address accessed the content, there is no proof of digital delivery.
- Content accessed from unrelated IP or device. If access logs show the content was consumed from an IP or device with no connection to the cardholder, this supports the fraud claim rather than defeating it.
- No account authentication on purchase. Digital goods purchases made without account login or identity verification have no evidence chain linking the cardholder to the transaction.
Get the Step-by-Step Winning Strategy
Our Fraud Defense Guide covers the complete UA28 representment structure and digital goods evidence requirements.
Get the step-by-step winning strategy →Response Framework Overview
- Check for 3DS authentication record first — if it exists, lead with CAVV/AAV and ECI code as the primary evidence.
- Pull access and delivery logs — server logs showing the content was accessed from the cardholder’s IP address are the core evidence for digital delivery.
- Document login and account activity — records showing the cardholder’s account credentials were used to purchase and access the goods.
- Include IP and device fingerprint matching — correlate the purchase IP with the cardholder’s known device history to establish that the legitimate cardholder was present.
Prevention Tips
- Implement 3D Secure on all digital goods transactions. 3DS is the only mechanism that shifts CNP fraud liability to the issuer and is essential for UA28 defense.
- Log all digital delivery events with IP and timestamp. Server-side access logs are the primary evidence that digital goods were delivered to the cardholder’s device.
- Require account authentication before purchase. Login with verified credentials creates an evidence chain linking the cardholder to the transaction and consumption.
- Use device fingerprinting and fraud scoring. Velocity checks, device fingerprinting, and IP geolocation identify suspicious purchases before they process and provide evidence for dispute responses.
Frequently Asked Questions
Does 3D Secure guarantee a win on UA28?
3DS authentication shifts liability to the issuer, typically resolving the dispute in the merchant’s favor. Only full authentication provides the liability shift — confirm which ECI codes qualify with your processor. For digital goods with no 3DS, win rates are very low.
Can download logs substitute for 3DS in a UA28 dispute?
Access logs showing the content was downloaded from the cardholder’s IP address are strong corroborating evidence but do not provide a liability shift on their own. They can tip a borderline decision but are not a substitute for 3DS authentication.
How long does a cardholder have to file a UA28 dispute?
120 days from the transaction date. The merchant response window is 30 days from Discover’s notification.