Compelling Evidence Rules Updates
With Compelling Evidence 3.0 (CE3.0) merchants can leverage qualified transaction data to protect their business against confirmed first-party misuse.
Rebalance the Scales
Compelling Evidence 3.0 (CE3.0) evolves the Visa dispute program for CNP 10.4 disputes by adding a set of checks and balances to draw a clear and direct relationship between the merchant and the cardholder with the use of qualified historical transaction data to systematically establish a legitimate purchase made by the cardholder.
Pre- and Post-Dispute Protection
Merchants can protect themselves against confirmed first-party misuse by providing qualified transaction data. In the pre-dispute stage with Order Insight or the post-dispute stage traditional pre-arbitration process, merchants can prove to issuers that the transaction is legitimate and maximize their opportunity to block a potential dispute.
CE3.0 Rule Qualification Criteria
What is Qualified Transaction Data?
- Account ID
- IP Address
- Shipping Address
- Device ID
What transactions are eligible?
- 120 to 365 days older than the disputed transaction
- Disputed or non-disputed transactions void of prior fraud activity or claims
- A Merchant Match
Benefits of CE3.0 for Merchants
Qualified Transaction Data in the pre-dispute phase can block disputes from being initiated and thereby protect a merchant’s dispute ratio and prevent the risk of being included in the Visa Dispute Monitoring Program (VDMP).
Reduce Your Fraud Ratio
Merchants can benefit from the reversal or stoppage of creation of fraud reports in the post and pre-dispute flow respectively, when first-party misuse is established. Utilizing the pre-dispute flow, merchants can keep their fraud ratio healthy and prevent the risk of their inclusion in the Visa Fraud Monitoring Program (VFMP).
Protect Your Revenue
Recover revenue and maximize win rates for confirmed first-party misuse with pre-arbitration.
Reduce Operational Costs
Lower the cost of dispute processing, fees and fines
How Can Merchants Take Advantage of CE3.0
Facilitated through Verifi’s Order Insight solution, participating merchants can provide purchase details to issuers in an attempt to deflect a transaction in question (pre-dispute) from becoming a chargeback.
How it Works
Visa will pre-select 2 to 5 transactions with no fraud activity that occurred between 120 and 365 days of the attempted dispute date.
The participating merchant will need to systematically return data elements outlined in the above referenced qualification criteria for those transactions that were pre-selected.
Verifi’s Order Insight will validate the data, and pass to Visa to make the liability decision based on qualification criteria.
If criteria are met, the pre-dispute will be blocked and liability for the transaction will shift to the issuer.
Aligning with the existing pre-arbitration process, merchants will have the opportunity to work with their acquirer to submit transaction data elements that meet CE3.0 qualification criteria in an attempt to recoup revenue lost to illegitimate fraud disputes (Visa 10.4).
How it Works
Merchant will work with their acquirer to locate and package data elements that meet CE3.0 qualification criteria for two historical transactions that occurred 120 – 365 days prior to the dispute date for the same cardholder (identical PAN).
The acquirer will deliver the response package via Visa Resolve Online (VROL) where the CE3.0 data elements will be validated.
If the data elements from the historical transactions meet the qualification criteria and are accepted by the issuer, the dispute will be reversed and liability will shift to the issuer.
Benefits for Merchants
|☑ Automated Process||☑ Fraud Ratio Reduction|
|☑ Acquirer Agnostic Capability||☑ Retain Revenue|
|☑ Immediate Confirmation of CE3.0 Protection||☑ Merchant Control of Historical Transactions|
|☑ Dispute Ratio Reduction||☑ No Integration Required|
|☑ Fraud Ratio Reduction|
|☑ Avoid Dispute Fees|
|☑ Lower Operational Costs|
|☑ Retain Revenue|
How is the Merchant Matched to the Transaction?
Visa will determine historical footprint based on transaction type.
- Match based on Merchant Category Code (MCC)
- Presence of Payment Facilitator ID in Authorization Message (F104)
- Presence of Sub (Sponsored) Merchant ID (F104)
- Does not fit qualification for Visa Direct or Payment Facilitator
More Compelling Evidence 3.0 Resources
- Control the Chaos of First-Party Misuse Leveraging CE3.0
- CE3.0: Are You Ready?
- Removing Noise from The Dispute Experience
- Visa CE3.0 Merchant 101
- Visa CE3.0 Merchant 201
- Visa CE3.0 Merchant 301
- Visa Post-Dispute Merchant Options
- What Every Merchant Needs to Know About Friendly Fraud
- “Friendly Fraud” is on the rise. Visa’s new Compelling Evidence 3.0 aims to help merchants level the playing field.
- Compelling Evidence 3.0 (CE3.0) in the Pre-dispute and Pre-arbitration Environments
- Visa Compelling Evidence 3.0
- Compelling Evidence 3.0 301 Training: Qualified Transaction Matching
Frequently Asked Questions
First-party misuse occurs when cardholders report fraud on authorized transactions knowingly or unknowingly.
To combat the risk and rising occurrences of first party fraud, and to balance the cost of cardholder behavior between issuers and merchants, effective April 2023, Visa is updating dispute rules, which will make a cardholder dispute invalid if specific compelling evidence can be provided to support that the cardholder (or authorized person) participated in the transaction. This rule change is known as “Compelling Evidence 3.0” or “CE3.0”. With this change, when a cardholder initiates a fraud-related dispute for a card-not-present transaction, merchants will have two options to take advantage of the rule change.
First, during the pre-dispute phase of the dispute processing, the merchant can leverage Verifi’s Order Insight® Systematic Dispute Deflection to respond with qualified transaction data, in real-time, prior to the creation and processing of the dispute within Visa Resolve Online (VROL).
Second, for post-dispute the same required information can be delivered during the pre-arbitration response process via the merchant’s acquirer. Benefits to merchants vary depending on whether the pre-dispute or post-dispute process is used.
Merchants participating via Order Insight during pre-dispute processing:
Helps reduce fraud and dispute ratios
Helps reduce revenue lost to disputes
Helps reduce overall dispute processing expenses
Drives network value for merchants.
Merchants participating via post-dispute pre-arbitration:
Helps reduce fraud ratios, not dispute ratio (important distinction)
Helps reduce revenue lost to disputes
Drives network value for merchants. Merchants using VisaNet for payment processing benefit from these services to help protect their revenue.
Helps avoid card reissuance costs (for pre-dispute deflection only)
Helps increase issuer risk model performance with more accuracy
Provides issuers with more data on their cardholder behavior
Empowers issuers with data to potentially challenge cardholders and reverses provisional credits on disputed transactions
Delivers accurate data and compliance program identifications
Creates opportunities for acquirers to assist in solving the friendly fraud problem
For each CNP fraud dispute raised by the issuer, Visa will search for up to 5 eligible historical transactions between the cardholder and the merchant which do not have fraud activity reported against them. Visa will request qualified transaction data for those purchases via Verifi’s Order Insight service.
In early 2023, Verifi launched enhancements to the Verifi API for merchant and remerchant partners to allow merchants to take advantage of the rule change at the pre-dispute stage. New and existing merchants who opt to participate in Order Insight will need to integrate to the new API specification.
If an online store wishes to benefit from Systematic Dispute Deflection, and they are already enrolled in Order Insight, they need to:
- Understand the additional data requirements for the new rule and determine if they can capture and provide the required information
- Review their data archival and storage policies (i.e., they need to have the data available in an operational database for up to 365 days)
- Review their IT and infrastructure needs to maintain the response SLA requirements (i.e., implement faster and optimized order search if required)
- Be prepared to make the investment necessary to re-integrate to the new Verifi API specification
Results will vary by merchant and may be driven by their business model. Merchants that see high-frequency purchases from cardholders or use recurring billing methods are more likely to benefit from the rule change. Merchants must collect the data required by the rule change, so it is important to evaluate what data is collected and stored on purchases.
The rule will be effective globally and apply to all Visa issuers. All Visa transactions processed using VisaNet will be eligible.
Merchants can choose to leverage both pre-dispute and post-dispute capabilities to maximize benefits, or simply use one or the other. However, they must be integrated with Verifi through the Order Insight integration for pre-dispute benefit.
Only Fraud 10.4 CNP (Other Fraud – Card Absent Environment) disputes qualify.
All MCC’s that are supported by VisaNet are eligible to take advantage of the new rules.
If there are historical undisputed and non-fraud disputed transactions associated with the PAN greater than 120 days, and the data points for the transaction match the historical transactions, the new rule can be leveraged.
At this time, only those transactions that take place between the same merchant and cardholder in VisaNet can qualify for compelling evidence. Cardholder activity across multiple unrelated businesses cannot be considered.
Yes, if a prior transaction has a non-fraud dispute it qualifies as a historical transaction. ONLY prior transactions that DO NOT have any fraud activity (TC40) are eligible. Note: Fraud Disputes reported under codes C and D will not be classed as a fraud dispute.
Fraud resulting from a merchant deliberately misleading the account holder. Examples may include:
· A merchant fraudulently selling items that are not as they seem or sub-standard.
· Charging more than anticipated or for a longer term.
· Charging for a service that the consumer can get for free through another channel for the purpose of conducting fraudulent activity, etc.
Manipulation of Account Holder
Fraud resulting from a merchant manipulating an account holder into completing what they believe to be a legitimate transaction. This fraud type has been added to support Visa Direct and European PSD2 regulations. Examples may include:
· Account holder manipulated into sending funds to a fraudulent beneficiary when the sender believes they will gain fictitious riches or help an individual.
Pre-dispute compelling evidence rule processing only occurs in real-time as the issuer is submitting the 10.4 dispute to VROL in the call center. Therefore, call center experience is necessary for rules processing.
For participating merchants in pre-dispute, Visa will identify prior eligible transactions, and the merchant will receive API requests to provide order details for these transactions which will be used to evaluate whether the dispute is eligible for CE3.0 coverage. To maximize the benefits, merchants must ensure order data is available for up to 365 days after the original payment was processed.
Merchants should work with their acquirers to identify the best transactions to supply as compelling evidence in the post-dispute and pre-arbitration process that meet the requirements for qualifying transaction data as outlined in the CE3.0 Rule.
If providing the required data at pre-dispute stage, the merchant’s fraud and dispute ratios could be lowered. If the required data is provided with pre-arbitration, resulting in the merchant successfully shifting the dispute liability to the issuer, the merchant’s fraud ratio can be lowered, but their dispute ratio will reflect the processed dispute.
If the merchant does not have multiple transactions for the cardholder within a 365-day time, then the rule will not be supported in either the pre-dispute or post-dispute processing. Note however, that subscription disputes are often classified as “Cancelled Recurring”, rather than “Other Fraud – Card Absent Environment” (10.4).
Delivery address would not apply for digital goods merchants; but the rule allows for other applicable fields such as IP address, Device ID, Device fingerprint, and/or Account ID values to qualify instead.
If the purchase being disputed is a CNP transaction, it is eligible.
If the two CNP storefronts can be identified as the same “merchant” (by an identifier such as descriptor or via Visa’s ability to link multiple merchant accounts for the same retailer) then yes, purchases across all the storefronts will be considered eligible for historical transactions.
Currently the compelling evidence rules do not consider biometric auth data as part of the response data. This may be considered in the future.
No, if merchandise is not shipped, the delivery address cannot be replaced with billing address. The other 3 data elements would be available for use to meet the requirement.
No, if merchandise is not shipped, the delivery address cannot be replaced with billing address. The other 3 data elements would be available for use to meet the requirement.
A historical footprint for past purchases is required for transactions to qualify for Systematic Dispute Deflection. Therefore, dispute initiated on a first-time purchase will not qualify for CE3.0 coverage.
Recognizing that this information can change across transactions, Visa is searching for up to 5 historical transactions for the merchant to respond. Matching data across 2 of those transactions is required to meet the rule conditions. If a merchant is unable to provide the IP address as a reliable data element to match across multiple transactions, they should use other data elements such as device ID, device fingerprint or account ID.
There are standard device ID formats – such as IMEI; however, it is up to the merchant to capture the device ID they think will best identify the device. Merchants should discuss with their acquirer what strategies work best for their purposes. The intent of the requirement is to provide evidence that the same device was used for historical as well as disputed transactions.
For the tokenized transaction being disputed, Visa will identify the underlying PAN and search for any historical transactions linked with that underlying PAN and merchant. The historical transactions will not be limited to only those where the token was used, it will span all transactions for that underlying PAN and merchant.
The Account ID is the value the cardholder provided when they established the relationship with the merchant. This may be an email address or username to uniquely identify and authenticate themselves to the merchant. This value should be recognizable to the cardholder and should not be an internal value on the merchant’s system.
For post-dispute, pre-arbitration responses, the merchant will identify prior transactions based on rule criteria. The merchant should work with their acquirer to get up-to-date fraud data to ensure they are only responding with orders that have not been disputed as fraud. merchants that do not get fraud data from their acquirer can leverage Verifi’s INFORM solution to receive fraud reports to ensure the transactions the merchant selects have not been reported as fraud or disputed as fraud. If the merchant has multiple eligible transactions to be returned for post-dispute compelling evidence rules, it is advised they choose from the most recent transactions that meet the rule time frames.
If the merchant provided all the required data elements in the pre-arbitration stage, the issuer will be liable for the transaction, if they accept the liability. Issuers have the option to deny the liability shift if they have enough evidence to support their claim. However, the issuer should carefully evaluate this option, as the acquirer can go to arbitration and if Visa determines that the evidence provided by the issuer is not sufficient, issuer will not only lose the case, but also will pay for the cost of arbitration. Hence issuers are strongly advised to assess the relationship with the cardholder to determine whether to hold the cardholder liable or accept the loss.
Yes, it is possible that a cardholder can report a fraud, and if the fraud gets rejected, the cardholder may submit a consumer (or any other non-fraud) dispute, if it is within the dispute timeframe.
A valid use case for this: the cardholders was unable to recognize a transaction (thereby claiming fraud), then recognizing it and raising a consumer dispute (e.g., non receipt of merchandize).
However, the reverse is not valid, i.e., once a CH raises a consumer dispute and is rejected, it cannot again be claimed as fraud.
VROL will search for up to 5 historical transactions to request Compelling Evidence information during pre-dispute processing. A minimum of 2 transactions are required to have the Order Insight information returned for rule considerations. If fewer than 2 transactions are identified by VROL, the dispute will be processed as it is today, and it will not be eligible to be blocked via CE 3.0.
Merchants can always fall back on the post-dispute processing to provide compelling evidence during the pre-arbitration processing via their acquirer.
Note that via the post dispute flow, all historical transactions must be from the same acquirer, historical transactions across multiple acquirers will not be able to be submitted. (Acquirer A can not reference Acquirer B’s historical transactions when submitting the information to VROL)
Visa will notify Verifi after validation of the Compelling Evidence pre-dispute response whether the dispute has been blocked (leveraging a new call type 9 between Visa and Verifi). Verifi will in-turn, send the notification to the merchant when the response was sufficient to prevent the dispute to be raised. Verifi will also send notification if the issuer requested a review of the decision and if the review was approved (i.e., the dispute was allowed to be processed). Details of the technical solution spanning API and reporting enhancements will be available in Fall 2022.
Yes, a merchant can leverage the compelling evidence rule change to share data and attempt to block the issuer from submitting a dispute. If the rule criteria are not met, the dispute can be resolved via the RDR service (when eligible) to allow the merchant to resolve the dispute at the pre-dispute stage.
Note: Merchant must be enrolled in RDR and the transaction must be eligible for dispute to resolve a pre-dispute with Rapid Dispute Resolution. Please contact your Verifi Representative for more information on RDR.
The Order Insight compelling evidence qualification check occurs before RDR processing.
Issuer procedures vary. In the event the dispute is blocked by the Compelling Evidence supplied by the merchant, the issuer may choose to reverse the provisional credit and reject the cardholder’s claim of fraud and discuss/review the Order Insight data returned by the merchant or allow it to become permanent and write off the funds as a financial loss.
No, the Compelling Evidence rule only triggers once the issuer files a fraud dispute. If the cardholder does not initiate the dispute, the fraud report will not be reversed because it does not qualify for rule protection. If the fraud dispute is blocked by the Compelling Evidence rules processing, the fraud report will also be reversed.
TC40 is the name of the report that issuing banks send to Visa to report fraudulent transactions as part of its Risk Identification Service. TC40 is a record of all fraud notices – once the dispute is created and fraud is reported, the fraud report can only be reversed if the new rule requirements are met. Dispute ratio will remain as the dispute has already happened.
It is possible that there could have been a fraud reported earlier than the dispute being raised. In such a situation, there would be a TC40 record that had been sent earlier, and the dispute initiated later. When the CE3.0 process blocks the dispute, the fraud report will be deleted in Visa’s system. However, depending on the timing of the reported fraud, the merchant’s fraud ratio may or may not be rectified retrospectively post the CE3.0 validation.
If the response to the historical transactions is invalid, the dispute will be allowed to proceed normally. The merchant will not be sent another set of historical transactions to respond to. Note that the merchant can still leverage CE3.0 coverage in the post dispute phase by providing historical transaction evidence.
A "OCT" (Original Credit Transaction) is Visanet transaction used to "push" funds to a card based account (such as to pay a cardholder to their card account). An "AFT" (Account Funding Transaction) is a Visanet transaction used to draw or "pull" funds from a card account to fund an OCT to a different account. As an example, once could use a AFT to fund a card wallet and use subsequent OCTs to pay from the wallet.
The 120-365 day rule is valid for the AFT but the OCTs can be between 0 – 365 days.
VROL will implement a set of monitoring for the integration between Verifi and VROL for conditions such as Verifi response timing out, merchant response failing to meet the CE requirements, etc.
Verifi will also implement monitoring for the integration between Verifi and the merchant, to monitor conditions such as merchant response timing out, Verifi unable to send a transaction inquiry due to system failure, CE inquiry received for an unenrolled merchant, etc. Please see our training deck for the kind of monitoring we will have available.
Yes, our recommendation is for them to send as much information as possible in the Verifi API 3.0 to ensure they are able to leverage Compelling Evidence remedy to the maximum possible extent.
There are standard device ID formats – such as IMEI, MAC ID, UUID, etc. It is up to the merchant to capture the device ID that they think is most appropriate for them to identify the device. Our API specifications dictate that the device ID should not be more than 32 characters.
Device fingerprint does not have a “standard” definition or format. The merchant may choose from a set of fields such as:
- IP address
- Http request headers
- Plugins or fonts installed in the device
- Battery information
- OS and its version#
- VPN and browser information, etc.,
Verifi/Visa has not released a guidance for this other than that Device Fingerprint should not be more than 45 characters.
The merchant may choose whichever fields makes the best sense. We suggest the merchants discuss with their network and hardware experts and come up with the suitable strategy that works for them. They may use a third-party provider or use their own algorithm by combining hardware, browser or software data elements. The intent of the requirement is to provide evidence that the same device was used for the historical as well as disputed transactions.