Visa Compelling Evidence 3.0: What It Is and How to Use It
Visa CE 3.0 lets merchants shift liability on friendly fraud disputes by proving prior transaction history. It is one of the most powerful tools for subscription businesses fighting unauthorized transaction claims.
Contents
Visa Compelling Evidence 3.0 (CE 3.0) is Visa's standardized method for merchants to prove a disputed transaction is legitimate by demonstrating consistent prior transaction history from the same cardholder. When implemented correctly, CE 3.0 shifts liability from the merchant back to the issuer and prevents the dispute from being upheld.
CE 3.0 launched in April 2023. Major enhancements went live in October 2025. It is now enforced globally throughout 2026 and has become the primary tool for subscription businesses fighting friendly fraud disputes on Visa cards.
What CE 3.0 does
Under standard dispute rules, a cardholder who claims a transaction was unauthorized triggers an automatic liability shift to the merchant unless the merchant can prove otherwise. The burden of proof is on the merchant.
CE 3.0 changes the dynamic. If a merchant can demonstrate that the cardholder made at least two prior undisputed transactions in the 120 to 365 day window before the dispute, with matching IP addresses or device identifiers, the merchant can challenge the cardholder's claim of non-authorization at the network level. The issuer is then required to re-evaluate the claim against the merchant's evidence before upholding the dispute.
The practical effect: disputes that would have been automatic merchant losses under standard rules become winnable with CE 3.0 evidence.
The qualifying conditions
To use CE 3.0, the merchant must demonstrate:
At least two prior undisputed transactions on the same card, within the 120 to 365 day window before the dispute date.
Matching IP address or device ID between those prior transactions and the disputed transaction. The matching element proves the same device and network environment was used, establishing that the cardholder was the person making the purchases.
The disputed transaction is a Visa card-not-present transaction under Reason Code 10.4 (other fraud: card-absent environment).
Why CE 3.0 is structurally good for subscriptions
Subscription businesses are ideally positioned for CE 3.0. A customer on a monthly plan has multiple prior charges in the qualifying window by definition. The challenge is capturing and retaining the matching evidence: IP address and device ID at the time of each transaction.
Businesses that log IP addresses and device identifiers at checkout and at subsequent logins can typically qualify most long-term subscription disputes for CE 3.0. The rate-limiting factor is evidence quality, not the number of prior transactions.
The most common reason subscription businesses lose CE 3.0 cases is inconsistent billing descriptor across billing cycles (which undermines the prior transaction matching) and missing or inconsistent device ID capture at signup and login.
How Stripe handles CE 3.0
Stripe automatically identifies disputes eligible under CE 3.0 rules and adds supporting evidence for those transactions. This covers the basic CE 3.0 matching for transactions where Stripe has the required data.
For disputes where Stripe's automation adds CE 3.0 evidence, the counter fee introduced in June 2025 (charged when you contest a dispute, refunded if you win) does not apply under Smart Disputes terms.
For disputes requiring additional application-level evidence (login timestamps, feature usage logs), you supplement Stripe's automatic evidence with your own submission. What to include and where to find it depends on the reason code.
What to capture to qualify for CE 3.0
If you are not already capturing the following, add it before your next billing cycle:
IP address at checkout and at each login event. Store this against the customer's account and payment method, not just the transaction.
Device identifier or user agent at checkout. A fingerprint that persists across sessions is stronger than a user agent string that changes with browser updates.
Transaction timestamps correlated to IP and device. The matching requirement needs timestamps that place the same device at both the prior undisputed transactions and the disputed one.
- What is Visa Compelling Evidence 3.0?
- A Visa framework that allows merchants to shift liability on friendly fraud disputes by demonstrating two prior undisputed transactions in the 120 to 365 day window with matching IP addresses or device IDs.
- Which dispute reason code does CE 3.0 apply to?
- Visa Reason Code 10.4 (other fraud: card-absent environment), which covers most unauthorized transaction claims on card-not-present transactions.
- Does CE 3.0 work for subscription businesses?
- Yes, structurally well. Any subscription customer who has been on a paid plan for several months likely qualifies. The requirement is evidence quality, not the number of prior transactions.
- Does Stripe automatically apply CE 3.0?
- Stripe automatically identifies eligible disputes and adds supporting evidence through Smart Disputes. For disputes requiring application-level evidence like login timestamps, you supplement Stripe's evidence with your own submission.
- What data do I need to capture to qualify for CE 3.0?
- IP address and device identifier at checkout and at each login event, correlated to the transaction timestamp. This data needs to be captured and stored consistently to be usable in CE 3.0 evidence packages.
