What is Compelling Evidence (CE 3.0)?

Compelling Evidence 3.0 is Visa's framework for proving a disputed transaction was legitimate, launched in April 2023 as a successor to the older Compelling Evidence 2.0 rules. Where 2.0 left a lot of judgement to the issuer, 3.0 is prescriptive: the merchant must show that at least two prior undisputed transactions from the same cardholder, within the previous 120-365 days, share at least two identifiers (IP address, device fingerprint, delivery address, customer account ID) with the disputed one. If they do, Visa requires the issuer to block the chargeback before it's even raised — the merchant wins automatically.

CE 3.0 sits in the awkward middle of the dispute lifecycle: it isn't the same thing as representment, but it does the same job. Where representment is a reactive defence — the chargeback has landed and the merchant fights back — CE 3.0 is preventive. The merchant flags the transaction with the right data at the gateway, and if the issuer later tries to dispute it for first-party fraud ("I don't recognise this charge"), the dispute is automatically suppressed.

Why Visa Introduced CE 3.0

The driver was first-party fraud, sometimes called friendly fraud or chargeback fraud. A cardholder makes a legitimate purchase, receives the goods or service, then disputes the charge with their bank as "unauthorised." The merchant loses the chargeback because they can't prove the customer is the same person they've been doing business with for months.

Visa's analysis found this category was growing faster than third-party fraud (someone stealing card details) and was disproportionately landing on subscription, digital-goods, and marketplace merchants who had repeat customers. CE 3.0 exists to give those merchants a way to say: "This is the same person who's bought from us seven times before from the same device, IP, and shipping address. They aren't disputing this in good faith."

The Identifier Requirements in Detail

To qualify for CE 3.0 on a given transaction, the merchant must capture at least two of the following four identifiers, and they must match across at least two prior undisputed transactions:

• IP address. The IP address used at checkout. Doesn't have to be identical — same /24 subnet is usually accepted for residential ISPs, though Visa's exact tolerance isn't publicly documented.
• Device fingerprint. A hash of browser characteristics (user agent, screen size, plugins, timezone, fonts) or a mobile-app device ID. Most modern fraud platforms generate this automatically.
• Delivery address. For physical goods. Has to match exactly across the prior transactions and the disputed one.
• Customer account ID. The merchant's own internal customer ID, email address, or login. Useful for digital goods or services where there's no shipping address.

The two prior undisputed transactions have to fall within a specific time window — between 120 days and 365 days before the disputed transaction. Less than 120 days and Visa assumes the pattern isn't yet established; more than 365 days and they assume the customer's setup may have changed.

How CE 3.0 Differs from Regular Representment

Regular representment is what most merchants think of as "fighting a chargeback." The chargeback has been raised, the merchant has 7-30 days to respond with evidence, the issuer reviews and decides. Representment is open-ended in what evidence counts — invoices, delivery receipts, IP logs, call recordings, whatever the merchant has.

CE 3.0 is different in three important ways:

• It's preventive, not reactive. The merchant tags the transaction at the moment of authorisation with the identifier data. The chargeback never gets raised in the first place — Visa's network blocks it.
• It's prescriptive. Only the four specific identifiers count. Other evidence is irrelevant. If the merchant has captured them and the match conditions hold, the dispute is auto-resolved in the merchant's favour.
• It's automatic. No 30-day evidence cycle, no issuer review, no QSA-style judgement call. The data is either there and matching, or it isn't.

The right way to think about it: CE 3.0 is a filter at the front of the dispute process. If a transaction qualifies, it never reaches the regular representment stage. If it doesn't qualify, representment still exists as a fallback.

Reason Codes CE 3.0 Applies To

CE 3.0 applies to a specific subset of Visa dispute reason codes — primarily the first-party-fraud categories:

• 10.4 (Other Fraud – Card Absent). The classic "I don't recognise this charge" dispute. The biggest single category CE 3.0 covers.
• 13.1 (Merchandise/Services Not Received). Some sub-cases.
• 13.2 (Cancelled Recurring Transaction). Limited applicability.

Most other reason codes (chip-and-PIN fraud, processing errors, authorisation issues) sit outside CE 3.0 because the identifier match wouldn't be meaningful for them. The framework is squarely targeted at fraud reason codes where the issuer otherwise has to take the cardholder's word for it.

Reported Success Rates

Visa's own data, published shortly after rollout, suggested CE 3.0 was suppressing 30-40% of qualifying first-party fraud disputes before they were raised. Third-party fraud-prevention vendors reported similar numbers in 2024, with some subscription merchants seeing 50%+ reductions in fraud chargebacks. The catch is that those numbers depend on the merchant capturing and reporting the identifier data correctly, which a lot of legacy gateways and PSPs don't do out of the box.

The merchants who get the most out of CE 3.0 are the ones with high repeat-customer rates — subscriptions, digital marketplaces, SaaS, gaming. A one-off retailer where every transaction is the customer's first won't qualify, because there aren't two prior matching transactions to anchor against.

The Mastercard Equivalent

Mastercard runs a parallel framework called Order Insight (formerly Ethoca Consumer Clarity, before the Ethoca acquisition). The mechanism is different — Mastercard pushes order details from the merchant into the cardholder's bank app at the moment of dispute, so the customer sees "this was your subscription to ExampleCo" before raising the dispute. About 30-40% of disputes get withdrawn at that point because the customer recognises the charge they'd forgotten about.

The two systems aren't directly equivalent: CE 3.0 is a rules-based suppression at the network level, Order Insight is a transparency push at the issuer-app level. Merchants serving both card schemes need to support both, usually through their PSP or a third-party chargeback prevention tool.

The Limits of CE 3.0

CE 3.0 isn't a silver bullet. The honest limitations:

• Visa-only. No equivalent on Mastercard (Order Insight is similar in intent, different in mechanism), Amex, or Discover.
• Needs identifier capture. If the merchant or PSP doesn't capture IP, device fingerprint, and customer ID at every transaction, the data isn't there when needed.
• Needs prior history. First-time customers can't qualify. Useful only for repeat-buyer businesses.
• Doesn't cover all reason codes. Chargebacks for non-delivery, processing errors, or authorisation problems aren't in scope.
• Doesn't help with phone payments. Telephone orders won't have an IP or device fingerprint that matches prior orders — the customer is on a phone call, not a browser. MOTO merchants need different defences.

For MOTO and phone payments specifically, the absence of CE 3.0 coverage is one more reason the merchant carries unusually heavy chargeback risk on the voice channel — there's no SCA exemption protection, no 3D Secure liability shift, and now no CE 3.0 either. See our piece on UK regulations for taking card payments by phone for the wider regulatory picture.

What Merchants Should Do

If you're a card-not-present merchant with repeat customers, three concrete steps:

1. Check whether your PSP or gateway already submits CE 3.0 data to Visa. Most of the larger gateways do; smaller ones often don't.
2. Make sure you're capturing IP, device fingerprint, delivery address, and a stable customer ID on every transaction, not just at first signup.
3. If you're seeing significant first-party fraud disputes, talk to your PSP about a dedicated chargeback-prevention service. The vendors in this space (Verifi, Ethoca, etc.) bundle CE 3.0 and Order Insight together.