GuideJune 2026 · 11 min read

Chargeback Laws 2026: FCBA, EFTA, PSD2 & What Merchants Need to Know

Most merchants focus on card network rules when dealing with chargebacks — Visa reason codes, Mastercard response windows, evidence requirements. But underneath those network rules sits a legal framework that determines what disputes are even possible. Understanding chargeback law is not optional; it shapes every dispute you face and every response you can mount.

Know which framework applies — then respond accordingly

ChargeMate generates legally-aware dispute responses for any network.

Try free →

The Fair Credit Billing Act (FCBA)

Enacted in 1974 and amended in 1996, the Fair Credit Billing Act is the foundational US consumer protection law covering credit card disputes. It applies exclusively to credit card transactions — not debit cards, not bank transfers.

Under the FCBA, consumers have 60 days from the date of the billing statement on which the disputed charge appears to notify their card issuer. The FCBA covers four categories of disputes:

•Unauthorized transactions (fraud)
•Goods or services not received
•Goods or services not as described
•Billing errors (wrong amount, duplicate charge, math errors)

Once a consumer files a dispute, the issuing bank must send the merchant a copy of the dispute within two billing cycles. The bank must then resolve the dispute within two billing cycles — with an absolute maximum of 90 days.

⚠What the FCBA means for merchants: If a customer files within 60 days of receiving their statement, the bank is legally required to process the chargeback. You have very limited ability to block this legally — your only recourse is to present compelling counter-evidence through the dispute process.

Electronic Fund Transfer Act (EFTA) / Regulation E

The Electronic Fund Transfer Act and its implementing regulation (Regulation E) govern debit card transactions in the United States. The legal framework is narrower than the FCBA in important ways that merchants should understand.

EFTA requires banks to reverse unauthorized transfers — genuine fraud where the customer did not initiate the transaction. Consumers have 60 days from the statement to report unauthorized debit transactions. However, goods-and-services disputes (item not received, item not as described) are NOT mandated by EFTA. Banks handle those disputes as a matter of policy, not legal obligation.

There is also an important technical distinction: PIN-based debit transactions run on debit networks (Interlink, Maestro) and follow EFTA. Signature debit transactions run on Visa or Mastercard rails and often follow card network rules instead — effectively giving consumers stronger protections than EFTA alone would require.

Transaction Type	EFTA Coverage	FCBA Coverage
Unauthorized fraud	Yes	Yes (credit cards)
Goods not received	No (policy only)	Yes
Item not as described	No (policy only)	Yes
Processing error	Yes	Yes

Card Network Rules vs Federal Law

Visa and Mastercard rules are contractual overlays on top of federal law. By accepting card payments, merchants agree to network operating rules — and those rules often extend consumer protections beyond the minimums set by the FCBA.

A clear example: the FCBA gives consumers 60 days from their billing statement to dispute a charge. Visa allows cardholders up to 120 days from the transaction date for most dispute categories. The network rule is more generous to consumers, so it applies in practice. Merchants must comply with both frameworks — whenever they conflict, the stricter consumer protection standard governs.

This has a practical consequence that catches many merchants off guard: a transaction may be legally past the FCBA window but still within Visa's 120-day window — and the bank can still file a chargeback under network rules. The bank is not violating the law; it is following its contractual obligations to the network.

ℹNetworks can also penalize merchants for high chargeback ratios — through monitoring programs, fines, and account termination — regardless of whether individual disputes were legally valid. Compliance with network rules is a commercial requirement, not just a legal one.

PSD2 and European Chargeback Rules

The EU's Payment Services Directive 2 (PSD2) introduced Strong Customer Authentication (SCA) as a requirement for online payments across the European Economic Area. The UK has its own equivalent post-Brexit. SCA requires two-factor authentication — combining something the customer knows (a PIN or password), something they have (a phone or hardware token), or something they are (biometrics).

The key mechanic for merchants is liability shift: if a merchant implements SCA correctly and the transaction is authenticated via 3D Secure 2 (3DS2), liability for fraud disputes shifts from the merchant to the card issuer. This means the bank — not you — absorbs fraud losses on authenticated transactions.

SCA was phased in between 2020 and 2022 across Europe, and it created a new pattern that still affects merchants today: more “not recognized” or “unauthorized” disputes from customers who completed a purchase but don't recognize the 3DS authentication prompt from their bank. Many customers saw an unfamiliar screen, clicked through, and later claimed the charge was unauthorized. Educating customers about 3DS prompts is now part of effective chargeback prevention for EU merchants.

The European Banking Authority (EBA) oversees PSD2 compliance across member states. Rules are implemented by each national regulator, which creates some variation in enforcement — but SCA requirements and liability shift rules are consistent across the EEA.

UK Chargeback Rules: Section 75

Section 75 of the UK's Consumer Credit Act 1974 is arguably the most consumer-friendly chargeback law in the world. It applies to credit card purchases between £100 and £30,000 and creates joint liability between the merchant and the credit card issuer.

Under Section 75, the bank and the merchant are jointly and severally liable for the consumer's claim. This means a customer can pursue their bank directly — the bank cannot simply bounce the dispute back. The bank must investigate and resolve the claim. This is a stronger consumer protection than the US model, where banks ultimately pass most of the financial risk to merchants through the chargeback mechanism.

Section 75 applies to credit cards only. For debit card disputes in the UK, there is no equivalent statutory right — instead, debit chargebacks are governed by Visa and Mastercard network rules. The Mastercard Chargeback scheme is voluntary but widely adopted by UK banks and covers debit transactions in a similar way to Section 75.

⚠UK merchants take note: Section 75 claims can be made up to 6 years after the transaction (the general statute of limitations for contract claims). This is far longer than the 120-day network window most merchants focus on. Keep records accordingly.

Chargeback Time Limits by Legal Framework

Different frameworks have significantly different dispute windows. Understanding which applies to a given transaction helps you assess the real risk window for each sale you make.

Framework	Who It Covers	Dispute Window	Covers
FCBA	US credit cards	60 days from statement	All disputes
EFTA	US debit (unauthorized)	60 days from statement	Unauthorized only
Visa rules	Visa credit & debit	120 days from transaction	All disputes
Mastercard rules	MC credit & debit	120 days	All disputes
Section 75 (UK)	UK credit cards	6 years (statute of limitations)	£100–£30,000 purchases
PSD2 (EU/UK)	EU/UK card payments	13 months	Unauthorized transactions

For most US merchants, the operative window is Visa's or Mastercard's 120-day rule — network rules extend beyond FCBA minimums. For UK merchants selling on credit, Section 75's 6-year window is the real risk horizon.

What Merchants Cannot Do Legally

The legal framework not only protects consumers — it also restricts what merchants can do in response to chargebacks or to prevent them. Understanding these limits protects you from additional liability.

Cannot require customers to waive chargeback rights

"No chargebacks" clauses in terms of service are unenforceable against FCBA and EFTA rights. You can ask customers to contact you before disputing, but you cannot contractually eliminate their legal right to file a chargeback.

Cannot add surcharges exceeding network limits

Card network rules (and some state laws) cap credit card surcharges. Excessive surcharges violate network rules and in some jurisdictions are illegal.

Cannot refuse to accept chargeback notifications

When a chargeback is filed, you must participate in the dispute process or the chargeback is upheld automatically. Ignoring dispute notifications is never a valid strategy.

Cannot retaliate against customers for exercising chargeback rights

Cancelling a customer account, reporting them to collections, or taking other adverse action because they filed a legitimate dispute can expose you to legal liability under consumer protection laws.

Cannot collect a disputed amount while the dispute is pending

Under the FCBA, you cannot attempt to collect a disputed amount, report it to credit bureaus as delinquent, or take legal action to collect it while the dispute is under investigation.

Chargeback Arbitration

When a merchant and issuing bank cannot resolve a dispute through the standard representment process — typically when the merchant challenges a chargeback and the bank maintains its position — either party can escalate to card network arbitration.

Arbitration means the card network (Visa or Mastercard) acts as the final arbiter. The network reviews the documentation from both sides and issues a binding decision. The losing party pays the arbitration fee:

•Visa arbitration fee: approximately $500
•Mastercard arbitration fee: approximately $250–$500

These fees are on top of the disputed transaction amount. For disputes under $500, arbitration is often economically irrational — the fee alone can exceed the recovery. Most merchants and issuers settle or accept the outcome at representment rather than escalating.

⚠Important: Arbitration is final. There is no appeal after a card network issues its arbitration ruling. Only escalate to arbitration when you have overwhelming evidence and the dispute amount justifies the risk.

How the Legal Framework Affects Your Response Strategy

Knowing which legal framework applies to each dispute helps you calibrate how to respond and what evidence to prioritize.

US debit goods/services disputes — weaker legal standing, still winnable

EFTA doesn't mandate goods/services chargebacks on debit cards — banks process them as policy. This means your evidence has more weight. A strong rebuttal showing delivery, communication, and customer agreement can be persuasive precisely because the bank has discretion.

EU transactions — SCA authentication proof is your strongest asset

If the customer authenticated via 3DS2, you have liability shift protection. Obtain the authentication record from your payment processor (ECI code 05 or 02) and include it in every dispute response for EU transactions. This is often decisive.

UK credit card transactions — joint liability means thorough investigation

Under Section 75, the bank must investigate rather than just rubber-stamp the dispute. A well-documented response — showing delivery, clear terms, and the customer's actions — carries more weight in Section 75 disputes than in standard network chargebacks.

Identify the applicable framework before drafting your response

Before writing your dispute response, determine: Is this a credit or debit card? Is the customer in the US, EU, or UK? What is the card network? This tells you which rules apply, which time limits are relevant, and how strong your legal position is.

Frequently Asked Questions

Is friendly fraud illegal?▾

Yes, technically. Filing a false chargeback claim constitutes fraud under US law (wire fraud, bank fraud). However, prosecutions are extremely rare because the disputed amounts are typically small and difficult to prove intent. Civil remedies (small claims court) are more practical for merchants.

Can I sue a customer for a chargeback?▾

Yes, in theory. For small amounts, small claims court is the practical route. However, the cost of litigation often exceeds the disputed amount, so most merchants only pursue legal action for large, clear-cut cases of fraudulent chargebacks.

Does the FCBA apply to debit cards?▾

No. The Fair Credit Billing Act (FCBA) covers credit card transactions only. Debit card disputes are governed by the Electronic Fund Transfer Act (EFTA) and Regulation E, which provides different — and generally narrower — protections for consumers.

What is the chargeback time limit?▾

Under US law (FCBA/EFTA), consumers have 60 days from the billing statement to dispute a charge. However, Visa and Mastercard network rules extend this to 120 days from the transaction date for most dispute categories. In the UK, Section 75 claims can be made up to 6 years after the transaction.

How does PSD2 affect chargeback disputes?▾

PSD2 requires Strong Customer Authentication (SCA) for online payments in the EU and UK. When a merchant implements SCA and the transaction is authenticated via 3D Secure, liability for fraud disputes shifts to the card issuer. This means authenticated transactions are much easier to defend. However, SCA rollout has also caused more "not recognized" disputes from customers who don't recognize 3DS prompts.

ChargeMate

Respond to chargebacks in minutes, not hours

ChargeMate generates network-compliant dispute responses for any payment processor — no API connection required. Upload your evidence, get a ready-to-submit PDF.

Try ChargeMate free →

← All Articles Reason Codes →Outsourcing service →