Skip to main content
Marsh logo

Article

Merchant chargeback fraud: A growing risk for payment processors

Exploring the material risk of merchant chargeback fraud in the payment processing sector. We also examine risk mitigation strategies such as insurance.

24/06/2026 · 5 minute read

Merchant chargeback fraud is an increasingly material risk for payment processors operating at scale. Unlike traditional “card-not-present” fraud, which occurs when stolen card details are used for purchases without the physical card, typically online or over the phone, this form of fraud involves the deliberate collusion between a merchant and an end customer to manipulate the chargeback process. The fraud has the effect of shifting financial loss onto the payment processor. As economic pressures and fraud sophistication increase, this risk deserves the payment processing industry’s focused attention from both a risk management and insurance perspective.

Understanding the exposure

In a typical chargeback fraud scenario, without involving merchant collusion, a legitimate transaction is processed and fulfilled, after which the end customer disputes the charge, falsely claiming non-delivery, unauthorised use, or service dissatisfaction. Where the merchant is also complicit, they may intentionally fail to contest the chargeback, provide misleading evidence, or recycle the scheme across multiple transactions. For payment processors operating under “no questions asked” or “zero liability” card schemes, this commonly results in a requirement to immediately refund the end customer for their apparent loss, and critically, with no recourse available to the merchant who, given their role in the fraud, is often a shell company or otherwise not a viable route of recovery. When operated as a wide-scale fraudulent scheme, individual relatively low-value transactions can aggregate into significant financial liabilities.

The ultimate outcome for the payment processor can therefore be repeated financial losses, inflated chargeback ratios, potential card scheme penalties, and regulatory scrutiny.

This risk is particularly acute for processors serving high-growth e-commerce, digital services, subscription models, and cross-border merchants, where transaction volumes are high, and oversight can be more complex.

What the data tells us

The LexisNexis Risk Solutions Cybercrime Report highlights a sharp rise in first-party fraud, the category that includes chargeback fraud. According to the report:

  • First-party fraud accounted for 38% of all reported fraud globally in 2025, up from 15% in 2023, making it the single largest fraud category worldwide.
  • In the UK, first-party fraud represented approximately 51% of all reported fraud incidents in 2025, underscoring the scale of the issue in mature card markets.
  • LexisNexis attributes much of this growth to economic pressure and a growing perception that chargeback abuse is “low risk” for participants.

While the report primarily measures customer-driven activity, Marsh has observed increasing evidence that organised abuse, including merchant collusion, is contributing to sustained loss patterns for payment processors and acquirers. 

Case study

A European subsidiary of a UK-domiciled payment processor firm acted for a merchant, creating authorisation to collect payments from payers via a Single Euro Payments Area (SEPA) mandate. SEPA is an EU payment scheme which simplifies bank transfers transacted in Europe, enabling faster and more efficient cross-border payments. Fraudsters were able to exploit this efficiency via the mechanism outlined below.

  • A merchant creating an instruction for the payment processor to collect payment(s) from the payers on behalf of the merchant.
  • The payment processor remits the collected payments to the merchant’s nominated bank account once the payment has been confirmed as successful.
  • Once the payment is successful and the payment processor has remitted the payments onwards to the merchant, the majority of payers chargeback their payments simultaneously or shortly afterwards, which, under the SEPA scheme rules, is collected automatically from the payment processor’s own funds.
  • The payment processor bears the financial loss of the chargeback because it cannot recoup the funds from either the customer or the fraudulent merchant, as both operate under pseudonyms and are unreachable.

In total, 200 chargeback requests were received in respect of the merchant’s operations, resulting in estimated losses to the payment processor of €5 million.

Insurance implications

From an insurance perspective, merchant chargeback fraud requires close examination of interconnected policies, given the potential for claims to fall into grey areas between crime (coverage for fraud losses), cyber (coverage for malicious and non-malicious cyber events), and professional indemnity (coverage for liability to customers). An effective insurance strategy requires:

  1. Interconnected policies to be placed with clear alignment between insurance carriers. Failure to do so will result in delays and disputes between insurers as they look to debate responsibility, potentially leading to a full denial of coverage.
  2. Coverage scenario analysis to ensure policy terms are adequately set up to deal with the mechanism of a chargeback, ensuring that compliance with card scheme rules will not prejudice coverage.
  3. Limits and deductibles to be assessed against the systemic risk potential rather than individual chargeback losses, commonly seen as the cost of doing business.

Conclusion

Merchant chargeback fraud is now a material risk to payment processors. As the LexisNexis data illustrates, it is now the dominant form of fraud by volume and one that disproportionately affects payment processors. When compounded by collusion between merchants and customers, the risk becomes systemic rather than incidental. For processors, recognising this form of fraud as a critical risk rather than a cost of doing business is essential to protecting balance sheets, regulatory standing, and long-term insurability. 

 

To learn how our financial institutions team can support your organisation with risk transfer solutions, send an enquiry

Challenger and disrupter insurance

Learn about Marsh’s unique fintech insurance solution

Explore

Our people

Luke Vevers

Luke Vevers

Growth Leader

  • United Kingdom

Alexander Phillips

Alexander Phillips

Managing Director

  • United Kingdom

Related insights

Placeholder Image

Report

Financial Institutions: Key Risk Themes Shaping UK Insurance Strategies for 2026

06/05/2026
Contemporary skyscrapers in London, showcasing glass facades and reflections. The iconic Shard towers above its surroundings, creating a striking urban landscape.

Report

Financial institutions claims report: 2025 year in review

22/04/2026
Placeholder Image

Article

Navigating aggregation risk: A key concern for financial institutions venturing into the digital asset space

02/04/2025