Visa Compelling Evidence 3.0: How to Use Your Order History to Win Fraud Chargebacks

Most merchants find out about Compelling Evidence 3.0 the same way they find out about most Visa rule changes — after losing a dispute they could have won.

Visa introduced CE3.0 in April 2023. It is one of the most significant rule changes for merchants in years. It gives you a legitimate path to beat a fraud chargeback using transaction history you already have sitting in your order management system. And the majority of small and mid-size merchants are still not using it.

Here is what it is, who qualifies, and exactly how to use it.

What Is Compelling Evidence 3.0?

Compelling Evidence 3.0 is a Visa dispute rule that allows merchants to challenge a fraud chargeback by presenting evidence that the same customer transacted with them before without disputing it.

The logic is straightforward. If someone is claiming they never authorized a transaction on your store, but you can show that the same device and IP address placed two other orders with you that were never disputed, that prior history is compelling evidence that the cardholder knew about and authorized the transactions.

Before CE3.0, merchants fighting fraud chargebacks were largely limited to authentication data and delivery confirmation. CE3.0 added a new tool: your own order history.

It applies specifically to Visa reason code 10.4 (Other Fraud: Card Absent Environment), which is the most common fraud chargeback code for online merchants.

Why CE3.0 Matters More Than Most Rule Changes

Visa rule updates happen regularly. Most of them are procedural. CE3.0 is different because it directly addresses the friendly fraud problem, which is when a customer who received their order disputes the charge anyway.

Before CE3.0, friendly fraud was extremely difficult to fight. The cardholder says they didn't authorize it. You say they did. Without authentication data proving the cardholder verified themselves at checkout, the bank often sided with their customer by default. The burden was on you to prove a negative.

CE3.0 shifts that dynamic. Instead of trying to prove the specific transaction was authorized, you are showing a pattern of behavior. Same device. Same IP. Bought from you before. Never complained. That pattern is hard to argue against.

Who Qualifies for CE3.0

Not every dispute qualifies. The requirements are specific and all of them must be met.

The dispute must be a Visa reason code 10.4. CE3.0 does not apply to other reason codes.

You must have at least two prior undisputed transactions from the same customer. These transactions must share at least one of the following with the disputed transaction: the same device ID, the same IP address, or the same account login.

At least one of the two prior transactions must have occurred more than 120 days before the disputed transaction. This is the requirement most merchants trip over. If all your matching transactions are recent, you may not qualify even if the pattern is otherwise clear.

None of the prior transactions can have been disputed by the cardholder. If the same customer has filed chargebacks against you before, those transactions cannot be used as qualifying evidence.

The transaction amounts and dates of the prior transactions must be documented and submitted in the specific format Visa requires.

What Data You Need to Pull

Before you can use CE3.0 you need to confirm the data exists and pull it in a usable format. Here is what to gather:

For the disputed transaction: order ID, transaction date, amount, IP address at checkout, device ID or fingerprint, account login if the customer had one, billing address, and shipping address.

For each qualifying prior transaction: the same fields. You need to show the overlap between the prior transactions and the disputed one. The matching field (device ID, IP address, or account) is the core of your argument.

If you are not currently capturing device ID or IP address at checkout, CE3.0 is not available to you. This is worth fixing immediately. Most ecommerce platforms either capture this natively or can be configured to do so with a small development change. Shopify, WooCommerce, and most hosted platforms capture IP by default. Device fingerprinting may require a third party tool or a configuration change.

How to Submit CE3.0 Evidence

Visa requires CE3.0 evidence to be submitted in a specific structured format, not as a narrative. This is where many merchants fail even when they have the qualifying data. The format matters as much as the data itself.

Your submission needs to include a transaction comparison table. Side by side: the disputed transaction on one side, the two qualifying prior transactions on the other. For each transaction show the date, amount, device ID or IP address, and the matching field that connects them.

This table is what the bank's review system is looking for. If you submit a paragraph describing the prior order history instead of a structured table, you are making it harder for the system to find the data it needs to rule in your favor.

Your rebuttal letter should reference the table explicitly and state clearly that you are invoking Compelling Evidence 3.0 under Visa dispute rules. Name the rule. Banks and their systems know what it means.

Step-by-Step: Filing a CE3.0 Response

Step one: Receive the 10.4 dispute notification and confirm the reason code. CE3.0 only applies to 10.4.

Step two: Pull the disputed transaction record. Get the IP address, device ID, and account login if available.

Step three: Search your order history for transactions matching that device ID, IP address, or account login. You need at least two with no associated disputes.

Step four: Confirm at least one of the matching transactions is more than 120 days old. If not, CE3.0 may not apply and you should fall back to standard authentication evidence.

Step five: Build the transaction comparison table. Disputed transaction on one side. Two qualifying prior transactions on the other. Matching fields highlighted.

Step six: Write a brief rebuttal letter. State that you are responding under Visa Compelling Evidence 3.0, reference the attached transaction comparison, and note the matching device or IP address across all three transactions.

Step seven: Request your 3D Secure authentication data from your processor anyway. CE3.0 is your primary argument but authentication data strengthens the overall submission.

Step eight: Compile into a single PDF in order. Rebuttal letter first, transaction comparison table second, authentication data third, supporting order documentation last.

Step nine: Submit before your deadline. CE3.0 responses have the same deadline as standard dispute responses, typically 20 to 30 days from the dispute filing date.

Common CE3.0 Mistakes

Using transactions that were disputed. Any prior transaction that resulted in a chargeback is disqualified. Check before you include it.

Not having the 120-day transaction. This is the most common disqualifier. If all your matching transactions are from the last four months, you need to rely on other evidence.

Submitting narrative instead of structured data. A paragraph explaining the order history is not CE3.0 evidence. The table is CE3.0 evidence.

Not naming the rule in your response. Stating explicitly that you are invoking Compelling Evidence 3.0 signals to the bank's review process exactly what framework to apply. If you just submit the data without naming it, you are relying on the reviewer to make the connection.

Waiting too long to pull the transaction data. Your processor or platform may have data retention limits. Pull the records as soon as you receive the dispute.

CE3.0 and the Broader Fraud Response Picture

CE3.0 is a powerful tool but it is one piece of a complete fraud dispute response. The merchants who win the most disputes combine it with strong authentication data, clean device and IP documentation, and a structured submission format.

If a transaction has completed 3D Secure authentication and you also have CE3.0 qualifying history, you have an extremely strong case. The authentication data proves the specific transaction was authorized. The CE3.0 history proves it fits a pattern of legitimate transactions. Together they address the bank's question from two directions.

If you do not have 3D Secure data but you have strong CE3.0 history, you still have a viable dispute. The prior order pattern shifts the burden significantly even without the authentication record.

If you have neither, a fraud chargeback is very difficult to win and may not be worth the time cost of a full response.

Start Building the Data Infrastructure Now

The merchants who benefit most from CE3.0 are the ones who have been capturing device and IP data consistently for more than four months. If you are reading this after receiving a dispute and you do not have that history, CE3.0 is not available to you today.

But it will be available to you in four months if you start capturing the data now.

Make sure your platform is logging IP addresses at checkout. Enable device fingerprinting if you have not already. Keep your order history in a format you can query by device and IP. This is not a complex technical change for most platforms and the payoff compounds over time.

Every undisputed transaction you accumulate is potential CE3.0 ammunition for any future fraud dispute from the same customer.

The Templates and Evidence Framework That Make This Easier

Knowing the rule is half the battle. The other half is having a submission format that actually works, the right language for your rebuttal letter, and a checklist that makes sure you haven't missed a qualifying field.

The Chargeback Defense Bundle at WinTheChargeback includes a CE3.0 specific evidence template, the transaction comparison table format Visa expects, and the rebuttal letter language for invoking CE3.0 in your response. It also covers 14 other dispute types with the same level of detail.

Get the Chargeback Defense Bundle

Frequently Asked Questions

Does CE3.0 work for Mastercard disputes? No. CE3.0 is a Visa-specific rule that applies only to Visa reason code 10.4. Mastercard has its own dispute frameworks and evidence requirements. A similar prior order history argument can sometimes be made under Mastercard rules but the specific CE3.0 framework does not apply.

What if my platform does not capture device IDs? If you cannot establish a device ID match, you can still qualify using IP address or account login matches. If none of those are available, CE3.0 does not apply to that dispute. This is the most common reason merchants cannot use CE3.0 and the strongest argument for enabling device fingerprinting on your store.

Can I use CE3.0 if the prior transactions were made by a different card? Yes, as long as the device ID, IP address, or account login matches. CE3.0 is about demonstrating that the same person transacted with you before, not that the same card was used before. A cardholder who used a different card but the same device and IP address on prior orders can still qualify.

How far back can prior transactions go? There is no maximum lookback period specified in the Visa rules. The minimum is that at least one prior transaction must be more than 120 days before the disputed transaction. Older matching transactions can actually strengthen your case.

What if I only have one qualifying prior transaction? CE3.0 requires a minimum of two. One prior transaction is not sufficient. If you have only one, document it in your submission as supporting context but do not cite CE3.0 as your primary argument.