What Visa Reason Code 10.4 Means
Visa reason code 10.4 is titled Other Fraud — Card Absent Environment. It applies to any transaction where the physical card was not present — primarily e-commerce, phone orders, and mail orders — and the cardholder claims they did not authorize or participate in the charge. This is Visa's primary fraud chargeback code for card-not-present merchants.
When an issuer files a 10.4 dispute, they are asserting on behalf of their cardholder that the transaction was unauthorized. The word "fraud" in the code name does not necessarily mean an organized criminal used the card — it can equally describe a family member's purchase the cardholder denies, a forgotten subscription, or a cardholder who received goods but prefers to dispute rather than return them.
The burden of proof rests entirely on the merchant. Without authentication data showing the cardholder was verified, or compelling evidence the legitimate cardholder participated in the transaction, issuers default to siding with the cardholder on fraud claims.
Code 10.4 is the catch-all CNP fraud code. If the cardholder is contesting goods not received (rather than denying authorization), the correct code is 13.1 (Merchandise Not Received). Evidence strategies differ significantly — a response built for 10.4 will fail on 13.1 and vice versa.
Cross-Network Equivalent Codes
The same dispute filed on a different card network uses a different code. If your customer base spans multiple networks, you will encounter all of these:
| Network | Code | Title | Notes |
|---|---|---|---|
| Visa | 10.4 | Other Fraud – Card Absent Environment | This page |
| Mastercard | 4837 | No Cardholder Authorization | Direct equivalent; same defense approach |
| Amex | F29 | No Cardholder Authorization | Amex CNP fraud; same liability shift via Amex SafeKey |
| Discover | UA02 | Fraud – Card Not Present | Discover's CNP fraud code; similar evidence requirements |
Common Trigger Scenarios
- Stolen card data used at checkout. A fraudster obtained card credentials via phishing, data breach, or dark web purchase and completed a purchase on your site. The legitimate cardholder sees an unfamiliar charge and disputes immediately.
- Unrecognized billing descriptor. The cardholder made the purchase but your company name on their statement does not match what they expect. They call their bank instead of you, and the bank files a 10.4 dispute before any investigation occurs.
- Household or family member purchase. A spouse, child, or roommate used the cardholder's saved payment details without explicit permission. The account owner disputes the charge claiming no authorization.
- Account takeover fraud. A fraudster gained access to an existing customer account via credential stuffing or phishing, used saved payment methods to place orders, and the legitimate customer discovers and disputes the charges.
- Deliberate friendly fraud. The cardholder received the goods or services and was satisfied but disputes the charge to obtain a free product, exploiting the fraud label to avoid the higher burden of proof in a consumer dispute code.
Key Deadlines & Timeframes
| Milestone | Timeframe | Notes |
|---|---|---|
| Cardholder Filing Window | 120 days | From the transaction processing date |
| Merchant Response Window | 30 days | From acquirer receipt of chargeback — your processor may impose a shorter deadline (as few as 7 days) |
| Pre-Arbitration | 30 days | If issuer rejects representment, merchant has 30 days to escalate |
| Arbitration Filing | 10 days | After pre-arbitration response, either party may file for Visa arbitration |
Visa's 30-day window is the maximum. Many acquirers and processors enforce internal deadlines of 7–15 days. Missing your processor's deadline means an automatic loss regardless of your evidence. Confirm the exact deadline the moment you receive the dispute notification.
Evidence You Will Need
Winning a 10.4 dispute without 3DS2 requires layering multiple data points. No single piece of evidence is sufficient on its own.
- 3DS2 / Visa Secure authentication record — the ECI value and authentication result showing the cardholder completed identity verification (triggers full liability shift)
- AVS response showing full match on street address and ZIP code with the issuer's records
- CVV/CVV2 match confirmation proving the buyer had the physical security code from the card
- IP address and geolocation data showing the transaction originated from the cardholder's known location
- Device fingerprint records linking the purchase device to previous undisputed transactions by the same customer
- Order confirmation email delivery receipt sent to the cardholder's verified email address
- Delivery confirmation to the AVS-verified billing address (for physical goods)
- Customer account history showing prior purchases, logins, and activity from the same account and device
Learn Exactly How to Package and Present This Evidence
The evidence list above is what you need to collect. How you sequence it, present it, and frame the narrative in your representment letter is what determines whether you win. The CNP Fraud Defense Guide covers the exact format, language, and submission strategy.
Learn exactly how to package and present this evidence →How Merchants Lose This Dispute
- No 3DS2 implementation. Without authentication data, the entire liability burden falls on the merchant. This is the single biggest reason merchants lose 10.4 disputes — not bad evidence, but no authentication infrastructure at all.
- Submitting AVS/CVV match data without delivery confirmation. An AVS match proves billing address was verified at authorization. It does not prove the legitimate cardholder made the purchase. Reviewers know this; treat it as supporting evidence only.
- Missing the response window. Even one day past your processor's internal deadline is an automatic loss. Dispute management software or calendar alerts are non-negotiable for CNP merchants with any dispute volume.
- Arguing the product was delivered instead of addressing the authorization claim. A 10.4 dispute is about whether the cardholder authorized the transaction, not whether the goods arrived. A delivery-focused response misses the point entirely and will fail.
Get the Step-by-Step Winning Strategy
Our CNP Fraud Defense Guide includes copy-paste representment language, the exact evidence sequence that performs best with Visa issuers, and the 3DS2 implementation checklist that shifts liability off your business permanently.
Get the step-by-step winning strategy →Response Framework Overview
A winning 10.4 response follows this high-level structure. The exact language, evidence sequencing, and narrative framing are covered in the premium guide.
- Lead with authentication data. If you have 3DS2 authentication, present this first — it immediately shifts liability and often ends the dispute in your favor without further review.
- Establish cardholder identity. Present AVS match, CVV match, device fingerprint, and IP/geolocation data as a unified package showing the person who transacted matches the cardholder's profile.
- Demonstrate account history. Prior undisputed purchases from the same account, device, or address undermine the fraud claim and suggest the cardholder knew the merchant.
- Address the specific transaction. Show order confirmation delivery to verified email, billing descriptor clarity, and any post-purchase communication that implies the cardholder was aware of the transaction.
Prevention Tips
- Implement 3D Secure 2 on all card-not-present transactions. This is the highest-ROI fraud prevention investment you can make. The liability shift alone pays for implementation many times over, and modern 3DS2 has minimal impact on conversion rates.
- Use a clear, descriptive billing descriptor. Your company name on the cardholder's statement should match your marketing name exactly. Include a phone number or URL in the descriptor so confused customers call you instead of disputing.
- Deploy device fingerprinting and behavioral analytics. These tools catch account takeover and stolen card use before the transaction clears, reducing your 10.4 volume at the source.
- Monitor Visa's Rapid Dispute Resolution (RDR) and Ethoca. These programs let you resolve disputes and issue refunds before they become chargebacks, saving you the chargeback fee and the ratio impact.
Frequently Asked Questions
What triggers a Visa 10.4 chargeback?
A 10.4 chargeback is triggered when a cardholder claims they did not authorize a card-not-present transaction. This includes e-commerce purchases, phone orders, and any transaction where the physical card was not present. The issuer files 10.4 when fraud is alleged in a card-absent environment.
Does 3D Secure eliminate Visa 10.4 chargebacks?
3D Secure 2 (Visa Secure) shifts liability to the issuer for authenticated transactions, meaning you are not financially responsible even if the chargeback is filed. You still receive the dispute notification but your acquirer should reverse it based on the authentication data. Without 3DS2, you bear full liability.
How long do I have to respond to a Visa 10.4 chargeback?
Visa allows 30 days from the date your acquirer receives the dispute to submit representment. However, your payment processor may enforce a shorter internal deadline — sometimes as few as 7 days. Always confirm your processor's specific timeline immediately upon receiving the dispute notification.
What is the difference between Visa 10.4 and 10.5?
Visa 10.4 covers card-absent fraud (e-commerce, CNP transactions) while 10.5 covers Visa Fraud Monitoring Program violations. Code 10.4 is the standard fraud chargeback most e-commerce merchants encounter. Code 10.5 is a compliance-related code tied to merchants flagged in Visa's fraud monitoring programs.