Introduction
Chargebacks and refund disputes are among the most common legal problems in Turkish fintech. Every payment institution, electronic money institution, digital wallet, marketplace, virtual POS provider, merchant acquirer, payment facilitator, e-commerce platform, subscription platform, travel app, gaming platform, and embedded finance business may face disputes about whether a customer should receive money back after a transaction.
A customer may claim that a payment was unauthorized. A merchant may say that goods were delivered. A marketplace may have already transferred the money to the seller. A payment institution may receive a chargeback request from the card ecosystem. A digital wallet user may request a refund because a transaction failed. A merchant may object to settlement being withheld because of chargeback risk. A payment facilitator may suspend a merchant account after suspicious refund patterns. In each case, the key question is: who is legally responsible before the customer, merchant, regulator, card network, and payment system?
In Turkey, chargebacks and refunds are not governed by one single “chargeback law.” Instead, the issue must be analyzed through several legal layers: Law No. 6493 on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions, consumer protection law, distance contract rules, card scheme rules, payment service contracts, marketplace agreements, merchant acquiring terms, KVKK, MASAK obligations, cybersecurity duties, and general civil liability principles. Law No. 6493 regulates payment systems, payment services, payment institutions, and electronic money institutions, and applies to payment services and payment institutions operating in this regulated field.
This article explains chargebacks and refund disputes in Turkish fintech, focusing on payment service provider liability, consumer refunds, unauthorized transactions, merchant evidence, marketplace responsibility, fund safeguarding, data protection, AML risks, and practical dispute management.
1. What Is a Chargeback?
A chargeback is a reversal mechanism generally used in card-based payment systems when a cardholder disputes a transaction. It may arise because the customer claims that the transaction was unauthorized, the goods were not delivered, the service was not provided, the product was defective, the amount was duplicated, the merchant failed to issue a refund, or the card was used fraudulently.
A chargeback is different from a normal refund. A refund is usually initiated by the merchant, marketplace, or platform voluntarily or pursuant to consumer law. A chargeback is usually initiated through the payment card dispute process and may involve the cardholder, issuer, acquirer, merchant, payment facilitator, and card network. In Turkish fintech practice, the word “chargeback” is often used commercially, while the underlying legal responsibility depends on the payment method, contract terms, consumer law, and payment services regulation.
Chargeback disputes may involve:
Cardholder
Issuing bank
Acquiring bank
Payment institution
Electronic money institution
Virtual POS provider
Marketplace
Merchant
Sub-merchant
Payment facilitator
Card network
Consumer authority
Court or arbitration body
The payment service provider must therefore distinguish between the operational chargeback process and the legal refund obligation. A card scheme may reverse a transaction according to its rules, but the legal relationship between customer, merchant, and payment service provider must still be analyzed separately.
2. Refund, Chargeback, Reversal, and Cancellation: Key Differences
In fintech disputes, terminology matters. A refund usually means returning money to the payer because the transaction was cancelled, the customer exercised a withdrawal right, the merchant accepted return of goods, the service was not performed, or the payment was made by mistake.
A chargeback usually means a card-based dispute process initiated through the issuing side of the card payment chain.
A reversal may refer to technical cancellation of a transaction before settlement or correction of a failed transaction.
A cancellation may refer to cancellation of the underlying consumer contract, subscription, order, booking, or service.
A failed payment correction may occur when the customer was debited but the merchant did not receive confirmation.
These categories should not be mixed. A consumer may have a legal refund right even without a chargeback. A chargeback may occur even when the merchant believes the underlying contract was valid. A payment service provider may reverse a technical error without deciding the consumer contract dispute.
This distinction is important because liability differs. A merchant may be liable for a defective product. A marketplace may be liable if it collected funds and failed to refund under distance contract rules. A payment service provider may be liable if the payment was unauthorized, incorrectly executed, or processed without required security. A bank or card issuer may have duties under card rules. A platform may be liable if it misled the customer or mishandled funds.
3. Legal Framework for Payment Service Provider Liability
Payment service provider liability in Turkey starts with Law No. 6493. The law regulates payment services, payment institutions, and electronic money institutions, and sets the framework for regulated payment activity. Payment institutions and electronic money institutions must obtain an operating license from the Central Bank of the Republic of Türkiye, and they are subject to CBRT supervision; TÖDEB also notes that payment and electronic money institutions are subject to MASAK liability audits.
This means that a payment service provider cannot treat chargeback and refund processes as purely private commercial matters. The provider operates within a regulated system and must maintain proper contracts, records, complaint channels, transaction logs, fund protection, AML controls, data security, and operational resilience.
The legal framework also includes consumer protection law. Law No. 6502 on Consumer Protection regulates consumer rights, distance contracts, unfair terms, commercial practices, and withdrawal rights. In distance contracts, consumers generally have a fourteen-day withdrawal right without giving reasons and without paying penalties, subject to exceptions. For distance contracts concerning financial services, the official consumer protection text also recognizes a fourteen-day withdrawal right without justification and without penalty.
In practice, PSP liability is shaped by three layers:
The statutory payment services framework.
The consumer or commercial law relationship between buyer and seller.
The payment system, card scheme, merchant acquiring, and platform contracts.
A proper legal analysis must examine all three.
4. Payment Service Provider vs. Merchant Liability
A payment service provider is not automatically responsible for every merchant failure. If a consumer buys shoes from an online merchant and the shoes are defective, the primary legal dispute may be between the consumer and the seller. However, the payment service provider may become responsible where its own role caused or contributed to the loss.
PSP liability may arise where:
The payment was unauthorized.
The transaction was incorrectly executed.
The provider failed to apply required authentication.
The provider processed payment to the wrong merchant.
The provider failed to preserve transaction logs.
The provider ignored obvious fraud indicators.
The provider misrepresented its role to the customer.
The provider held funds but failed to refund when legally required.
The provider failed to follow agreed refund procedures.
The provider mishandled customer complaints.
The provider failed to protect payment data.
Merchant liability may arise where:
Goods were not delivered.
Services were not performed.
The product was defective.
The merchant refused lawful withdrawal.
The merchant submitted false delivery evidence.
The merchant used misleading product descriptions.
The merchant charged the customer twice.
The merchant continued billing after cancellation.
The merchant processed payments through a prohibited business model.
The merchant agreement should allocate chargeback and refund responsibility clearly. It should require the merchant to provide delivery records, invoice records, customer communication, cancellation logs, return records, and proof of authorization. The payment service provider should preserve transaction-level evidence.
5. Marketplace Refund Disputes
Marketplace refund disputes are especially complex because the customer may buy from a seller but pay through the marketplace. The marketplace may collect the payment, deduct commission, hold settlement, and transfer the remaining amount to the seller. If the customer requests a refund after delivery or cancellation, the question becomes whether the seller, marketplace, or payment service provider must return the amount.
Distance contract rules are particularly important for marketplaces. The Ministry of Trade’s distance contract framework recognizes withdrawal rights, and legal updates on amendments to distance sales rules explain that refund obligations may involve sellers and intermediary service providers depending on whether payment has been transferred to the seller and how the platform structure works.
A marketplace should define:
Who is the seller.
Who is the payment service provider.
Who collects the money.
When the money is transferred to the seller.
Who handles withdrawal notices.
Who verifies return shipment.
Who initiates refund.
Who bears chargeback risk.
Who communicates with the customer.
How seller balances are adjusted after refund.
A marketplace that collects funds on behalf of sellers should not design unclear refund processes. If the customer cannot identify who is responsible, disputes may escalate to consumer authorities, banks, card issuers, or courts.
6. Unauthorized Payment Transactions
Unauthorized payment transactions are a major source of chargebacks and legal claims. A customer may say that they did not authorize a transaction because the card was stolen, account credentials were compromised, wallet access was hacked, OTP was intercepted, the transaction was made through phishing, or the merchant fraudulently used stored payment credentials.
In such disputes, the payment service provider should examine:
Authentication method.
Device information.
IP address.
Transaction timestamp.
Payment instrument used.
3D Secure or strong authentication records.
OTP logs.
Customer notification records.
Merchant details.
Previous transaction behavior.
Fraud alerts.
Complaint timing.
Account takeover indicators.
The central evidentiary issue is whether the transaction was validly authorized and whether the provider applied appropriate security measures. If the provider cannot produce logs, authentication records, and transaction confirmation data, it may struggle to defend itself.
Fintech platforms should also distinguish between truly unauthorized transactions and “buyer’s remorse” disputes. A customer may authorize a payment and later regret the purchase. That is not the same as unauthorized use. The legal remedy may be withdrawal, refund, cancellation, or merchant dispute rather than unauthorized transaction compensation.
7. Refund Rights under Consumer Law
Consumer refund rights often arise from withdrawal, cancellation, defective goods, non-delivery, distance contracts, or financial services distance contracts. Under the official consumer protection framework, the consumer has a fourteen-day withdrawal right in distance contracts without giving reasons and without paying penalties, subject to the legally defined exceptions. In distance contracts for financial services, the consumer also has a fourteen-day withdrawal right without justification and without penalty.
In fintech practice, the payment service provider must understand whether it is merely executing the refund instruction or whether it is part of the platform structure responsible for refunding the consumer. A payment gateway may simply return funds when the merchant initiates a refund. A marketplace or payment facilitator may have more active duties if it collects money, holds seller balances, controls settlement, or presents itself as responsible for the transaction.
A refund process should clearly answer:
Who approves the refund?
Who funds the refund?
How is the refund initiated technically?
Is the refund returned to the original payment method?
What happens if the original card is closed?
What happens if seller settlement already occurred?
Is partial refund possible?
Are provider fees refunded?
Is the refund deadline tracked?
How is the customer informed?
A payment service provider should not leave refund processes to informal support messages. Refunds must be traceable, auditable, and consistent with contract terms and consumer law.
8. Chargeback Evidence: What Should Be Preserved?
Chargeback disputes are evidence-driven. The party that cannot produce evidence usually loses operationally, even if it may have a legal argument. Payment service providers, merchants, and marketplaces should preserve transaction and order evidence in a structured way.
Relevant evidence includes:
Payment order details.
Authorization logs.
Authentication records.
3D Secure records.
Customer device and IP logs.
Merchant ID and sub-merchant ID.
Transaction amount and currency.
Order confirmation.
Invoice.
Delivery proof.
Shipment tracking.
Customer acceptance records.
Digital service access logs.
Subscription renewal notice.
Cancellation request records.
Refund request records.
Customer support communications.
Fraud monitoring alerts.
Merchant onboarding records.
Settlement records.
Chargeback correspondence.
For digital services, delivery evidence may not be a cargo record. It may include login logs, download logs, content access records, API usage, digital subscription activation, IP records, or user acceptance of service delivery. Merchant agreements should specify acceptable evidence for different merchant categories.
9. Merchant Acquiring and Payment Facilitation
Merchant acquiring and payment facilitation are central to chargeback management. A payment facilitator may onboard many sub-merchants, process payments for them, deduct commissions, and settle funds. This model creates chargeback risk because the payment facilitator may be the main party visible to acquirers, payment institutions, or card networks.
The payment facilitator should maintain strong merchant onboarding and risk monitoring. TÖDEB explains that payment services include activities such as operating payment accounts, money transfers, issuance or acceptance of payment instruments, and payment initiation and account information services. Where the provider enables merchants to accept payment instruments, it must ensure that the structure fits within the licensed payment services framework.
Merchant acquiring contracts should regulate:
Chargeback allocation.
Evidence submission deadlines.
Rolling reserves.
Settlement holds.
Refund authority.
Prohibited merchants.
High-risk merchant monitoring.
Termination for excessive chargebacks.
Fraud-related withholding.
AML-related freezing.
Customer complaint cooperation.
Final settlement after termination.
A payment facilitator should also monitor chargeback ratios. Excessive chargebacks may indicate merchant fraud, poor service quality, misleading sales, subscription abuse, or weak customer communication.
10. Rolling Reserves and Settlement Holds
Payment service providers often use rolling reserves or settlement holds to manage chargeback and refund exposure. A rolling reserve means a portion of merchant settlement is withheld for a period to cover future chargebacks, refunds, fraud losses, or fines.
Settlement holds can be lawful if they are:
Contractually agreed.
Based on objective risk.
Proportionate.
Transparent.
Limited in duration.
Supported by evidence.
Consistent with applicable regulation.
A payment service provider should not arbitrarily block merchant funds without contractual or legal basis. However, it should be able to suspend settlement where there is serious fraud, illegal activity, suspicious transactions, high chargeback exposure, or regulatory risk.
The merchant agreement should specify when funds may be withheld, how long reserves are kept, what evidence is required for release, and how final reconciliation works after termination.
11. Subscription Payments and Recurring Billing Disputes
Subscription payments are a major source of chargebacks. Customers often claim that they did not know the subscription would renew, that the cancellation button was hidden, that trial periods converted into paid subscriptions without clear notice, or that the merchant continued billing after cancellation.
Fintech providers processing subscription payments should require merchants to disclose:
Trial period terms.
Renewal date.
Recurring amount.
Cancellation method.
Minimum term.
Refund policy.
Notification rules.
Merchant identity.
Customer support channel.
Payment service providers should monitor subscription merchants carefully. High chargeback volume in recurring payments may show misleading user flows or unfair commercial practices. Where a payment facilitator enables recurring billing, it should require merchants to preserve evidence of subscription consent and cancellation instructions.
12. Failed Transactions and Double Charging
Failed transaction disputes occur when the customer sees money debited but the merchant does not receive confirmation, or when the same customer is charged twice. These disputes require technical reconciliation, not only legal analysis.
The PSP should examine:
Authorization status.
Capture status.
Settlement status.
Bank response code.
Timeout logs.
Merchant callback logs.
Duplicate transaction indicators.
Order ID.
Customer account statement.
Refund or reversal status.
Failed transactions should be resolved quickly because consumers often blame the visible app or merchant. A payment service provider should have clear operational procedures for automatic reversal, manual reconciliation, customer communication, and merchant notification.
Double charging should be treated seriously. If duplicate payment occurred due to system error, the provider should coordinate prompt refund or reversal and preserve evidence of correction.
13. Refunds to Original Payment Method
A common best practice is refunding to the original payment method. This reduces fraud and supports reconciliation. If a customer paid by card, refunding to the same card is usually safer than sending money to a different bank account. If the customer paid through a wallet, refunding to the same wallet balance may be appropriate. If the account is closed, additional verification may be needed.
Refunding to a different account creates risks:
Money laundering.
Fraud.
Account takeover.
Refund diversion.
Merchant collusion.
Disputes about receipt.
Payment service providers should require additional controls before refunding to a different destination. These controls may include identity verification, bank account ownership check, written request, support approval, and audit logging.
14. MASAK and Refund Abuse
Refunds and chargebacks can create AML and fraud risks. Criminals may use fake purchases, refund loops, stolen cards, mule accounts, or merchant collusion to move money. Law No. 5549 aims to determine the principles and procedures for preventing laundering proceeds of crime. The law also requires suspicious transactions to be reported to MASAK where there is information, suspicion, or grounds for suspicion that assets involved in transactions are acquired illegally or used for illegal purposes, and it prohibits informing the parties of the suspicious transaction report.
Refund-related red flags include:
Repeated refunds to different accounts.
High refund ratio for one merchant.
Many small payments followed by refund requests.
Refunds shortly after card payment.
Refunds linked to stolen card activity.
Multiple users requesting refunds to the same account.
Merchant self-purchase and refund patterns.
Gaming or digital goods refund abuse.
Illegal betting indicators.
Refunds used to move value between users.
Payment service providers should integrate chargeback and refund monitoring with AML systems. A refund dispute may be a consumer issue, but it may also be a financial crime indicator.
15. KVKK and Chargeback Data
Chargeback and refund disputes involve significant personal data. This may include identity data, transaction history, card tokens, bank account details, IP addresses, device information, delivery addresses, customer support records, fraud scores, complaint details, and sometimes sensitive inferences.
Under KVKK, personal data must be processed lawfully and securely. Article 12 requires data controllers to take necessary technical and organizational measures to provide an appropriate level of security, prevent unlawful processing, prevent unlawful access, and ensure protection of personal data.
Chargeback files should be handled carefully. A merchant does not need unlimited access to all customer data. A customer support agent does not need full card details. A fraud analyst may need device and transaction data, but access should be role-based. Data should be retained only as necessary for legal, regulatory, dispute, audit, and fraud-prevention purposes.
KVKK compliance for chargeback and refund workflows should include:
Privacy notices.
Lawful basis analysis.
Access restrictions.
Data minimization.
Secure storage.
Retention policy.
Vendor controls.
Cross-border transfer review.
Breach response.
Audit logs.
Data subject request procedures.
Payment service providers should not share excessive personal data with merchants merely to defend a chargeback.
16. Cybersecurity and Unauthorized Refunds
Refund systems are attractive targets for fraud. A compromised merchant dashboard or payment facilitator admin account may allow attackers to issue unauthorized refunds, change settlement bank accounts, or view transaction data.
Security controls should include:
Strong merchant authentication.
Admin access control.
Refund approval workflows.
Dual approval for high-value refunds.
Bank account change verification.
API key security.
Refund velocity limits.
Device and IP monitoring.
Role-based permissions.
Audit logs.
Anomaly detection.
Incident response.
Merchant training.
Settlement bank account changes are especially risky. If a fraudster compromises a merchant account and changes the settlement account, future payments may be diverted. The PSP should require enhanced verification before account changes become effective.
17. Payment Service Provider Defenses
A payment service provider defending a chargeback or refund claim should focus on evidence, scope of responsibility, and causation.
Possible defenses include:
The transaction was properly authenticated.
The customer authorized the transaction.
The dispute relates to merchant performance, not payment execution.
The merchant provided delivery evidence.
The customer missed the cancellation or withdrawal deadline.
The refund was already processed to the original payment method.
The chargeback was outside scheme deadlines.
The customer acted fraudulently.
The customer acted with gross negligence.
The platform was only a technical service provider and did not hold funds.
The PSP complied with its statutory and contractual duties.
However, these defenses require documentation. Without logs, timestamps, notices, contracts, risk alerts, and customer communication records, defenses may be weak.
18. Merchant Defenses
A merchant may defend against a chargeback or refund request by showing that:
Goods were delivered.
The service was performed.
The customer accepted digital delivery.
The customer used the service.
The product was not defective.
Cancellation was made after the permitted period.
The customer agreed to the subscription renewal.
The refund was already issued.
The dispute is abusive or fraudulent.
The customer’s claim conflicts with order records.
Merchants should not rely on informal screenshots only. They should maintain structured proof of sale, delivery, use, acceptance, and communication. Payment service providers should educate merchants about evidence standards.
19. Contractual Clauses for PSPs and Merchants
A strong merchant acquiring or payment facilitation agreement should include:
Definition of chargeback.
Definition of refund.
Merchant obligation to cooperate.
Evidence submission deadlines.
Provider’s right to debit merchant balances.
Rolling reserve terms.
Settlement hold rights.
Refund authorization rules.
Subscription billing requirements.
Delivery evidence standards.
Digital goods evidence standards.
Prohibited activities.
High-risk merchant rules.
Fraud monitoring rights.
AML cooperation.
Data protection obligations.
Consumer complaint cooperation.
Termination for excessive chargebacks.
Final reconciliation after termination.
These clauses should be practical. A clause requiring evidence within one day may be unrealistic for some merchants. A clause allowing indefinite fund withholding may be challenged. The agreement should balance risk management with fairness.
20. Customer Complaint Management
Payment service providers must maintain structured complaint handling. TÖDEB notes that payment and electronic money institutions must establish complaint and appeal units and take measures for continuity, security, and confidentiality as part of licensing expectations.
A good complaint process should include:
Complaint registration.
Transaction reference.
Customer identity verification.
Initial classification.
Unauthorized transaction review.
Merchant performance review.
Refund eligibility review.
Chargeback deadline check.
Evidence collection.
Response timeline.
Escalation path.
Final decision.
Record retention.
Customer communication.
A customer should not be transferred endlessly between merchant, marketplace, bank, and payment institution. Even if the PSP is not ultimately liable, it should help route the dispute properly and preserve the evidence needed for resolution.
21. Practical Compliance Checklist
A payment service provider or fintech platform handling chargebacks and refunds in Turkey should consider:
Classify each dispute: refund, chargeback, unauthorized transaction, failed payment, duplicate payment, cancellation, or merchant dispute.
Identify the payment method.
Identify the legal relationship between consumer, merchant, marketplace, PSP, and bank.
Review consumer withdrawal or cancellation rights.
Preserve transaction logs.
Preserve authentication evidence.
Preserve merchant delivery evidence.
Return refunds to the original payment method where possible.
Use enhanced checks for refunds to different accounts.
Maintain merchant chargeback ratios.
Use rolling reserves where justified and contractually agreed.
Monitor refund abuse and suspicious patterns.
Integrate refund monitoring with MASAK compliance.
Protect personal data under KVKK.
Restrict access to chargeback files.
Secure merchant dashboards.
Use dual approval for high-risk refunds.
Train customer support teams.
Draft clear merchant agreements.
Maintain audit-ready complaint records.
This checklist should be adapted to the business model. A virtual POS provider, marketplace payment facilitator, digital wallet, subscription platform, card acquirer, e-commerce platform, and merchant aggregator will not have identical risk profiles.
Why Legal Support Is Important
Chargeback and refund disputes require legal support because they combine payment law, consumer law, merchant contracts, card scheme rules, evidence management, KVKK, MASAK, cybersecurity, and civil liability. A payment service provider may win or lose disputes based not only on law, but also on whether its operational workflows and contracts are legally defensible.
A fintech lawyer can assist with:
Payment service provider liability analysis.
Merchant acquiring agreement drafting.
Marketplace refund structure.
Chargeback clause drafting.
Rolling reserve and settlement hold rules.
Consumer refund policy review.
Unauthorized transaction defense.
KVKK review of dispute files.
MASAK red flag procedures.
Cybersecurity and refund approval controls.
Complaint handling procedures.
Evidence preservation strategy.
Merchant termination strategy.
Regulatory correspondence.
Litigation and arbitration support.
Legal review should begin before disputes arise. Once a chargeback wave has already occurred, weak contracts, missing logs, and unclear refund rules are difficult to fix retroactively.
Conclusion
Chargebacks and refund disputes are unavoidable in Turkish fintech. As digital payments, wallets, marketplaces, virtual POS systems, subscription platforms, QR payments, and merchant acquiring models grow, disputes over unauthorized transactions, failed payments, non-delivery, defective goods, subscription renewals, refund delays, and chargeback allocation will continue to increase.
The key legal principle is that payment service provider liability depends on role, control, fault, contract, evidence, and statutory obligations. A PSP is not automatically responsible for every merchant dispute, but it may be liable where it fails to execute payments correctly, apply proper security, protect funds, preserve evidence, handle complaints, comply with law, or control merchants within its acquiring ecosystem.
Law No. 6493 provides the regulated payment services framework. Payment institutions and electronic money institutions require CBRT authorization and are subject to supervision and MASAK-related audits. Consumer protection law provides withdrawal and refund rights in distance and financial services contracts. KVKK requires secure and lawful processing of personal data in dispute files. MASAK rules require attention to suspicious refund and chargeback patterns.
A legally strong fintech platform should build chargeback and refund compliance into its payment architecture from the beginning. It should use clear merchant agreements, transparent refund policies, reliable authentication, detailed transaction logs, fair reserve clauses, secure dashboards, consumer-friendly complaint channels, AML monitoring, and KVKK-compliant dispute files.
In Turkish fintech, refund disputes are not only customer support problems. They are legal risk events. Companies that manage them with evidence, transparency, and regulatory discipline will be better positioned to protect consumers, control merchant risk, satisfy regulators, and scale sustainably.
Yanıt yok