Effective April 2023, Visa is launching the Compelling Evidence (CE) 3.0 program to update compelling evidence requirements for fraud category chargebacks. While the new framework is designed to help merchants fight friendly fraud, there are concerns about how it will impact the broader chargeback dispute ecosystem.

Visa has assured merchants that if they can provide certain data points along with the dispute, they will assign chargeback liability to the issuer—regardless of the issuer’s ultimate decision. However, there is a fear among merchants that issuers will adopt Visa’s high burden of proof as their own standard. If this turns out to be the case, one effect of this program will be to make it harder to win disputes on the segments which aren’t eligible for the liability shift. 

What are the data requirements of Visa CE 3.0?

Under the new framework, in order to qualify for the liability shift, a merchant must now provide evidence of two historical orders placed on the same store, more than 120 days (the typical chargeback maturation window) and less than 365 days before the disputed transaction. Orders from other merchants (e.g. from. Riskified’s merchant network) cannot be utilized. The criteria for these orders include:

  • They were placed using the same payment method as the disputed transaction;
  • They share two additional data points with the disputed transaction;
  • One of these data points must be an online footprint (IP address or device ID); and
  • Both of the historical orders must not have been disputed or reported as fraud.

If orders meeting these criteria are available, the merchant has two possible flows for requesting the liability shift. If they work with Visa’s Verify alert system, they’ll get notified of the customer’s complaint in pre-arbitration, meaning they can resolve the dispute before it becomes a chargeback.

Otherwise, they can submit the eligible historical orders as part of the representment process once the chargeback has been submitted. If no orders meet the criteria, the chargeback can still be disputed with the regular representment process.

In theory, the new standard does not impact the traditional chargeback representment process. But the concern is that issuers could adopt Visa’s data requirements as their own standard for proof, and reject all claims of friendly fraud unless they are supported by historical transactions.  

What is Riskified doing to support these updates?

Riskified is ready to implement CE 3.0 the moment it rolls out. Where applicable, our compelling evidence for Visa fraud chargebacks will include two historical orders that meet the criteria for CE 3.0. We are well-positioned to maximize the potential of this new rule because we capture and save the relevant data in a way that is easy to retrieve and use.

The data required to prove a customer’s online footprint includes an IP address or device ID. Riskified collects online data about customers via the Beacon, including IP address and cookie, the latter of which can fulfill the requirement for the device ID. Crucially, the use of data from third-party sources in this context is allowed by Visa.

How should merchants prepare for the Visa CE 3.0 update?

The general guidelines for merchants to prepare to use this flow include making sure that they are collecting the relevant data, and that it can be used in their compelling evidence for chargeback disputes.

Merchants partnering with Riskified don’t need to do anything to prepare, as Riskified’s Beacon already collects this data and our dispute engine is ready to use it in the compelling evidence.

Note that chargebacks successfully disputed using the CE 3.0 flow will still count toward the merchant’s chargeback rate, but not its fraud rate.