Visa Compelling Evidence 3.0 Merchant Guide (CE3.0)

Chargebacks and consumer disputes have always been tilted in favor of the cardholder. But Visa’s new Compelling Evidence 3.0 (CE3.0) rules now offer additional protections for merchants to help fight friendly fraud.

This guide breaks down everything businesses need to know about CE3.0 and why it’s important. 

Key Takeaway: Visa Compelling Evidence 3.0 lets merchants use the customer’s purchase history as evidence to show that a disputed transaction is a legitimate charge. 

What is Visa Compelling Evidence 3.0?

Compelling Evidence 3.0 is Visa’s updated standard for challenging fraudulent chargebacks. Specifically, chargeback reason code 10.4 Other Fraud – Card-Absent Environment.

The basic idea is fairly straightforward. If a customer claims they didn’t authorize a transaction, a merchant can fight this claim by showing Visa a documented history of previous, legitimate purchases from that same cardholder.

Under CE3.0, merchants can submit two prior undisputed transactions that share key data points with the disputed one. If those transactions check out, Visa treats the fraud claim as invalid. 

Visa launched CE3.0 in April 2023 but significantly expanded it in October 2025 to automate qualification through Visa Secure and Visa Data Only across all major regions. 

It’s also worth mentioning that CE3.0 is Visa-specific. Mastercard has something similar (MC First-Party Trust Program). But everything below about CE3.0 only applies to Visa transactions and Visa chargebacks. 

Why This is So Important for Merchants to Understand

CE3.0 is crucial for protecting merchants against friendly fraud.

Friendly fraud occurs when a cardholder makes a legitimate purchase and then falsely disputes the charge as fraudulent. This has become a major problem for online merchants. According to Visa, friendly fraud accounts for up to 75% of all chargebacks and up to 30% of all fraudulent disputes for online merchants worldwide. 

The causes behind friendly fraud can vary widely. Some of these disputes are honest mistakes, while others represent actual abuse. 

In some scenarios, cardholders might dispute a transaction while unknowingly committing friendly fraud. The charges were legitimate, but the customer didn’t realize this when they filed a chargeback. 

Other times, bad actors knowingly abuse the chargeback system because they know that card issuers typically rule in favor of the cardholder, especially for online transactions. 

CE3.0 changes things. It creates a standardized set of evidence that Visa will honor to help prevent revenue loss from invalid claims. 

What Disputes Are Covered Under CE3.0 From Visa?

Visa CE3.0 only applies to disputes filed under Visa Reason Code 10.4: Other Fraud – Card-Absent Environment.

This chargeback reason code covers situations where:

• The cardholder claims they did not authorize a card-not-present (CNP) transaction.
• A transaction was processed without proper authorization or using an invalid account number.

Common scenarios that could generate a 10.4 dispute include:

• Forgotten subscription charges
• Unrecognized purchase made by a family member
• Confusion over billing descriptor
• Intentional friendly fraud (cyber-shoplifing)

CE3.0 does NOT apply to disputes involving:

• Product or service dissatisfaction
• Processing errors
• Returns
• Any non-fraud chargeback category

If a customer is simply unhappy with a business and disputes a charge, CE3.0’s framework won’t apply. 

Visa CE3.0 Requirements for Merchants

To prove a disputed Visa transaction was legitimate under CE3.0, you need to provide two undisputed transactions from the same cardholder that meet all of the following criteria:

• Both transactions must be between 120 and 365 days from the disputed transaction date (Exception: 120-day minimum does not apply if the other two were original credit transactions).
• Neither of the two historical transactions can have an active fraud report or active fraud dispute.
• At least two of the following four core data elements must match across all three transactions (two historical and disputed): User ID, IP Address, Shipping Address, Device ID/Fingerprint.
• The first six characters of the merchant’s billing descriptor must be identical across all three transactions: 
• All three transactions must be from the same merchant. 
• Proof of delivery must be provided (for post-dispute chargebacks). 

This is still quite a bit of information that you need to collect, track, and ultimately provide to Visa if you want them to rule in your favor. 

But it’s enough to make a “compelling” case that the charge was legitimately authorized by the cardholder. Together, it means that this person purchased from you twice within the last year without disputing the charges. And they did so from either the same account, device, or address.

CE3.0 for Pre-Dispute vs. Post-Dispute Claims

Merchants can apply CE3.0 at two different stages of a dispute. The earlier you act, the better chance of an outcome in your favor.

Here are the differences:

Pre-Dispute

When a cardholder contacts their bank to dispute a charge, the issuer will typically run an inquiry before formally filing a chargeback. For merchants enrolled in Verifi’s Order Insight service, Visa can respond to that inquiry in real time with transaction data.

If the CE3.0 criteria are met, the issuer closes the inquiry without filing a chargeback. This means:

• No chargeback fee
• No impact on dispute ratio
• No impact on fraud ratio

The dispute basically disappears before it creates any damage to your business. This is the best potential outcome.

Visa automatically pre-selects up to five potential historical transactions for you to review, and the only thing you need to do is pick the two that best satisfy the matching data requirements with the disputed transaction. 

It’s all automated except for that last part that falls on your shoulders.

Post-Dispute

If the dispute escalates to a chargeback, you can still use CE3.0 as your defense in the present process. You’ll submit two qualifying historical transactions to your acquirer, who then files a pre-arbitration questionnaire through Visa Resolve Online (VROL). 

There are a few important caveats at this stage:

• You must also prove that goods or services were delivered to the customer.
• You only get one shot at this. If the submission is incomplete or incorrect, you can’t resubmit for the same reason.
• Even if the chargeback is reversed, it still counts toward your dispute ratio (though TC40 fraud report is excluded from VAMP calculations). 

Your processor will likely still hit you with all applicable chargeback fees, even if you ultimately end up winning the dispute. But at least you’ll get to keep the money associated with the transaction in question. 

CE3.0 Connection With VAMP

The Visa Acquirer Monitoring Program (VAMP) was introduced in April 2025. This consolidated Visa’s old Fraud Monitoring Program and Dispute Monitoring program into a single framework, which went into effect on October 1, 2025. 

VAMP is designed to track one metric: VAMP ratio, which combines fraud reports (TC40) and dispute incidents (TC15) relative to total settled card-not-present transactions. 

Acquiring banks can be fined if their portfolio of merchants exceeds certain thresholds. And individual merchants can also be flagged as “excessive” if their own dispute levels are high. 

TC40 fraud reports resolved through CE3.0 are excluded from VAMP calculations. So in addition to getting your money back, it actively protects your business by keeping you in good standing with Visa’s monitoring system. 

All disputes resolved through pre-dispute tools are also excluded from VAMP ratio calculations. 

The Data Merchants Need to Collect for Visa CE3.0

Visa’s CE3.0 is useless for businesses that aren’t collecting certain data elements during transactions. You won’t be able to qualify for disputes without this data, even if you have a clear case.

Beyond the payment data, here’s what you need to collect and retain for every online transaction:

• IP Address: At the time of the purchase, retained with the transaction record. 
• Device ID / Device Fingerprint: Uniquely identifies the device used to complete the transaction. 
• User ID: The account identifier associated with the purchase (which could be the customer’s login credentials). 
• Shipping Address: Physical delivery address for the order. 

Beyond the data elements themselves, your systems need to:

• Store the data in a way that’s easily retrievable by transaction and linked to payment records.
• Retain everything for at least 13 months (to cover the 120-365 day window, plus response time).
• Maintain consistent billing descriptors. 
• Ensure each transaction has a unique Acquirer Reference Number (ARN) to locate historical transactions in VROL. 

This is crucial for businesses with repeat customers, including subscription services, SaaS providers, digital goods, ecommerce, and any recurring billing model. If your customers rarely buy more than once, you may not have enough purchase history to qualify for CE3.0, even if you’re collecting all of the right data. 

Your Payment Processor’s Role in CE3.0 Qualification

Your payment processor and acquiring bank play a key role in Visa CE3.0 for your business. That’s because Visa’s rules often run through them. Merchants submit evidence to their acquirer, who responds on their behalf through VROL (Visa Resolve Online). 

If your processor hasn’t set this up properly or doesn’t support Order Insight for pre-disputes, you’re leaving money on the table and exposing yourself to VAMP risks.

Here’s what you can ask your processor to see where you currently stand:

• Are you enrolled in Verifi’s Order Insight?
• Can you share my TC40 and TC15 data?
• Is my billing descriptor consistent across my merchant account? 
• Are you capturing the device ID and IP address at the transaction point?
• What’s your process for submitting CE3.0 evidence?

If your processor can’t answer these questions or prove that they’re doing what they say, you need to stay after them to demand answers.

Some processors will try to upcharge you with value-added services to support this. Costs can vary, and you can always ask our team here at MCC if you’re being charged a reasonable rate or if your provider is trying to take advantage of you. 

Final Thoughts

Visa’s new CE3.0 standard is probably the most meaningful tool that Visa has given merchants in years to fight against friendly fraud. 

When used correctly, it can quickly eliminate you from losing chargeback disputes for legitimate transactions. But it requires you to collect certain data associated with every transaction, and then respond accurately with sufficient evidence. 

If you’re unsure whether your current setup gives you full CE3.0 coverage, it’s definitely worth having a conversation with your processor. Especially if you’re a high-volume online business that’s had problems with chargebacks in the past.