What This Code Means
Amex reason code F24 â No Cardholder Authorization is filed when a cardholder reports that a transaction was processed without their knowledge or consent. Unlike F31 (which covers lost/stolen cards), F24 applies broadly to any unauthorized transaction â most commonly card-not-present (CNP) fraud where the card data was stolen or the account was taken over.
F24 is one of the highest-volume Amex fraud codes for ecommerce merchants. The cardholder's bank (or Amex acting as issuer) returns the transaction, and the burden falls on the merchant to prove authorization existed or that the transaction was legitimate.
If you had no authentication mechanism â no 3D Secure, no signature capture, no AVS/CVV check â this dispute is very difficult to win. But if you have digital footprints tying the cardholder to the order, you have a case.
Cross-Network Comparison
| Network | Code | Name |
|---|---|---|
| American Express | F24 | No Cardholder Authorization |
| Visa | 10.4 | Other Fraud – Card Absent Environment |
| Mastercard | 4837 | No Cardholder Authorization |
| Discover | AA | Does Not Recognize |
| Amex | F30 | EMV Counterfeit Transaction |
Common Trigger Scenarios
- Stolen card data used online: A fraudster obtains card details via phishing, data breach, or card-skimming and places an order on your site. The real cardholder discovers the charge and disputes it.
- Account takeover (ATO): The fraudster compromises the cardholder's account on your platform, changes the shipping address, and places an order. Cardholders often dispute these weeks later.
- Family/friendly fraud: A household member (often a child or spouse) uses the card without the account holder's knowledge. The account holder files a dispute claiming no authorization.
- Forgotten or unrecognized purchase: The cardholder made the purchase but doesn't recognize your brand name on the statement. They dispute it as unauthorized before investigating.
- Reseller purchases: The card was used to buy digital goods (gift cards, game credits) for resale. The cardholder claims unauthorized use after the goods were consumed.
Key Deadlines & Timeframes
| Event | Timeframe |
|---|---|
| Cardholder dispute window | Up to 120 days from transaction date |
| Merchant response deadline | 20 calendar days from chargeback notification |
| Amex second review (if requested) | Varies; typically 30â45 days |
| Arbitration filing window | Per Amex operating rules; rare for F24 |
The 20-day window is firm. Late submissions are rejected regardless of merit. Build your response package the moment you receive the chargeback notification.
Evidence You'll Need
- 3DS authentication record: The strongest possible defense. Provide the 3DS transaction ID, authentication value (CAVV), and ECI code. Successful 3DS shifts liability away from the merchant entirely.
- IP address and device fingerprint: Show the IP address used to place the order, its geolocation, and whether it matches the cardholder's known location or prior order history.
- Login and session logs: If the customer was logged in to an account, provide the login timestamp, login IP, device ID, and any MFA that was passed.
- Delivery confirmation: For physical goods, proof of delivery to the billing address (or a documented address change with account history) helps show the cardholder received the goods.
- AVS and CVV match results: Show that the billing address and card verification value matched at authorization. This doesn't guarantee authorization but demonstrates due diligence.
- Order history linking the cardholder: Previous orders from the same email/account that were never disputed significantly undercut the unauthorized claim.
- Communication records: Any email or chat confirming the order, or showing the customer used the goods/service post-purchase.
How Merchants Lose This Dispute
- No authentication data: If you have no 3DS record and no other authentication artifacts, Amex will side with the cardholder. You need at least IP/device data.
- Shipping to a freight forwarder or reshipping address: If the delivery address is known to be a fraud hub, Amex will discount your delivery proof entirely.
- Submitting only the order confirmation: An order confirmation proves the order was placed, not that the legitimate cardholder placed it. This alone never wins F24.
- Missing the 20-day deadline: Automatic loss. Calendar the deadline immediately upon receipt.
- Rebuttal letter without supporting evidence: A persuasive letter attached to no actual proof is rejected. Every claim in your rebuttal needs a supporting document.
- Disputing a clear fraud transaction: If internal signals (velocity, proxy, high-risk device) flagged the order but you fulfilled it anyway, fighting the chargeback consumes resources better spent on prevention.
Response Framework Overview
A winning F24 response typically has three components:
- Authorization proof: Lead with your strongest authentication artifact â 3DS data, login session, or device fingerprint. This is the centerpiece of your response.
- Delivery or fulfillment confirmation: Show what was ordered, when it was fulfilled, and that it was delivered to or accessed from the cardholder's known details.
- Behavioral evidence: Prior order history, post-purchase account activity, or customer communications that collectively make an unauthorized-use claim implausible.
Submit everything as a single, clearly organized PDF through the Amex merchant portal. Label each document section and reference it in your rebuttal letter.
Prevention Tips
- Implement 3D Secure 2 (3DS2): This is the single highest-impact action you can take. 3DS2 with frictionless flow adds minimal friction and provides liability protection for nearly all F24 disputes.
- Enforce AVS and CVV at checkout: Decline or flag transactions where billing address and CVV do not match. These checks reduce fraud by eliminating low-effort attacks.
- Require account creation for high-value orders: Guest checkout eliminates the account-based behavioral signals that support dispute responses. Require login or account creation above a dollar threshold.
- Deploy device fingerprinting and velocity checks: Flag orders where the same device or IP places multiple orders in a short window with different cards.
- Monitor your Amex chargeback ratio: Amex monitors merchants with elevated fraud dispute rates. Persistent F24 volumes can result in enhanced monitoring or rate increases.
- Use your descriptor wisely: A confusing or unfamiliar billing descriptor causes cardholders to dispute legitimate transactions. Use a recognizable brand name in your Amex descriptor.
Frequently Asked Questions
What is Amex reason code F24?
Amex F24 (No Cardholder Authorization) is a fraud chargeback filed when the cardholder claims they did not authorize a transaction. It applies primarily to card-not-present transactions and is the most common Amex fraud code for ecommerce merchants.
How do I win an Amex F24 chargeback?
Win F24 by providing proof of authorization: 3DS authentication data, IP/device logs, login session records, delivery proof matching the cardholder's billing address, and prior order history from the same account. The more authentication layers you captured, the stronger your case.
What is the response deadline for Amex F24?
Merchants have 20 calendar days from the chargeback notification to submit a response via the Amex dispute portal. Late submissions are automatically rejected.
Does 3D Secure prevent Amex F24 chargebacks?
Yes. Successful 3DS authentication shifts fraud liability to the issuer, preventing most F24 chargebacks from succeeding. Even a 3DS frictionless flow provides meaningful defense. It is the most effective single prevention tool for CNP fraud disputes.