Rexi
Research

The Hidden Cost of Failed Payments: What SEC Filings Reveal About Payment-Loss Disclosure

Ignacio Berardi Jul 7, 2026
Where quantified payment-loss disclosures appear in SEC filings
% of validated quantified findings, by filing section (2020-2025)
83.3%
9.0%
3.8%
3.9%
Footnotes (Item 8)Risk factorsMD&AForm 20-F

Public companies that process payments are not required to disclose what they lose to chargebacks, failed transactions, or unrecovered funds under any standardized accounting line. A Rexi study of annual SEC filings from 50 public fintech, payments, and marketplace companies across 2020 to 2025 found that only 16 of those 50 companies disclosed any quantified payment-loss amount at all.

Those 16 companies disclosed across 45 company-years (a company contributes more than one company-year if it disclosed in more than one fiscal year), and within those 45 company-years the study validated 79 individual findings, since a single company-year often reports more than one distinct line item, for example a realized loss, a write-off, and a reserve, in the same filing. Combined, those 79 findings represent $3.45 billion in validated exposure, including $2.67 billion in realized losses and write-offs. The other 34 companies, many processing hundreds of billions of transactions annually, disclosed nothing quantified under the study’s methodology.

The Scale of the Problem

The global payments industry generated $2.5 trillion in revenue in 2024 from an estimated 3.6 trillion transactions worldwide, per McKinsey. At that velocity, small loss rates produce enormous absolute figures. Visa processed 106 million disputes globally in 2025, a 35% increase since 2019, according to Visa. Global chargeback volume is projected to reach 324 million transactions by 2028, a 24% increase over 2025 forecasts, per Mastercard and Datos Insights. The Federal Reserve found that debit card fraud losses reached 17.6 basis points of transaction value in 2023, more than double the 7.8 basis points recorded in 2011, per their 2025 biennial report. The cost of failed payments is not a static risk. It is a growing one.

The burden of those losses does not fall evenly across the payment chain. For every dollar lost to fraud, U.S. and Canadian merchants incur an average total cost of $3.00 in recovery, investigation, and operational expenses, per LexisNexis Risk Solutions. A $100 chargeback does not cost a merchant $100. It costs approximately $300 once the product loss, investigation time, chargeback fees, customer support, and fraud team overhead are included. E-commerce fraud losses to merchants are projected to reach $43.6 billion globally by 2027, per Datos Insights, which would put the true merchant burden closer to $130 billion once recovery costs are included.

The Disclosure Gap

No standardized SEC reporting category requires companies to quantify payment-operational losses. The SEC’s 2023 cybersecurity disclosure rules established a precedent for standardized reporting of material operational risk, requiring timely incident disclosure and annual risk management disclosures in Form 10-K and Form 20-F. No equivalent standard applies to operational payment losses, settlement failures, chargeback exposure, or money-movement write-offs. A company can move billions of dollars through complex payment infrastructure, absorb millions in chargebacks and settlement failures, and face no standardized requirement for how, or whether, it reports those losses.

The practical result is fragmentation. The study identified at least 50 different accounting labels used by companies to describe what is operationally a related family of risks. “Chargeback expense,” “transaction losses,” “bad debt expense,” “write-offs,” “unrecovered funds,” “allowance for credit losses,” “merchant losses,” and “settlement exposures” may all describe different accounting treatments of the same operational event: money that moved through a payment network but did not reach its intended destination, was disputed, or was never recovered. Without manual normalization across those labels, these disclosures are not comparable, and any attempt to aggregate payment-loss exposure across public companies from SEC filings alone will produce unreliable results.

Methodology

Company selection. The study universe consisted of 50 public companies chosen to represent the breadth of the public payments ecosystem: processors, fintech, B2B payments, cross-border payments, marketplace, international platform, LatAm platform, and insurtech categories. Private companies were excluded because they do not file comparable SEC annual reports. The study period covered fiscal years 2020 through 2025. Of 300 planned company-years, 285 were prepared and analyzed; 15 were missing, all in fiscal 2020, generally because the company did not yet have a public filing history within the study window.

Definition of a validated quantified disclosure. The study used a concept-level definition rather than a keyword search, because companies rarely use a consistent term for this exposure. A candidate disclosure qualified when the dollar amount related to one of four categories: (1) transactions that could not be matched, settled, or reconciled across two or more systems or counterparties; (2) losses or reserves from timing mismatches between what was processed and what was received, paid, or recorded; (3) write-offs or provisions held because discrepancies between sources had not been resolved; or (4) operational failures to account for money movement accurately across banks, processors, ledgers, or internal systems. A row was included only after manual review confirmed the amount was current to the fiscal period, quantified, and clearly tied to this definition. Rows were excluded if they were prior-period comparatives, bundled amounts whose payment-loss component could not be isolated, ordinary credit losses unrelated to payment issues, legal or regulatory settlements outside this scope, or qualitative disclosures with no dollar figure attached.

Classification and validation accuracy. An LLM extractor scanned each filing’s financial statement footnotes, MD&A, risk factors, and controls sections (Items 1A, 7, 8, and 9A for Form 10-K; equivalent sections for Form 20-F), reasoning at the concept level and returning structured fields for company, fiscal year, filing URL, source section, amount, filing label, and finding type. Extraction produced 179 raw candidate findings across 2,889 filing chunks, which were deduplicated to 174 candidates. Each candidate then went through manual review; 78 were included and 96 were excluded under the criteria above, a validated signal rate of roughly 2.7% of all chunks analyzed. A separate post-extraction manual review identified one additional finding, Uber’s fiscal 2022 chargeback figure, that had been captured only as a prior-period comparative in a later filing and was missed as a candidate in its primary filing; it was manually confirmed against the source filing and added, bringing the total to 79 included findings. The complete included dataset and the excluded-findings audit file, with exclusion reasons for every rejected candidate, are available on request.

What the Study Found

Of 285 company-years analyzed, only 45 contained a validated quantified disclosure of payment-loss exposure. That is fewer than one in six. The 16 companies that did disclose reported a combined $3.45 billion in validated payment-loss exposure across those 45 company-years and 79 findings. Of that total, $2.67 billion was classified as realized losses, write-offs, or unrecovered funds. The remaining $790.9 million was classified as reserves or provisions, which may reflect expected losses or period-end accounting balances rather than completed economic losses.

These two subtotals are each independently rounded from more granular company-level figures, and adding the rounded figures as printed ($2.67B + $790.9M) lands at approximately $3.46 billion; the $3.45 billion combined total reported here is calculated from the unrounded underlying data, not from summing the two rounded headline subtotals. Both figures represent a lower bound on disclosed exposure, not an estimate of what companies actually experienced internally.

The dataset is highly concentrated. Four companies, Block, Uber, Airbnb, and Robinhood, account for approximately 87% of the $3.45 billion raw validated total. Block disclosed over $1 billion across just two fiscal years, including $338.6 million in transaction losses that were realized and written off within the same fiscal year 2021 period. Uber disclosed chargebacks and credit card losses of $178 million in 2020, $246 million in 2021, $286 million in 2022, and $245 million in 2023. At its 2022 peak, Uber was absorbing approximately $784,000 per day in chargebacks and credit card losses. Airbnb’s disclosed chargeback expense grew from $83.8 million in 2021 to $130 million in 2023. Robinhood’s 2022 disclosures include a $57 million Q4 processing error caused by a 1-for-25 reverse stock split that allowed customers to sell more shares than they held, a single operational failure absorbed in one quarter.

Where Disclosures Appear

Of the 78 findings surfaced by the systematic search, 83.3% appeared in financial statement footnotes, specifically in Item 8 of Form 10-K. Only 9% appeared in risk factors, and 3.8% in the MD&A section. The remaining 3.9% came from foreign private issuers’ Form 20-F filings: 2.6% in Item 5 and 1.3% in Item 3. Five out of every six payment-loss disclosures are buried in financial footnotes, not in the narrative sections that investors and analysts are most likely to read. An analyst reviewing risk factors alone would miss the overwhelming majority of quantified evidence.

That placement has a direct implication for research design. Keyword searches for “reconciliation” would miss most relevant disclosures, because companies rarely use that word when describing actual dollar amounts in annual reports. Broad searches for “loss” or “reserve” would capture large volumes of unrelated items including ordinary credit losses, loan provisions, litigation reserves, and impairment charges. Extracting a reliable picture of payment-loss exposure from SEC filings requires concept-level analysis across financial footnotes, allowance rollforward tables, and operating expense descriptions, not a risk-factor search.

Why Fintech and Marketplace Companies Disclose More

Fintech and marketplace companies accounted for 48.7% and 44.8% of the raw validated total respectively. Traditional processors contributed 3.4%. The difference reflects where direct financial exposure sits in the payment chain under the study’s methodology, not necessarily where losses are largest in absolute terms. Fintech and marketplace companies disburse funds to counterparties before collecting from others, operate under card network chargeback rules as merchants or payment facilitators, and hold user funds or process payments with their own capital at risk. When a chargeback is not recovered, the loss sits on their books. Traditional processors generally sit in the payment chain as infrastructure providers, with loss liability passing to issuing or acquiring banks, merchants, or cardholders.

Manual payment reconciliation remains one of the primary pain points for CFOs and finance teams, and is still performed manually in most financial institutions, per McKinsey’s 2024 Global Payments Report. The rise of embedded finance, where non-financial companies including SaaS platforms and gig marketplaces increasingly process payments within their own products, has expanded the number of companies carrying direct payment-loss exposure beyond the traditional financial services perimeter.

The Non-Disclosing Companies

The 34 companies that produced no validated quantified disclosure under the study’s methodology are not necessarily companies with no losses. Visa alone processed 257.5 billion transactions in fiscal 2025, the equivalent of roughly 8,160 transactions per second, per its 2025 annual report, yet produced zero validated quantified payment-loss disclosures under the study’s methodology. Mastercard, PayPal, Shopify, MercadoLibre, eBay, and DoorDash collectively process hundreds of billions of transactions and trillions of dollars in payment volume annually. None produced a validated quantified disclosure fitting the study’s payment-loss criteria. The largest processors and platforms in the study universe are also the least transparent, under this methodology, about this category of operational exposure.

The absence of disclosure may reflect several legitimate accounting realities: losses that fall below material disclosure thresholds, amounts absorbed in broader line items, losses reported under categories outside the study’s scope, or risk managed and absorbed by counterparties in the payment chain. The study cannot distinguish between these explanations, and it does not claim that any of these companies concealed losses. What it can establish is that for investors, analysts, and researchers, the absence of quantification limits outside analysis of exposure in the companies that move the most money.

The Disclosure Standard That Does Not Exist

The primary contribution of this study is not the $3.45 billion total. It is the disclosure map. Payment-loss exposure is being reported inconsistently, using incompatible terminology, and located in the sections of filings that receive the least investor attention. The market does not receive a consistent, comparable signal about this category of operational risk.

The SEC’s 2023 cybersecurity disclosure rules demonstrate that standardized reporting can be established for operational risk categories when the SEC determines the market needs consistent information. The same logic applies to payment-operational losses. The infrastructure carrying those losses is becoming more complex rather than less. A single payment today may pass through a customer application, a payment orchestrator, a gateway, a processor, a card network, an issuing bank, an acquiring bank, and a company’s own internal ledger. Each step is a potential reconciliation break point. The proliferation of real-time payment rails, open banking APIs, and cross-border corridors is adding new layers of complexity faster than disclosure standards are evolving.

Until a standardized reporting category exists, the best available evidence must be assembled from financial footnotes, MD&A, risk factors, and company-specific terminology, normalized manually across at least 50 distinct accounting labels. That is precisely the kind of work this study undertakes, and it remains the only way to get a consistent picture of what public companies are actually disclosing about failed payments.

About the Author
Ignacio Berardi
Ignacio Berardi
Ignacio Berardi is a fintech operator and Co-Founder and CEO of Rexi, an AI-native agentic orchestration platform that helps operationally complex businesses reconcile, investigate, and account for money movement across fragmented systems. He leads distribution and go-to-market for Rexi.

Before Rexi, Ignacio served as Chief of Staff at Comun, where he built the company's reconciliation process from scratch, and as Product Manager at Bitso. He previously worked at Bain & Company advising financial services companies across Latin America, and at NXTP Ventures in portfolio support and deal screening. He holds an MBA from Harvard Business School, where he was a member of the Rock Center for Entrepreneurship and Harvard Innovation Labs.
Ignacio Berardi Jul 7, 2026
Share this post

Stay in the loop

New posts on reconciliation, fintech infrastructure, and financial ops.

Subscribed
Read More
Reconciliation Complaints Get Refunds Nearly Three Times as Often as Other Fintech Disputes
Ignacio Berardi · Jun 6, 2026
Payment Reconciliation Software for Fintech and Payment Companies
Ignacio Berardi · May 17, 2026
How Fintechs and Payment Companies Detect Revenue Leakage in Reconciliation
Ignacio Berardi · Jun 4, 2026