Discover UA02 - Fraud: Card Not Present
On this page
UA02 is Discover's primary fraud code for e-commerce and card-not-present transactions. The cardholder claims they did not authorize the charge. Your strongest defense is ProtectBuy (Discover's 3D Secure program): with full authentication, liability shifts to the issuer. Without it, you need AVS/CVV results, delivery proof, and device evidence. Response window is 30 calendar days.
Overview
Discover files UA02 when a cardholder reports that a card-not-present transaction was not authorized. This covers online purchases, phone orders, mail orders, and any transaction where the physical card was not presented. It is the most common Discover fraud code and the equivalent of Visa 10.4 and Mastercard 4837.
When This Code Applies
- Cardholder denies making an online purchase
- Stolen card credentials used for a CNP transaction
- Account takeover resulting in unauthorized orders
- Family member makes purchase without cardholder knowledge
- Friendly fraud (cardholder authorized the purchase but denies it)
Conditions for Valid Dispute
Issuer Must Verify
- Cardholder did not authorize the transaction
- Transaction occurred in a card-not-present environment
- Dispute filed within the allowable time frame
- Cardholder did not benefit from the transaction
Transaction Must Be
- E-commerce (online checkout)
- Mail order or telephone order (MOTO)
- Recurring billing without proper ProtectBuy authentication
- Any CNP environment
Time Frames
| Stage | Window |
|---|---|
| Retrieval request response | 14 calendar days |
| Chargeback response | 30 calendar days |
| Second chargeback | 30 calendar days |
Discover Retrieval Process
Discover frequently sends retrieval requests before filing a chargeback. Treat these as your first line of defense. A strong retrieval response can prevent the chargeback entirely.
A strong response to a retrieval request can prevent the chargeback from ever being filed. Treat retrievals as urgent. You only have 14 days.
ProtectBuy (3D Secure) Liability Shift
Full Liability Shift (Issuer Liable)
When the transaction is fully authenticated through ProtectBuy:
- ProtectBuy challenge completed by cardholder
- ECI 05 = fully authenticated
- Valid cryptogram present
No Liability Shift (Merchant Liable)
| Scenario | ECI | Merchant Liability |
|---|---|---|
| Authentication attempted, issuer unavailable | 06 | Reduced |
| Authentication failed or not attempted | 07 | Full |
| ProtectBuy not implemented | N/A | Full |
ECI Values
| ECI | Meaning | Liability |
|---|---|---|
| 05 | Fully authenticated | Issuer |
| 06 | Attempted authentication | Reduced merchant |
| 07 | Not authenticated | Merchant |
Representment Options
1. ProtectBuy Authentication
When to use: Transaction was authenticated via ProtectBuy (3DS).
Evidence required:
- ECI value showing full authentication (05)
- Cryptogram/CAVV
- Authentication timestamp
- ProtectBuy transaction ID
2. AVS and CVV Match
When to use: Address and security code verified successfully.
Evidence required:
- AVS response showing match (full or partial)
- CVV2/CID match confirmation
- Delivery confirmation to the AVS-verified address
3. Delivery Confirmation
When to use: Physical goods were delivered to the cardholder.
Evidence required:
- Carrier tracking showing delivered status
- Signature confirmation
- Delivery address matching billing or AVS-verified address
- Photo proof of delivery (if available)
4. Digital Goods Access
When to use: Digital products or services were accessed by the cardholder.
Evidence required:
- IP address at time of download or access
- Access/usage logs showing activity after purchase
- Account login history
- Download confirmation records
5. Prior Transaction History
When to use: The cardholder has a history of undisputed purchases with you.
Evidence required:
- Previous undisputed transactions from the same account
- Matching email, device, or IP across transactions
- Established customer relationship documentation
6. Cardholder Communication
When to use: You have direct communication acknowledging the purchase.
Evidence required:
- Order confirmation sent to and opened by cardholder
- Customer service correspondence about the order
- Chat transcripts or call recordings
- Shipping address confirmation from cardholder
Required Documentation
| Evidence Type | Strength |
|---|---|
| ProtectBuy authenticated (ECI 05) | Very Strong |
| AVS match + CVV match + signed delivery | Strong |
| Tracking delivered + AVS match | Medium-Strong |
| Prior undisputed transactions + device match | Medium |
| No authentication or delivery proof | Very Weak |
Win Rate Expectations
| Defense Type | Expected Win Rate |
|---|---|
| ProtectBuy authenticated (ECI 05) | 70-85% |
| AVS + CVV + delivery proof | 45-60% |
| Prior transaction history + device match | 35-50% |
| Standard evidence only | 25-40% |
| No evidence | Under 15% |
Prevention Strategies
Authentication
- Implement ProtectBuy (3D Secure 2.0) - Primary liability shift for Discover
- Use frictionless flow - Better UX while maintaining protection
- Challenge high-risk transactions - Step up when fraud signals present
Verification
- Require CVV2 on every transaction - Always collect the security code
- Check AVS - Verify billing address on every order
- Verify email addresses - Send order confirmations
- Phone verification - For high-value or high-risk orders
Evidence Collection
- Log everything - IP addresses, device fingerprints, timestamps, session data
- Retain all communications - Emails, chat logs, call recordings
- Require delivery confirmation - Tracking plus signature for high-value orders
- Document account history - Build customer profiles over time
Fraud Screening
- Real-time fraud scoring - ML-based detection at checkout
- Velocity checks - Flag unusual ordering patterns
- Device fingerprinting - Track and match devices across sessions
- Address validation - Cross-reference shipping and billing addresses
Common Mistakes
- Not implementing ProtectBuy - Missing liability shift protection
- No delivery confirmation - Unable to prove receipt of goods
- Ignoring retrieval requests - Letting them auto-escalate to chargebacks
- Weak evidence packaging - Submitting incomplete or disorganized documentation
- Not logging device data - Missing key evidence for proving cardholder involvement
Related Codes
- UA01 - Fraud: Card Present
- UA05 - Fraud: Chip Card Counterfeit
- UA06 - Fraud: Chip Card Lost/Stolen
- UA11 - Cardholder Claims Fraud
Next Steps
Got this chargeback?
- Check if ProtectBuy was used --> If ECI 05, you have a strong defense
- Pull AVS/CVV results --> Document match status
- Gather delivery proof --> Tracking, signature, address match
- Check for prior undisputed transactions --> Same device/email/IP?
- Respond within 30 days --> Representment Workflow
Prevent future UA02 chargebacks:
- Implement 3D Secure / ProtectBuy for liability shift
- Set up dispute alerts to refund before chargeback
- Configure fraud detection to catch unauthorized use early
See Also
- 3D Secure Implementation - ProtectBuy setup and configuration
- Compelling Evidence Guide - Evidence requirements
- Friendly Fraud - First-party abuse patterns
- Third-Party Fraud - True unauthorized fraud
- Account Takeover - ATO defense
- Device Fingerprinting - Proving cardholder involvement
- AVS & CVV - Address and security code verification
- Velocity Rules - Fraud pattern detection
- Risk Scoring - Pre-transaction screening
- Chargeback Alerts - Deflect before filing
- Discover Reason Codes - All Discover codes
- Visa 10.4 - CNP Fraud - Visa equivalent
- Mastercard 4837 - Fraud - Mastercard equivalent
- Amex F29 - CNP Fraud - Amex equivalent