Visa Compelling Evidence 3.0: what counts and how to submit it

What is Visa Compelling Evidence 3.0?

Visa Compelling Evidence 3.0 (CE 3.0) is a Visa dispute rule that lets merchants defeat card-absent fraud claims using their own transaction history. It is built for first-party (friendly) fraud: cases where the genuine cardholder disputes a transaction they actually authorized, often after receiving the product or service.

The mechanism is pattern matching. Instead of arguing the single disputed transaction in isolation, you show the issuer that the same customer made earlier purchases that were never disputed — and that those earlier purchases share specific identifiers with the disputed one. If the customer trusted you before with the same device, account, IP, or shipping address, the fraud claim on the latest order is much harder to sustain.

• Applies to card-absent (card-not-present) fraud disputes.
• Counters first-party fraud by leaning on prior undisputed orders from the same customer.
• Shifts the question from "is this one charge fraud?" to "did this customer transact with you before, undisputed?"

What qualifies for CE 3.0?

CE 3.0 generally requires two prior undisputed transactions that share identifiers with the disputed transaction. Those identifiers are the link that ties the earlier, trusted orders to the one now in dispute. The stronger and more numerous the shared elements, the more persuasive the case.

The shared identifiers Visa recognizes for this purpose typically include the device fingerprint, the IP address, the customer account or login ID, and the shipping address used on the orders. You need to have captured these at the time of each transaction — they cannot be reconstructed after a dispute arrives.

• Two prior undisputed transactions from the same customer is the general qualifying bar.
• Shared identifiers: device fingerprint, IP address, account or login ID, shipping address.
• The prior transactions must be undisputed — a customer with a history of disputes does not help your case.
• You must have captured the identifiers at the time of each sale; they cannot be back-filled.

What data do you need to capture at checkout?

CE 3.0 is won or lost at checkout, not at dispute time. Because the qualifying evidence is the link between past and present orders, you have to record and retain the identifiers on every transaction so the connection exists when you need it.

Build the capture into your normal order flow. The data should be stored against each order so that, when a dispute lands, you can pull the disputed order and at least two earlier undisputed orders and show the matching identifiers side by side.

• Device fingerprint or device ID for each order.
• IP address recorded at the time of purchase.
• Customer account or login ID tying orders to one person.
• Shipping or delivery address used on each order.
• Retain this data on undisputed orders — you will draw on it months later.

How do you submit CE 3.0 evidence?

CE 3.0 rewards merchants who submit structured evidence early — ideally before a dispute becomes a finalized chargeback. The goal is to present the matching prior transactions to the issuer in a clear, labeled package that makes the pattern obvious.

Practically, that means assembling the disputed transaction and at least two qualifying prior transactions, listing the shared identifiers for each, and submitting through your processor or acquirer’s dispute channel by the deadline on the case. The card network decides the outcome, so the package has to read for that reviewer, not for you.

• Pull the disputed transaction plus at least two prior undisputed transactions from the same customer.
• List the shared identifiers (device, IP, account, address) for each transaction side by side.
• Submit through your processor or acquirer’s dispute channel before the deadline on the case.
• Submit early — pre-dispute evidence delivered to the issuer carries more weight than a late representment.

How is CE 3.0 different from Mastercard First-Party Trust?

Both rules let merchants beat first-party fraud with structured evidence, but they qualify differently. Visa CE 3.0 leans on transaction history: you need prior undisputed orders from the same customer that share identifiers with the disputed one.

Mastercard First-Party Trust works toward the same goal but does not require prior transaction history with that cardholder, so even a first-time customer can qualify. The reported standard is at least one data point from each of three categories: device identity (such as IP or device fingerprint), delivery or fulfillment information, and an additional identity factor (such as an account login or phone number).

• Visa CE 3.0: needs about two prior undisputed transactions sharing identifiers.
• Mastercard First-Party Trust: no prior-transaction requirement — first-time customers can qualify.
• First-Party Trust data needed: device identity + delivery info + an extra identity factor.
• Both reward evidence delivered to the issuer before a chargeback is finalized.

What should you verify before relying on CE 3.0?

Treat this page as an educational overview of a publicly described Visa rule, not as compliance advice for your specific account. Networks revise qualifying criteria, data requirements, and effective details on a rolling basis, and your acquirer may layer its own rules on top.

Before you build CE 3.0 into your dispute process, confirm the current qualifying requirements against Visa’s own rule documents and ask your acquirer how it wants the evidence packaged and submitted for your merchant account.

• Confirm the current CE 3.0 qualifying criteria in the latest Visa rules.
• Verify which identifiers Visa accepts and how many prior transactions are required.
• Ask your acquirer how it wants CE 3.0 evidence formatted and submitted.
• Re-check the rules each quarter — networks update them mid-year.

Frequently asked questions