Most of the dispute machinery we have covered so far assumes a clean fact pattern: a real victim, a real bad actor, and a transaction that should be reversed. First-party misuse breaks that assumption. Here the cardholder who files the dispute is the same person who authorized the purchase, and the network rails treat their claim as credible until a merchant proves otherwise.
This is not a fraud-tooling problem. It is a problem with the dispute mechanism itself, because the protections built to shield consumers from third-party fraud are the exact protections a dishonest consumer uses as cover.
Why the system tilts toward the cardholder
The four-party model puts the issuer in the role of consumer advocate. When a cardholder calls and says "I did not make this charge," the issuer's default move is to side with its customer, debit the acquirer, and pass the loss to the merchant. That reflex is correct for genuine third-party fraud and dangerous when the claim is false.
The structural problem is information asymmetry. The issuer sees a card number, an amount, and a cardholder assertion. It does not see the login session, the device, the delivery confirmation, or the prior order history. So a fraud-coded dispute lands on the merchant before anyone has examined whether fraud actually occurred.
First-party misuse is the only dispute category where the person making the claim and the person who has to be proven wrong are one and the same.
Networks have started to separate the two cases. Visa's Compelling Evidence 3.0 framework and supporting guidance for reason code 10.4 (Other Fraud, Card-Absent Environment) now explicitly address first-party misuse, acknowledging that a large share of card-absent fraud claims are not third-party fraud at all.
Naming the thing precisely
The terms get used loosely, so it helps to be exact.
Friendly fraud versus first-party misuse
"Friendly fraud" is the older, softer term. It covers honest mistakes: a cardholder who does not recognize a billing descriptor, or who disputes a purchase a family member made on a shared device. Intent is absent or accidental.
"First-party misuse" is the network's preferred framing because it is neutral on intent and covers the deliberate case too: the cardholder who received the goods, kept them, and filed a fraud claim to get the money back. From the merchant's side, both produce the same chargeback. From a defense standpoint, the difference matters, because the evidence that resolves an honest mistake is the same evidence that exposes a deliberate one.
How big the problem is
The estimates vary widely because measurement methods differ, and we should be skeptical of the highest figures, which often come from vendors selling prevention tools. Mastercard and Javelin research put first-party fraud at roughly 20 percent of all disputes, while other industry surveys claim 45 percent or more of chargebacks involve friendly fraud. The honest read is that it is a material and growing share, not a precisely known one.
A worked example
Walk a single transaction through the rails to see where the leverage sits.
A cardholder buys a $240 pair of headphones from an online retailer. They log in with their saved account, the order ships to their home address on file, and a carrier confirms delivery. Six weeks later the same cardholder files a dispute under reason code 10.4, claiming they never made the purchase.
The issuer, seeing only a fraud assertion, debits the acquirer and credits the cardholder. The merchant now has a chargeback and a $240 hole, plus a chargeback fee, despite having done everything right.
The merchant's defense is not a fraud argument. It is a continuity-of-identity argument: the same login, the same device fingerprint, the same shipping address, and ideally two prior undisputed orders from the same account. That bundle does not prove the cardholder is lying. It proves the transaction belongs to the cardholder's established pattern, which forces the issuer to stop treating the claim as third-party fraud.
The mechanism is starting to fight back
For years the only counter to first-party misuse was representment, covered in the prior modules, which is reactive and lands after the merchant has already taken the loss. The newer tools move the contest earlier, into the transaction and pre-dispute stages.
Visa Compelling Evidence 3.0
Visa's Compelling Evidence 3.0, introduced in April 2023, applies specifically to reason code 10.4 disputes. It lets a merchant pre-empt a fraud chargeback by showing two prior undisputed transactions from the same cardholder, dated between 120 and 365 days before the disputed one, that share data elements such as the customer login ID, device ID, IP address, or delivery address.
When the evidence qualifies, liability shifts to the issuer and the dispute cannot even be entered as a chargeback in the first place. The mechanism moves the fight from after-the-fact argument to before-the-fact qualification.
Mastercard First-Party Trust
Mastercard's First-Party Trust program, which began as a 2023 pilot in the US, Canada, and Brazil and expanded across additional regions in 2025, attacks the same information asymmetry. It lets merchants share enhanced data across three categories: a device signal, a delivery factor such as shipping address, email, or phone, and an identity factor such as account login or ID, either at authorization or at the point a dispute is raised.
The point is to hand the issuer the context it never had. With device and identity signals in front of it, the issuer can separate genuine third-party fraud from a cardholder who simply changed their mind, before the chargeback reflex fires.
Where this sits in the system
First-party misuse is the case the four-party model handles worst, because the protections that work for victims are the same protections that shelter the dishonest. The fix is not to weaken consumer protection. It is to give the issuer enough transaction context to tell the two cases apart.
That reframes the merchant's job. The win is not arguing harder after the chargeback. It is capturing and surfacing identity continuity early, so the dispute either never qualifies as fraud or carries its own rebuttal from the moment it is filed. The closing takeaway: in first-party misuse, your strongest evidence is not proof of fraud, it is proof of pattern.