If you sell to consumers, it’s time to get serious about Visa’s Compelling Evidence 3.0 (CE3.0). Visa® is launching the CE3.0 program in April 2023 with the goal of helping their payment ecosystem reduce the volume and cost of investigating friendly fraud. While this may help their ecosystem overall, it can introduce new challenges for you. Moving forward, it will be imperative to collect and maintain the required types of evidence to meet the new rule. At the same time, you should prioritize fraud prevention and identity assurance over after-the-fact investigation to protect your business from excessive chargebacks in the first place.
Under CE3.0, if a merchant can provide compelling evidence of a fraudulent chargeback in the form of certain required data points, the liability of a disputed transaction shifts to the card issuer. The purpose of CE3.0 is to establish a clear link between the merchant and cardholder, providing assurance the disputed transaction was made by the cardholder and not an unauthorized party. These changes will likely have a significant effect on how merchants fight friendly fraud.
Stolen credit cards are a real problem, and when consumers realize they’ve been victimized by a third party, their card issuer is often the first stop to report illegitimate transactions. Friendly fraud, or first-party fraud, on the other hand, results from a consumer raising a dispute to their bank for legitimate transactions on their card. Given the rise of digital commerce during the pandemic, it’s not surprising suspected instances of friendly fraud grew 54% between 2019 and 2021, according to TransUnion’s 2022 Global Digital Fraud Trends Report.
Aside from individuals purposefully and opportunistically disputing a charge to avoid payment, friendly fraud chargebacks can also result from consumer confusion: Consumers may refute charges for auto-renewal subscriptions they’ve simply forgotten; or parents may refute unrecognized charges that are in fact from their children who’ve been granted access and given approval to use their cards.
Since none of these purchases are considered unauthorized by the card issuer, chargebacks (and associated costs) become the responsibility of the merchant. If the charges are a result of friendly fraud, the merchant must show — via compelling evidence — the customer made a similar purchase previously and didn’t report it as fraudulent, shifting the liability back to the card issuer.
Merchants are expected to pay over $100 billion in chargebacks in 2023, according to Merchant Fraud Journal’s, Chargebacks Consumer Survey Report 2022. But, it’s not just the value of the merchandise or service associated with the disputed charge that hits your bottom line. A recent study by JUSTT, The Hidden Cost of Chargebacks, estimates that for every $100 lost as a chargeback, the actual price tag for a merchant is $240. This additional cost includes standard chargeback fees, customer acquisition costs, shipping expenses, processing fees, labor expenses, operational expenses and reputational expenses. And while CE3.0 may provide a path to more expedient dispute resolution, you may struggle to meet the new evidence requirements.
Currently, if a Visa cardholder raises a chargeback with their card issuer and claims they didn’t authorize a transaction in a card-not-present (CNP) environment, you’re typically liable. With CE3.0, if you can provide compelling evidence in the form of certain required data points, the chargeback liability is shifted to the card issuer.
To dispute a chargeback transaction under the CE3.0 rule, you must be able to provide records of two previous transactions that meet the following criteria:
Profile of previous transactions
Two of the core transaction data elements (One of the two matching data elements must be either IP address or device ID)
CE3.0 can pose a noteworthy challenge for you to win a legitimate liability dispute with the card issuer for a couple of reasons. First, it appears to ignore new customers and/or users who do not have a transactional history. Many transactions resulting in chargebacks arise from first-time users or guest accounts and will not have the transaction history required for Visa’s compelling evidence. Second, it may be difficult to access required evidence data that’s over 120 days old — particularly if a device fingerprinting solution isn’t already in place.
Adopting a fraud prevention and identity assurance strategy that incorporates device history and reputation is key and can better ensure you have the data points needed to more effectively provide compelling evidence. Further, ensure your digital identity proofing solution holds onto device data long enough. For instance, because transactions are required to be more than 120 days old to be used for compelling evidence, it’s imperative data be tracked and stored for sufficient periods of time. When you store this data, you can be more confident you have the necessary data points — and transaction history — to provide compelling evidence.
Rather than focusing on providing compelling evidence, shift your focus to preventing first-party fraud in the first place. Using a robust digital fraud detection strategy can help reduce transactions resulting in chargebacks.
Since providing compelling evidence for fraudulent transactions for new or guest users with little to no history likely poses a challenge under CE3.0, it’s important to focus your risk reduction efforts on these very users.
Many merchants are moving toward encouraging account creation for new customers, as this provides a prime opportunity to vet these users via a digital identity proofing strategy, reducing risky users and transactions. Further, this capitalizes on your marketing teams’ desire to better understand your customer. As users create new accounts, your customer base grows, giving you a greater base for both promotions and marketing. It’s a win-win: You better protect your business from undue risk while gathering key customer data to be leveraged for future promotions and campaigns.
Account creation and check out can be better protected through a fraud prevention and identity assurance strategy rooted in Device Proofing — providing key insights into device history, device reputation, device-to-identity linkages and user behavior — giving your business what it needs to sort through risky users and behavior without imposing undue friction on good customers.
As Visa’s Compelling Evidence 3.0 goes into effect, you must ensure you’re tracking and storing necessary data points to be used to provide compelling evidence. And while it’s difficult to predict friendly fraud, strengthening your overall fraud prevention strategy will improve the customer experience for good customers and better set your business up for success.