Not necessarily. The performance of contract basis under the GDPR is for contracts with the data subject. You can't just agree a contract with some arbitrary third party and use that to circumvent any subject rights you don't like.
For data processing purposes like this, you will normally have to rely on the legitimate interests basis. That's the one with the almost entirely non-specific definition, combined with the almost entirely non-specific balancing requirements.
With a case like defending an unjustified chargeback, we might assume that the interest is surely both legitimate and overriding, but even that is only a personal view and not something any regulator has explicitly addressed in guidance, as far as I'm aware. In any case, plenty of other scenarios won't be so black and white.
