Most of the dispute mechanism treats every transaction as if the network has never seen the cardholder before. The acquirer defends a single charge in isolation, the issuer adjudicates it on its own merits, and the burden sits with the merchant to prove a stranger is not a stranger. Compelling Evidence 3.0 breaks that pattern. It lets the system reach into transaction history and use a record of prior, undisputed activity to move liability back to the issuer, and it does so on a data-match test rather than a human judgment call.
This is the part of the four-party model where the rails start to look like a database join. Understanding how that join works, and where it fires, is the difference between a defense that argues and a defense that qualifies.
What CE 3.0 actually changed
Visa launched Compelling Evidence 3.0 effective April 15, 2023. It applies to one place: disputes raised under reason code 10.4, fraud in the card-absent environment. That narrow scope matters. CE 3.0 is not a general representment upgrade. It is a structured remedy for the specific case where a cardholder claims a card-not-present charge was fraud, and the merchant can show the same person transacted with them before without complaint.
The older "compelling evidence" rules let a merchant submit free-form proof: receipts, delivery confirmation, login records, a signed terms page. Issuers weighed it however they liked, and outcomes were inconsistent. CE 3.0 replaces argument with a qualification test. Meet the data criteria and liability shifts to the issuer regardless of the issuer's ultimate decision on the merits. The issuer can still believe the cardholder, but it eats the loss.
The qualification test
To qualify, the merchant must produce records of at least two prior transactions with the same cardholder credentials that were undisputed and not validation charges. Those prior transactions must be between 120 and 365 days old as of the dispute date. The lower bound is deliberate: a transaction less than 120 days old could itself still be disputed, so it does not count as a clean history.
Then the matching test. Across all three transactions, the two priors and the disputed one, the merchant must match either two main elements, or one main element plus one secondary element. The main elements are customer IP address and device ID or fingerprint. The secondary elements are shipping address and customer account (login) ID. Email, while accepted under the older free-form rules, is not a CE 3.0 qualifying match element. The hard rule inside this: one of the matched elements must be the IP address or the device ID. Device fingerprint and device ID cannot be combined to satisfy the pair on their own.
The logic is that IP and device identity are expensive to spoof consistently across a year of activity. A matching shipping address proves goods went somewhere; a matching device proves the same machine keeps showing up. The network treats the second as the stronger signal, which is why it anchors the test.
The pre-dispute path is where this gets interesting
CE 3.0 has two delivery routes, and they sit on opposite sides of the dispute line.
The post-dispute route is the familiar one. A 10.4 chargeback is filed, the merchant represents through Visa Resolve Online with the qualifying CE 3.0 data attached, and if it matches, liability moves back to the issuer.
The pre-dispute route runs through Order Insight, the Verifi-operated data exchange that sits inside the issuer's dispute-intake and call-center flow. When a cardholder questions a charge, the issuer can pull merchant data in real time before a chargeback is ever raised. If the merchant supplies CE 3.0 qualifying data at that moment, Visa treats it as a liability shift to the issuer at the pre-dispute stage, and the dispute is deflected rather than filed.
That distinction is not cosmetic. A dispute deflected before it becomes a chargeback never enters the merchant's dispute ratio, which is the count that drives network monitoring programs. The post-dispute win recovers the money; the pre-dispute deflection recovers the money and keeps the ratio clean.
Mastercard's parallel mechanism
Mastercard does not use the CE 3.0 name, but the system-level idea, resolve before the chargeback exists, runs through its own pre-dispute layer. The Collaboration stage inside Mastercom, introduced in 2022, and Ethoca Alerts both notify the merchant when an issuer receives a cardholder complaint, before a formal dispute is raised. The merchant gets a short window, often around 72 hours for a Collaboration response, to accept liability and refund, deflecting the chargeback. The plumbing differs, but the principle is the same: give the merchant a chance to act on historical or transaction context at the pre-dispute stage rather than fight a filed case.
A worked example
A subscription retailer ships a $90 order on June 1, 2026. The cardholder files a 10.4 fraud claim.
The merchant pulls the account's history. Two prior shipments, one on August 12, 2025 and one on November 3, 2025, were paid and never disputed. Both are inside the 120-to-365-day window as of the dispute date. On all three orders, the customer IP resolves to the same address and the device fingerprint matches. That satisfies the test twice over: two main elements match, and one of them is IP.
If the merchant submits this through Order Insight when the issuer's system queries the charge, the dispute is deflected at the pre-dispute stage and never hits the ratio. If the cardholder has already crossed into a filed chargeback, the same data goes through Visa Resolve Online as representment, and liability shifts to the issuer on the match alone. The issuer can still refund the cardholder out of goodwill, but the loss is now theirs.
Note what does not work. If the only prior shipment is 90 days old, there is no qualifying history. If the matched elements are shipping address plus customer account ID and nothing else, the case fails because neither anchor element, IP or device ID, is present. The test is mechanical, and partial matches lose.
The takeaway
CE 3.0 is the clearest example of the dispute system rewarding instrumentation over argument. The merchants that win under it are the ones already capturing IP, device identity, and account linkage on every transaction and retaining it for at least a year, so the historical match is available the moment a 10.4 fires. The liability shift is real and it is automatic, but only for data you collected long before the dispute arrived. Build the data trail first; the rule does the rest.