How to Respond to a Chargeback or Dispute

This post covers some methods to deal with chargebacks – when a member disputes their charge for membership.

In some cases, a chargeback is actually fraud, whether it is a stolen credit card or PayPal account login. What I’d like to talk about now is a misuse of chargebacks: when a member is grumpy or lying about payment fraud just to get their money back.


What are chargebacks and disputes?

A chargeback or payment dispute is when a customer denies the payment.

Even if you offer a refund policy, there will be some number of customers that decide to simply call their bank and initiate a dispute. This could be because of (actual) fraud, dissatisfaction with their purchase, or they are just a despicable person who got their goods and don’t want to pay for it.

Your merchant account or payment gateway will let you know that someone is disputing a payment. You will then have a window of time to respond to the dispute and “make your case” for why the chargeback is not valid. If the chargeback is not ruled in your favor, the value of the disputed transaction as well as a merchant or gateway-imposed “fee” will be deducted from your account. See Chargeback Fees by Gateway »

First, locate the user’s membership account and disputed order.

My first step when dealing with a chargeback is to locate the user’s membership information and get some background.

  1. Go to Memberships > Orders in the WordPress admin.
  2. Search for the disputed order using the gateway’s “transaction ID”, or the “Invoice ID” on the order.
  3. If you don’t have a transaction ID, you can try searching for the user by Name or Email Address (the data you get about a dispute varies by gateway).
  4. Open the user’s profile in a new tab.
  5. Open the disputed order in the current tab.

Now, be an investigator.

In most cases, a membership site is a “virtual product”. This makes disputing a chargeback a bit more difficult—how do you prove you delivered what they have purchased?

  • Search your email program to see if the user had communicated anything with you directly, either prior to purchase or after.
  • If your membership site has any engagement methods, such as a forum or comment forms, see if the user has participated in these things.
  • Do you have an email newsletter? If so, access the user’s record in the email marketing tool you use to see if they have opened your messages.

    That’s a pretty high engagement rate for someone who “hasn’t received” my product.
  • You can also use the Visits, Views and Logins Report under Memberships > Reports to present activity for the individual user. Have they been logged in and using your site?
  • Better yet, if you are using the Better Login, View, Visits Report, you will have even more data about the user’s activity on your site.

    Wow, sure looks like you have been using your membership?!

Was it actual fraud?

If your investigating makes you 99% sure it was a stolen payment method used for purchase, just accept the dispute. It stinks. You’ll pay a fee. But it was actually fraud, and you don’t really have any recourse for this case.

You can prevent some fraudulent charges using the methods outlined in this post.


It isn’t fraud – I want to fight this dispute!

If your investigating leads you to believe this person just wants their money back, you should respond to the dispute and make a case for why it isn’t a fraudulent purchase.

 
Before I begin the process of fighting a dispute, I always email the member directly. I’ll ask them to withdraw the dispute and communicate that I will refund their money [how-to].

This never works. Most often I get no reply. But occasionally, I’ll get a weird reply like “I just didn’t have enough money so I said this was fraud.” Luckily, you can use this in fighting your dispute, so even if they don’t withdraw their dispute, you’ve gotten some more ammunition to win your case.


Responding to a Dispute

The method to respond to a dispute varies by gateway, but in general you will be asked to write a statement and provide supporting documents about the purchase. In the case of a physical good, they will ask for proof of shipment (and you may even have proof of delivery depending on the shipment method).

For all other purchases (digital goods, downloads, access, subscriptions, etc.), proving that the charge was not fraudulent is a little more involved.

First, write a statement that clearly describes the situation:

This user purchased a membership that includes access to a private forum. The user participated in several discussions as well as personal email communication with me. Please refer to the included documents with proof of these interactions.

Additionally, I am including files that show all details this user entered when creating their membership. Their name and email address as communicated to me matches that on the dispute and the payment method used.


Then, take screenshots and create PDFs of EVERYTHING

The supporting documents I generally include are:

  • A PDF “print” of the user record in the WordPress dashboard.
  • A copy of the membership confirmation email I receive as admin when they made purchase.
  • Copies of any direct communication they made with me.
  • Copies of any proof of participation on my site (comments, forum replies, contact form submissions, etc.)
  • A copy of the email marketing service’s details about their email opens.
  • A copy of your refund policy, if offered, that would show they had another method to get their money back.

Now you wait.

After submitting your evidence, the payment gateway or merchant will communicate with the user’s bank to make your case. This can take anywhere from a week to two months.

I hope the dispute is sided in your favor!


In most cases, the seller will lose the dispute.

The person filing the dispute has far more protections in place than you. And in most cases they are being defended by a credit card company fully motivated to make them happy. Even when your payment gateway does their part in presenting your evidence, more often then not the seller will lose the dispute, pay the fee, and have the funds returned to the buyer.

There is some comfort in knowing that you did your best to provide honest information about the charge and to defend yourself from this type of abuse. I’m sorry you didn’t win.


What’s next?

When you lose a dispute, make sure you remove the membership level for the user. And if you are feeling particularly upset about it, you can use one of these methods to block users from logging in, selecting or changing membership.

You can even write them a really nasty email. Just don’t send it. Just go read Jason’s post on dealing with hate.

Link to a User’s “User Page” in a Navigation Menu

The User Pages Add On creates a unique page for each Member after checkout, giving the Admin access to write and share customized content for each specific member. Version .5.3 of the add on now includes the option to add this page as a link in your menus.


Adding the Menu Item

All of the User Pages are created under one “Top Level Page” that is assigned under Memberships > User Pages. This “Top Level Page” is the item you will add to your WordPress Menu.

  1. Navigate to Appearance > Menus.
  2. Select the appropriate menu to edit.
  3. Locate your top level user page in the “Pages” box (you can see which page you have assigned under Memberships > User Pages).
  4. Add the page to your menu.
  5. Save the menu.

The add on will automatically detect the logged in user’s page and redirect them to that location when they attempt to access the “Top Level Page”.

If you navigate to this page as the administrator, however, you will be shown a list of all users with a link to their User Page for view and editing. To test the feature as a member, see this post for some methods to preview your site as a member.


What else can I do with User Pages?

Here’s a post that covers how to pre-populate the page created for the member with default content or a specific page template (determined by your theme or child theme).

View the Tutorial

Other uses for this page may be dashboard-like content, such as showing a member their latest topics on your bbPress forum, their member badge, or maybe a custom form to share data, files, or other information.

Show a Post, Page or Category’s Required Membership Levels in the Dashboard “All” Views

Below are three code recipes that will add a column to the All Posts, All Pages, or Categories screens in the WordPress Dashboard. This is an easy way to see how your content is being restricted for members.

Remember, you can lock posts and pages using the “Require Membership” meta box or lock a category under the Memberships > Membership Levels > Edit Level screen.

This page requires a PMPro Core Account or higher.

Already have an account? Login Now »

New to this site? Register Now »

New Report to View Membership Level Changes (Upgrades or Downgrades)

Add a custom report to the Memberships > Reports dashboard that displays a report of your membership site’s upgrades/downgrades.

See this blog post on custom reports to learn how to add the custom code to your site.

This page requires a PMPro Core Account or higher.

Already have an account? Login Now »

New to this site? Register Now »

Exporting Your Members List: Default Data and Adding New Columns

This post covers how to export your Members List to CSV. We’ll cover the default columns included in the export, as well as a method to add additional user data to the file.


Access the Members List Export

The “Export to CSV” feature of Paid Memberships Pro is located on the Memberships > Members List admin page. Here you will see your full Members List, which can be filtered based on several features, including Membership Level, Status, or via search. The exported CSV file is based on the active filter in the current view. If you would like to add additional data to this admin page or allow for more detailed filtering, see:


Default Fields Included in the Members List Export

The basic CSV export will include these fields:

  • id
  • username
  • firstname
  • lastname
  • email
  • billing firstname
  • billing lastname
  • address1

  • address2
  • city
  • state
  • zipcode
  • country
  • phone
  • membership
  • initial payment

  • fee
  • term
  • discount_code_id
  • discount_code
  • joined
  • expires


Adding Additional Data to the Export

There are a few methods to add data to your CSV export.

The easiest method applies to fields that are created via the Register Helper Add On. The code that adds your additional fields will simply need to be updated with attribute memberslistcsv => true. See detailed information on adding fields via Register Helper here.

If you need to add fields that were not created via Register Helper, you will need a custom function that uses the hook: pmpro_members_list_csv_extra_columns . For example, the code recipe below demonstrates how to add fields from the wp_users or wp_usermeta tables as well as fields added via BuddyPress. There may be other custom tables you need to pull in data from, in which case you’d need to access the user information in another way (dependent on the plugin you are trying to interact with).


The Code Recipe

This code recipe requires a PMPro Core Account or higher.

View Membership Options

Limit the Number of Members by Membership Level

Restrict the number of members that can sign up for a membership level. The recipe adds a setting to your Memberships > Membership Levels > Edit Level admin page where you can set a value for “Maximum Members”. Once that limit is reached, no additional registrations will be allowed.

This page requires a PMPro Core Account or higher.

Already have an account? Login Now »

New to this site? Register Now »

Lock or Unlock Posts Based on Age and Post Date

Here are few methods to override a post’s membership requirements to members (and non-members) based on specific timeframes your configure. While some of this could be done manually, these functions make the restrictions automatic.


Hide Old Posts to New Members

This existing recipe allows you to hide anything posted prior to a member’s join date. You may want to do this if your content is more serial in nature or if you want members to only receive access to content that comes out while they are subscribed.

View the Recipe

Allow Non-Members to View Restricted Posts Based on Timeframe

This recipe to allows a window of time that restricted posts are “unlocked”. This is good for allowing search engines to index your content as well as to entice new members to join by allowing a “taste” of what they will get when subscribing for the full history of content. For example, if you’re a podcaster, you could make your newest content public and your library of podcasts older than 30 days are restricted.

The posts must still be locked to the allowed membership levels, either via a category that is restricted on the level OR specifically via the post’s “Require Membership” settings.

The recipe is designed to open posts from the last 30 days. You can customize this for your own timeframe (7 days, 1 day, etc.).

This code recipe requires a PMPro Core Account or higher.

View Membership Options


Unlock Restricted Posts for Non-Members Based on Timeframe

This recipe to removes the membership requirements for posts older than 18 months (or your specified timeframe). This is also useful for sites with a large number of posts to allow the search engines to index lots of content, without giving away access to your newer, more timely articles.

The posts must still be locked to the allowed membership levels, either via a category that is restricted on the level OR specifically via the post’s “Require Membership” settings.

The recipe is designed to open posts that are older than 18 months. You can customize this for your own timeframe (3 months, 6 months, etc.).

This code recipe requires a PMPro Core Account or higher.

View Membership Options


Need to Customize Further?

The recipes above could be modified to unlock or lock posts only in certain levels, only to members of other allowed levels or only for posts in specific categories. PMPro Core or Plus Members can open a topic in our Members Forum for help with these recipes.

Always Show the Discount Code Field

If you’re using any of the recipes to require discount codes or have a large percentage of your members using codes during registration, here’s a quick CSS snippet to always show this field at the top of your Membership Checkout page.


The CSS Code Recipe

#other_discount_code_p {display: none;}
#other_discount_code_tr {display: table-row !important;}

Copy and paste this into your active theme (or child theme’s) style.css file or a stylesheet for PMPro Customizations (our recommended method).


The Result (Screenshot)

Protect Your Membership Site from Spam and Abuse Using reCAPTCHA

reCAPTCHA is a service provided by Google that aims to block abusive, automated traffic. Paid Memberships Pro allows you to easily integrate this service on your membership checkout process. This post covers when and why to use reCAPTCHA, how to create your reCAPTCHA account and configure it for your membership site.


When and why to use reCAPTCHA

By default, Paid Memberships Pro uses a “honey pot” technique to catch most automated spammers. This method relies on a hidden form field that valid visitors cannot see, but an automated “bot” visitor will attempt to populate, thereby throwing an error on checkout form submission.

For this reason, we generally recommend that site owners only activate reCAPTCHA for free levels if they are seeing a problem with spam signups. Your paid levels require a credit card (or successful PayPal checkout), so there is less opportunity for spammers to get in — they aren’t going to spend real money spamming your site.

Recently, we’ve seen a different kind of user who WILL use credit cards to create invalid accounts on your site: people testing stolen credit cards. These attackers are using your membership checkout form as a “credit card validator” to test different names, addresses, card numbers, zip codes, and CVV numbers. Once they find the right combo that is successful on your site, they can then use that validated card to make purchases elsewhere.

If this is happening to you, you may want to activate reCAPTCHA for all memberships.


Payment Gateway Fraud Detection

Your payment gateway has built in fraud detection that will monitor repeated attempts with similar data. But no fraud detection process is 100% perfect and some charges will get through. Sure the cash that comes into your account looks nice, but these charges are inevitably going to be refunded or, if you don’t catch them in time, charged back. See this post on chargebacks for more information.

If you are using Authorize.net as your payment gateway, inquire about the free Advanced Fraud Detection Suite, which enables you to set up “rules” for types of transactions that appear fraudulent.

Additionally, Stripe allows you to customize the default fraud detection via custom risk evaluation rules configured in your Stripe account.


Is this happening to me?

The easiest way to confirm if your membership checkout form is being used for fraudulent checkout attempts is via your payment gateway’s “charges” dashboard. For example, if you are using Stripe, your “Payments” dashboard shows all attempted charges. If you see a large number of charges labeled “failed” you may be at risk. We’d advise turning on reCAPTCHA for all memberships in this case.


How reCAPTCHA works (for my members)

The Membership Checkout page will include a new section that looks like the image below:

If the user is logged in to a Google service, such as Gmail or Drive, they will simply need to check the box labeled “I’m not a robot”. Google’s reCAPTCHA service will validate them and this is (most often) the only step needed.

Anyone that the service identifies as “suspicious” will have to solve a visual puzzle to get through. These range from “pick all the pictures with a number in them” or “select all the images of a cat”. Here’s the “test” I got when getting a screenshot of the process for this post. If you fail the first test, you’ll be given another test. At most, I’ve had to complete two screens of image identification before successful validation.

Humans will be able to solve the puzzle, but a bot will not.


Sign up for reCAPTCHA. Get your API Keys.

  1. Click here to sign Up for reCAPTCHA.
  2. Under “Register a new site”, enter your site’s name as the label. This is only used to identify the site in your reCAPTCHA dashboard.
  3. Select “reCAPTCHA 2” for the setting Choose the type of reCAPTCHA. Jason is looking into adding support for the Invisible reCAPTCHA.
  4. Under “Domains”, list the domain name of your membership site. You may want to include both the “www” and “non-www” domains (i.e. domain.com and www.domain.com).
  5. Agree to the terms, and, optionally, opt-in to receive reports.

After submitting the form, you will be redirected to view the Keys for this reCAPTCHA site. Under the heading “Adding reCAPTCHA to your site”, toggle to display the “Keys”. The keys you will need for Paid Memberships Pro are the Site Key and the Secret Key. You do not need to do anything with the “client-site” or “Server side” integration.


Configure Paid Memberships Pro to use reCAPTCHA

  1. Navigate to Memberships > Advanced Settings in your WordPress admin.
  2. Under “Use reCAPTCHA?” select either to use for free memberships only or for all memberships.
  3. Enter your Site Key in the reCAPTCHA Public Key field.
  4. Enter your Secret Key in the reCAPTCHA Private Key field.
  5. Save the Settings.


Now test it!

We always recommend running a test membership checkout after making changes to your Paid Memberships Pro settings (even if you only test a free membership level signup or use a discount code to make your paid level free). reCAPTCHA does rely on JavaScript as well as successfully copied/pasted keys in order to work. This FAQ published by Google identifies common errors or issues if you are not able to successfully validate using reCAPTCHA.


Closing Thoughts

If you think your membership checkout has been used as a “credit card validator” but an attacker, you should actively locate any successful charges and process a refund immediately. This will save you from the chargeback fee imposed by your payment gateway when the rightful card owner identifies the fraudulent charge.

In our case, the charges all used the same email domain, so I simply did a search in our Members List (and All Users list) for that “@domain.com” to isolate the members. See this post on how to process a refund for more help.

Track Affiliates, Referrals, or Invitations with the Lightweight Affiliates Add On

Previously, I’ve posted about all of the ways to manage Affiliates with Paid Memberships Pro. This post focuses on a few recent improvements to our Affiliates Add On.

If you aren’t ready to commit to a third-party affiliate program and have basic affiliate program requirements, give this add on a try.

View the Add On


New Features in the Affiliates Add On for Paid Memberships Pro

  • Globally Rename the term “Affiliates” for Your Unique Program

    You can globally replace the term “Affiliates” throughout the tracking system to any term (singular and plural) of your choice. This is useful if you would like to repurpose the Affiliates Add On for a “Referral” program or “Invitation” program.
    Rename the Term Affiliates

  • Automatically Generate the Affiliate After Membership Checkout

    You no longer need to manually create the affiliate. We’ve added a setting on the Membership Level to generate the affiliate for you.
    Generate the Affiliate After Checkout

  • Generate the Frontend Page for Member Affiliate Reports

    Navigate to Memberships > Page Settings. Here you will see a new setting for the “Affiliate Report” page. Click the link to generate the page (or create it manually and add the shortcode [pmpro_affiliates_report]. A link to this report page is automatically added to the “Member Links” section of the Membership Account page.
    Generate the Frontend Page for Member Affiliate Reports

  • Improved Appearance of the Member’s Frontend Report

    We’ve made some enhancements to the appearance and “guidance” for the report output your members will see within their Membership Account. We hope this makes things a little bit easier to manage for you and your members.
    Improved Appearance of the Member's Frontend Report


We understand that this Affiliates Add On isn’t a complete system – it doesn’t handle any payouts to your affiliates nor does it deduct the “sale” from the affiliate when a member cancels. However, it is still a useful add on if you’d like to allow members to refer one another and see the growth they are generating under their account.

You can then develop your own offline or manual affiliate payout system to extend this lightweight add on for your unique needs.

View the Add On