A fraudulent order just hit your account, and you’re staring at a transaction that’s about to cost you the product, the revenue, and a chargeback fee. Unlike consumers who simply call their bank, merchants face a more complex reporting process. It involves payment processors, card networks, and federal agencies.
This guide walks you through exactly where and how to report credit card fraud as a merchant and what evidence to gather. Plus, how to prevent the next fraudulent transaction from becoming another chargeback on your account.
Step 1: Flag and freeze the suspicious transaction
Immediately halt fulfillment and cancel shipment if the order hasn’t left your warehouse. Mark the order for review in your system so your team knows not to process it.
Speed matters here. Every minute a fraudulent order advances toward fulfillment increases your exposure. If the shipment has already left, contact your carrier immediately to initiate a package intercept or return-to-sender request. Some carriers can stop delivery mid-route, which may be your last opportunity to recover the goods before they reach a fraudster’s drop address.
Step 2: Gather order and customer evidence
Collect everything you can find. These include transaction records, customer data, device intelligence, order details, communications records, and verifications results (e.g., AVS match, CVV match, 3D Secure status).
Documentation becomes critical if you later dispute a chargeback. The more complete your records are at the time of the incident, the stronger your position will be during the dispute process. Card networks and processors favor merchants who can present a clear, timestamped paper trail. That said, treat evidence gathering as a non-negotiable first step rather than an afterthought.
Step 3: Notify your payment processor or acquirer
Contact your processor’s fraud department right away. They can flag the transaction, potentially block future attempts from the same source, and guide you on next steps. Most processors have dedicated fraud lines, so find yours before you actually need it.
Your acquirer is also a strategic partner in fraud protection, not just a reporting destination. Many processors maintain internal fraud databases and can cross-reference the suspicious card or device fingerprint against known bad actors. Prompt notification gives them the best chance to act before additional fraudulent transactions occur and strengthens the case for any dispute you file later.
Step 4: Report the fraud to the card network
For Visa, TC40 fraud claims are filed through your acquirer. For Mastercard, SAFE (System to Avoid Fraud Effectively) reports follow a similar path. Card network reports help identify eCommerce fraud patterns and protect other merchants.
These reports may feel procedural, but they carry real weight at scale. When multiple merchants flag the same card or BIN range, card networks can trigger enhanced monitoring or accelerate card cancellation, disrupting a fraudster’s ability to continue. Consistent, accurate reporting from merchants is what makes those network-level interventions possible.
Step 5: File a report with the FTC and FBI IC3
For significant losses or suspected organized fraud rings, submit reports to ReportFraud.ftc.gov and the FBI’s Internet Crime Complaint Center (IC3). Federal reports contribute to databases that help law enforcement track and prosecute fraud operations.
Individual reports may not trigger immediate action, but they feed into analytical systems that detect broader criminal patterns. Federal agencies use these complaint databases to identify fraud rings operating across multiple merchants and geographies. If your business is a repeat target, cross-referencing your IC3 reports with those of other merchants in your vertical can surface connections that would otherwise go unnoticed.
Step 6: Document everything for your internal records
Maintain detailed logs of every fraud incident. This documentation helps with future chargeback disputes, pattern analysis, and potential law enforcement requests. Good records also help you identify vulnerabilities in your fraud prevention, especially for high-risk merchants.
Internal documentation should go beyond the basics. Log not just what happened, but how the fraud slipped through, which filters it bypassed, which verification checks it passed, and what signals were present in hindsight. Over time, this incident history becomes a feedback loop that informs smarter rule-setting and helps you spot emerging attack patterns before they scale.
Where to Report Credit Card Fraud as a Merchant
Different channels serve different purposes. Here’s your quick reference. Knowing exactly who to contact can dramatically minimize your financial losses and protect your business from future liabilities.
1. Visa fraud reporting
Transaction Code 40 (TC40) claims are filed through your acquirer, not directly with Visa. For escalations involving significant fraud patterns, your acquirer can connect you with Visa Risk Operations.
Visa also offers the Visa Merchant Purchase Inquiry (VMPI) program, which allows merchants to respond to dispute inquiries in near-real time before a chargeback is formally filed. Enrolling through your acquirer or a third-party provider can help you resolve disputes faster and reduce the volume of TC40 claims that result in a financial loss.
2. Mastercard SAFE reporting
System to Avoid Fraud Effectively (SAFE) reports typically flow through your acquirer. For severe cases involving organized fraud, direct reporting may be available.
Mastercard’s Ethoca network complements SAFE reporting by enabling real-time collaboration between issuers and merchants when a dispute is initiated. Merchants enrolled in Ethoca receive alerts before a chargeback post, giving them a window to cancel fulfillment or issue a proactive refund and avoid the chargeback entirely.
3. American Express fraud protection
Amex offers direct merchant reporting through its merchant portal or dedicated fraud line. Their process tends to be more streamlined than Visa or Mastercard.
Because American Express operates as both the network and the issuer for most of its cards, merchants benefit from a single point of contact for fraud disputes. The Amex Dispute Resolution system allows merchants to submit evidence and respond to inquiries through the merchant portal, without routing through a separate acquirer relationship.
4. Discover fraud reporting
Discover’s merchant services handle fraud reports directly. Contact their merchant support line with your transaction details.
Discover’s dispute process closely mirrors American Express given that both operate as closed-loop networks. Merchants dealing with repeated fraud from the same card or cluster of BINs can request enhanced monitoring from Discover’s risk team, which can expedite card deactivation and reduce your exposure to ongoing attacks.
5. FTC at ReportFraud.gov
The Federal Trade Commission portal accepts fraud reports that feed into federal databases. Even if your individual report doesn’t result in direct action, it helps identify patterns across merchants.
The FTC shares complaint data with over 2,800 law enforcement agencies through the Consumer Sentinel Network. Merchant reports are especially valuable when they include detailed device intelligence and transaction metadata, as that information gives investigators concrete leads rather than generic fraud descriptions.
6. FBI Internet Crime Complaint Center
IC3 handles cyber-enabled fraud, especially organized or high-dollar schemes. If you’re seeing coordinated attacks or significant losses, this is the appropriate federal channel.
IC3 analysts regularly publish fraud alerts and annual reports based on complaint trends. When your IC3 report describes tactics, tools, or communication methods used by the fraudster, it contributes to intelligence products that help other merchants and law enforcement anticipate emerging schemes. Even reports that don’t result in a direct investigation add a signal to the broader threat intelligence picture.
What Evidence to Gather Before Filing a Fraud Report
Strong documentation makes your fraud reports more useful and strengthens any future chargeback disputes. Before filing, collect:
- Transaction data: Authorization codes, timestamps, amounts, card BIN
- Customer information: Name, email, phone, account creation date
- Device intelligence: IP address, device fingerprint, geolocation
- Order details: Products purchased, shipping address, delivery confirmation
- Communication records: Emails, chat logs, phone call notes
- Verification attempts: AVS results, CVV match, 3D Secure status
Fraud reporting is proactive: you’re flagging criminal activity to help the broader payments ecosystem. Chargeback disputes are reactive: you’re responding to a customer-initiated claim to recover your revenue. Fraud reports don’t get your money back, but they do help prevent future attacks. Disputes can recover funds, but only if you have compelling evidence.
Treat evidence collection as an ongoing operational process rather than something you scramble to assemble after a fraud incident. Merchants who build automated evidence capture into their order management workflow consistently outperform those who rely on manual documentation, both in chargeback win rates and in the speed at which they can respond when a dispute is filed.
How to Prevent Credit Card Fraud After Reporting It
Reporting addresses the immediate incident. Prevention stops future losses. The most effective approach layers multiple defenses.
No single tool eliminates fraud entirely, which is why layered defenses consistently outperform point solutions. Each layer you add raises the cost and complexity of a successful attack, deterring low-sophistication fraudsters while making it harder for organized rings to automate attacks against your store. Periodic review of your fraud stack helps ensure your prevention measures are keeping pace with evolving tactics.
1. Activate chargeback alerts from Visa and Mastercard
Verifi (Visa) and Ethoca (Mastercard) alerts notify you when a customer initiates a dispute, giving you a window to refund proactively and avoid the chargeback entirely.
Proactive refunds through alert programs typically cost less than the chargeback fee itself, making them a straightforward financial win even when the underlying dispute is legitimate. The key advantage is speed: you act before the chargeback posts to your account, which means it never affects your dispute ratio and never triggers a processor review.
2. Deploy post-purchase fraud screening
Screen orders after checkout but before fulfillment. This catches fraud that slipped past your checkout filters without adding friction for legitimate customers.
Post-purchase screening is particularly effective for high-value or high-risk orders where the cost of a false negative far exceeds the cost of a brief fulfillment delay. Automated holds that route suspicious orders for manual review, rather than rejecting them outright.
3. Monitor dispute ratios in real time
Track your chargeback ratio continuously to stay below Visa’s 0.9% and Mastercard’s 1.5% thresholds. Merchants who monitor dispute ratios reactively often don’t realize they’ve crossed a threshold until processor penalties have already been applied. Real-time visibility lets you intervene before ratios reach the danger zone, whether that means tightening fraud rules, pausing a high-fraud product, or accelerating your dispute response workflow.
4. Add 3D Secure authentication
3D Secure (3DS) shifts liability to the card issuer for authenticated transactions. While it adds a step to checkout, it’s worth enabling for high-risk transactions or markets with elevated fraud rates.
The latest version, 3DS2, significantly improves the customer experience compared to earlier iterations by using risk-based authentication. For low-risk transactions, the friction is nearly invisible. Cardholders often complete authentication with a passive check rather than an active challenge. Merchants operating in markets with high card-not-present fraud rates typically see the liability shift outweigh the minor impact on conversion.
5. Use AVS and CVV verification
Address Verification Service (AVS) and card security code (CVV) matching are baseline fraud filters. They won’t catch sophisticated fraud, but they stop the low-effort attempts.
AVS and CVV should be treated as necessary minimums rather than sufficient protection. When mismatches occur, route it for additional review instead. Some legitimate customers enter shipping addresses that differ from their billing address, and a blanket decline policy can hurt conversion. Configuring your rules to escalate on mismatches rather than hard-decline preserves revenue and prevents false declines while still blocking obvious fraud.
Staying Ahead of Fraud Starts With a Reporting Habit
Fraud reporting is not a one-time response to a crisis; it’s an operational discipline that compounds in value over time. Each report you file adds to the intelligence layer that protects your business and the broader payments ecosystem, and each piece of evidence you collect strengthens your ability to win chargeback disputes. Pair consistent reporting with layered prevention tools, real-time ratio monitoring, and a clear internal incident workflow, and you transform fraud from a reactive emergency into a manageable risk.
Frequently Asked Questions
Charity Amancio
Charity Amancio specializes in SaaS solutions for global eCommerce businesses, including payments and risk management applications. She bridges the gap between technology and merchant needs, offering practical perspectives on the tools shaping eCommerce. Her insights appear regularly in B2B publications covering the digital commerce space.
