Credit card networks like Visa give consumers the right to dispute charges when they don’t recognize a transaction or when they are unsatisfied with a merchant’s service. Unfortunately, millions have abused this chargeback process, with one 2023 survey estimating that 44% of chargebacks are fraudulent. These false claims, known as first-party fraud, cost merchants over $50 billion annually.
Introduced in 2023, Visa Compelling Evidence 3.0 (CE3.0) provides a clear set of criteria for proving a chargeback is fraudulent through signals like IP addresses and device fingerprints. It empowers merchants to get fraudulent chargebacks dismissed automatically, protecting their business. This article discusses what merchants need to know about CE3.0, why it’s important to implement, and how to satisfy the requirements.
What is Visa Compelling Evidence 3.0 (CE3.0)?
Visa Compelling Evidence 3.0 is a set of rules and guidelines around the evidence that merchants can provide in chargeback disputes involving Visa cards. It allows merchants to automatically win a certain kind of charge dispute — Visa reason code 10.4: “Other Fraud: Card-Absent Environment,” also called CNP (card not present).
The philosophy behind CE3.0 is simple: People who abuse CNP are claiming that their account details were stolen and used by someone else. But if you can present qualifying data proving that’s not the case — and it was actually them who made the purchase — then Visa will dismiss their claim.
What qualifies for CE3.0?
Under CE3.0, Visa requires merchants to provide:
- Two undisputed charges made between 120 and 365 days prior to the disputed transaction
- Compelling evidence for each charge (the two undisputed charges, and the disputed charge)
Compelling evidence can consist of either two main evidence elements, or one main evidence element and one secondary evidence element.
- Main evidence elements: Customer purchase IP, customer device fingerprint/device ID
- Secondary evidence elements: Shipping address, customer account email, or customer account ID
Visa will automatically check the compelling evidence to determine if the same person made the undisputed charges as well as the disputed charge. If it’s a match, they will dismiss the customer’s dispute immediately.
Note that Mastercard’s First Party Trust is similar to CE3.0, but has some differences in criteria and procedure.
Why merchants should care and what they need to know
CE3.0 gives merchants protections against improper CNP fraud chargebacks, the most common type by a wide margin.
Chargeback abuse leads to considerable losses for merchants. Typically, when a consumer disputes a charge, their issuing bank judges the case, often deciding in favor of the consumer. Chargebacks also incur fees and hassles for the business, regardless of the outcome. Finally, merchants risk higher transaction costs with their acquirer (the company that processes credit cards) if their ratio of chargebacks to transactions gets too high. With the Visa Acquirer Monitoring Program (VAMP) introduced in April 2025, those ratios have become more stringent.
What happens if you don’t use CE3.0
The alternative to CE3.0 is to manually compile evidence for someone at the cardholder's issuing bank to evaluate.
However, manually pulling together a response to a chargeback is an expensive use of employee resources. And because the banks evaluating the evidence are generally inclined to advocate for their customers, this approach has a much lower likelihood of winning the dispute (estimated at 44% versus nearly 100% for CE3.0). Finally, with a manual approach, you have to pay the chargeback fee even if you win the dispute.
Best practices and strategies to protect your business
It takes some preparation to make effective use of CE3.0. Here’s how to use it to protect your business by having disputes dismissed reliably and quickly.
Use Order Insight for automatic wins and better cash flow
Under the standard chargeback system, the first time a merchant hears of a dispute is when a chargeback is officially filed. However, some Visa programs notify merchants of a dispute before it becomes a chargeback, and in some cases allows them to respond before it’s formalized.
The primary mechanism is Visa’s Order Insight program, run through its subsidiary Verifi. It was originally created to reduce chargebacks by showing purchase details to customers (what they bought, how much each item cost, etc.). Order Insight now serves a second purpose: notifying merchants of a dispute before it becomes a chargeback, and allowing them to provide CE3.0 details. If they respond promptly with qualifying evidence, the dispute is canceled.
It’s best to use Order Insight to clear up chargebacks right away. Otherwise, while the dispute is pending, it will remain on the merchant’s record. The payment processor will withhold funds, reducing cash flow, and the business’s chargeback ratio will go up instantly, risking exceeding the VAMP limit.
Collect both IP address and device fingerprint
CE3.0 accepts both IP addresses and device fingerprints as “main evidence” and checks them for consistency across the provided transactions. Unfortunately, an IP address may not be consistent across the several months of the relevant transactions because:
- Home IP addresses change. For many internet connections, especially residential ones, IP addresses are not static. They can change from time to time, sometimes within a week or so, but on average they last for 7 months. There’s a high risk that an IP address of the exact same connection will change between the first and last transaction.
- Mobile phone IP addresses are even more variable. IP addresses can change from one cell phone tower to the next. If one transaction is on WiFi and another on mobile data, they will almost certainly be on separate IP addresses. (The same concept applies to a laptop used in different places.)
- Some people hide their IP addresses. VPNs, for instance, purposefully route traffic through a different IP address than the one the user is coming from. These platforms are likely to change up the IP address between connections, so transactions at different times will appear to be from different places.
On the other hand, the device fingerprint is far less likely to change since it captures characteristics specific to the device. The fingerprint for a mobile device will be the same whether it’s used on the cell network or on WiFi, as will a laptop browser whether it’s used at home, work, coffee shop, or even on an airplane.
When coupled with secondary evidence like the customer’s account ID or email, a consistent device fingerprint lets merchants take advantage of CE3.0 even in cases where the customer’s IP address has changed.
Solutions for providing compelling evidence
Most of the compelling evidence for CE3.0 can come directly from your e-commerce system, including the IP address and any secondary evidence (shipping address, email address, and account ID).
To collect and provide the device fingerprint, a device intelligence platform like Fingerprint analyzes hundreds of data points about the user’s specific browser and device to generate a unique Visitor ID. By providing Fingerprint’s Visitor ID as compelling evidence under CE3.0, you can defend against situations when the user’s IP address changes across transactions and reduce the impact of chargeback fraud.
If you’re interested in exploring how Fingerprint can help you use Visa Compelling Evidence 3.0 to protect your business, try it out for free.
