Visa Compelling Evidence 3.0 update: what you need to know

The anticipated updates to Visa’s compelling evidence requirements, Compelling Evidence 3.0, finally take effect on April 15, with the goal of making it easier for merchants to combat first-party fraud (or ‘friendly fraud’). The new Visa rules come at a time of rising disputes, and with merchants projected to pay over $100 billion in chargebacks this year, the need to minimize revenue lost to fraud is more important than ever. But how does the new policy work and what do merchants need to know as they prepare for it to take effect?

Read our Q&A with Kevin Lee, VP of Trust and Safety at Sift, as he explains the new Visa compelling evidence updates and what it means for merchants.

What is Visa Compelling Evidence 3.0?

Visa’s Compelling Evidence 3.0 (CE 3.0) policy is an updated set of guidelines that merchants, acquirers, and issuers can use to more successfully prove that a chargeback was fraudulent. The new rules expand the list of compelling evidence that can be submitted, allowing merchants to build a stronger case for themselves and reduce the money lost to illegitimate chargebacks. These compelling evidence rules require merchants to demonstrate a pattern of previous, non-disputed purchases by the cardholder, proving that the disputed transaction in question isn’t the result of third-party fraud.

What is triggering this change?

Visa’s new policy is a response to a troubling spike in chargeback rates, which are having a more costly impact on merchants than ever before. Recent Sift data revealed that overall disputes jumped by 35% in 2022, compared to the previous year, with the value of the average dispute also rising by 16%. And with 30-80% of all chargebacks estimated to be the result of first-party fraud, the need to reign in fraudulent disputes is crucial.

The goal of Visa’s updated guidelines is to make it more difficult for fraudsters to succeed by allowing merchants to win more of these illegitimate disputes and reduce the number of chargebacks they receive.

How can you meet compelling evidence requirements?

Under the CE 3.0 policy, merchants must provide evidence of previous legitimate transactions, over 120 days old, for the same payment card, that have not been disputed or flagged as fraudulent. The transactions must include any two of the following details: IP address, device ID or device fingerprint, shipping address, or user account. However one of those two details must be either an IP address or device ID or device fingerprint.

Being able to provide the required information, however, will depend on the tools and technology merchants have available. Having a strong fraud prevention strategy and robust fraud platform in place that allows risk teams to run transaction history, view data points like IP addresses and device IDs, and flag unusual user behavior, will be essential for businesses that want to submit compelling evidence easily and quickly resolve their disputes. 

What challenges may merchants face as a result of the new rules?

While Visa’s new policy is meant to reduce the revenue lost unnecessarily to first-party fraud, the new guidelines may pose some challenges to merchants, especially for smaller or medium-sized businesses and/or those working with reduced teams and resources. 

Some of the these challenges may include: 

• Higher workload. Merchants will need to gather more evidence to support their claims, which will take more time and employee resources.
• New technology needs. To access the required data that compelling evidence requires,  merchants may need to invest in fraud detection and prevention systems.
• More delays. The chargeback process may take longer while merchants gather the necessary evidence.
• Increased frustration. Merchants may be frustrated by the new rules, as they may not have the capacity to dispute all chargebacks they believe to be fraudulent. 

More stringent and involved evidence requirements may be challenging and time-consuming to gather, especially since response times will not increase. This means merchants who have automated systems will have a significant advantage over those who rely on manual review. What’s more, businesses that currently don’t collect and store information such as IP address and device ID will find it difficult to provide the necessary evidence. The MRC 2023 Global Payments and Fraud Report found that only 31% of merchants use ‘device-based’ results as part of their fraud-detection tools. 

And finally, merchants using a subscription model may benefit more from Visa’s changes, compared to those that rely on more one-time purchases, since finding matching transactions for subscription models is much easier. 

What are the long-term pros and cons?

Ultimately, the new rules should reduce both the number of chargebacks merchants receive as well as the associated losses due to fraudulent disputes. While these new rules should have a positive impact on larger merchants, others may find the requirements burdensome and difficult to meet. This may especially be true for resource-strapped businesses or smaller merchants, who may lack the staff, technology, time, or access to appropriate data to effectively prove fraudulent disputes.

How does Sift support compelling evidence? 

Fortunately for Sift customers, the data required for CE 3.0 can easily be found within the Sift Console. Below are just a few examples of compelling evidence information that Sift’s Digital Trust & Safety Platform can provide: 

• Previous transaction history. Sift customers can find previous transactions that use the same payment card, are more than 120 days old, and have never been disputed or flagged as fraudulent.
• Core transaction data elements. Merchants can find the following core transaction data elements (user account, IP address, shipping address, and device ID) that match across the two previous transactions and the disputed transaction.
• Device ID or device fingerprint. Merchants can identify one of the two required matching data elements, which must be either IP address or device ID.

Ultimately, Visa’s CE 3.0 rules will help merchants only if they’re used as part of a comprehensive fraud prevention and dispute management strategy. For example, using Sift’s intelligent automation and machine learning capabilities can help risk teams identify the highest-value chargebacks, and prioritize the disputes they’re likely to win. Additionally, machine learning algorithms, informed by a vast global data network, are capable of analyzing thousands of different signals to determine the risk of a given transaction. This AI-powered approach not only saves time, but also empowers merchants to stop fraudulent transactions even before they happen, ultimately reducing the number of fraudulent chargebacks overall.

Learn more about disputes and first-party fraud.