How Visa’s Updated Compelling Evidence Rule Impacts Community Banks

This year, April 15 signifies more than Tax Day: it’s also the day that Visa’s Compelling Evidence Rule 3.0 (CE3.0) takes effect. To help combat friendly fraud—which can account for nearly 75 percent of all chargebacks—the revisions to the rule require merchants and card-issuing institutions to dive deeper into customer data to explore the veracity of fraud claims.

The Covid-19 pandemic accelerated a seismic shift towards digital money movement. Today, consumers are engaging in more digital payment transactions, and that growth has seen an increase in friendly fraud. According to a recent report from SIFT, of those consumers who have filed disputes, one in four admitted to participating in friendly fraud.

The Changes

To combat this trend, in June 2022, Visa announced updated dispute rules, giving merchants a framework to provide proof when disputing fraud claims. For card-not-present transactions (Dispute Condition 10.4: Fraud—Card-Absent Environment), merchants will need to provide evidence demonstrating that:

  • The same payment credential was used in two previous transactions, not reported as fraud activity, and were processed more than 120 calendar days before the dispute processing date (to be outside of the chargeback window).

  • The device ID, device fingerprint, or the IP address and an additional one or more of the following were used in both of the undisputed transactions and the disputed transaction(s):

    • Customer account/login ID

    • Delivery address

    • Device ID/device fingerprint

    • IP address

Similarly, for a cancelled recurring transaction (not to be used when the cardholder has cancelled the services/merchandise with the merchant), issuers will need to provide:

  • The date the cardholder withdrew permission

  • Details used to contact the merchant, such as an email address, telephone number or physical address

  • Details of the other form of payment provided to the merchant (if applicable)

The Impacts

  1. Data drives decisions. The revisions to the rule require merchants to provide transaction history that proves the cardholder participated in the purchase. Data can be shared via 3-D Secure, authentication, digital wallet and device-bound token provisioning, and Field 34, which carries additional cardholder authentication data in the authorization message.

  2. These changes will shift liability away from merchants. With this evolution, the burden of proof is on the merchant to provide the evidence, but the liability will fall to the issuer. If merchants can provide the evidence outlined, the customer claim will be denied. Because most claims come through the card issuer, the denial will have an impact on that card issuer/holder relationship.

  3. Investigation and call center procedures will need to be updated. Knowing that an increasing number of friendly fraud claims will require detailed evaluation, card-issuing institutions will need to have procedures in place that set forth standardized approaches and timeframes for response. In addition, call center procedures will need updating to ensure the representative collects the appropriate information to inform the dispute investigation.

Ultimately, every player in the payments ecosystem benefits when fraud is reduced. While these changes require new actions from merchants and issuers, they will create more efficiency, standardize the way data and evidence are accepted, and help address the growing impact of friendly fraud. Visaonline.com has additional information on Compelling Evidence 3.0 to help issuers prepare for these changes. Bankers can also go to icba.org/BancardRiskMitigation to access Visa’s recently released summary, “Compelling Evidence 3.0 Issuer Implementation Recommendations.”