You did everything right. The product shipped. The service was delivered. The transaction was completely legitimate. And then the chargeback comes in anyway. That's friendly fraud, and it's one of the most frustrating problems merchants face today. The good news: Visa CE3.0 and Mastercard's First-Party Trust (FPT) program were built specifically to fix this. These two card network frameworks give you a real, structured path to shift dispute liability away from your business and stop chargebacks before they drain your revenue.
What Friendly Fraud Is Really Costing Merchants
Friendly fraud, also called first-party misuse, happens when a cardholder disputes a legitimate transaction, sometimes intentionally, sometimes out of confusion. Either way, you're the one who loses the revenue, pays the chargeback fee, and absorbs the hit to your dispute ratio. Do that enough times and you're looking at card network monitoring programs, higher processing costs, or restrictions on your merchant account.
According to Mastercard's 2025 State of Chargebacks report, the global cost of chargebacks to merchants is projected to reach $42 billion by 2028, with nearly half of those transactions being reported as fraudulent. For digital businesses, Mastercard's own research found that roughly 75% of the fraud they experience is first-party misuse. The traditional dispute process wasn't set up to protect merchants from this. CE3.0 and FPT are changing that.
How Visa CE3.0 Works for Chargeback Deflection
Visa Compelling Evidence 3.0 (CE3.0) is a rules-based framework for contesting disputes filed under Visa Reason Code 10.4, which covers fraud in card-not-present environments. The premise: if you can show that a disputed transaction shares key data points with two previous, non-fraudulent purchases from the same cardholder, Visa shifts liability to the issuer, guaranteed.
For those prior transactions to qualify:
- They must be between 120 and 365 days old at the time of the dispute
- They must have no active fraud report or fraud dispute on record
- At least two core data elements must match across all three transactions: IP address, device ID/fingerprint, user ID, or shipping address
- One of those two matching elements must be either the IP address or the device ID/fingerprint
When you meet those criteria before a chargeback is filed, the dispute is blocked entirely through Verifi's Order Insight. Your dispute ratio and fraud ratio both stay clean. If you meet the criteria after the chargeback has been filed, you go through representment via Visa Resolve Online (VROL). The chargeback is reversed and won't count against your fraud ratio, though it does still appear in your dispute ratio.
CE3.0 became effective in April 2023 and has since become a critical tool for online merchants dealing with a high volume of card-not-present disputes.
Chargeblast Deflection handles CE3.0 compliance, so you don't have to connect your store and let the data do the work.
Mastercard's First-Party Trust Program, Explained
Mastercard's First-Party Trust (FPT) is the card network's answer to the same problem. Launched in the U.S. in October 2024 and now expanding to Canada, Latin America, the Caribbean, and Asia Pacific, FPT uses AI and enhanced transaction data to help issuers separate genuine third-party fraud from first-party misuse. Unlike CE3.0, which is strictly rules-based, FPT is reputation-based. The more consistently you share high-quality transaction data, the stronger your standing becomes in the dispute process.
FPT evaluates disputes based on three key verification factors:
- Device: Device fingerprint, hardware specs, and behavioral signals at the time of purchase
- Delivery: Shipping address, fulfillment confirmation, and delivery details
- Cardholder ID: Identity signals like login data, account history, and geographic location
Like CE3.0, FPT supports a liability shift when merchant data matches two prior undisputed transactions. Merchants can share this data at the time of the transaction or once a dispute is raised. Mastercard's AI processes it to make faster liability decisions, often without putting additional demands on your team.
CE3.0 vs. FPT: The Key Differences
Both programs are built on the same concept: a cardholder who has bought from you before without ever disputing anything doesn't have a very credible fraud claim. But there are meaningful differences worth knowing.
CE3.0 is outcome-guaranteed when criteria are met. FPT relies on the quality and consistency of your data over time, with Mastercard's AI weighing that data to influence dispute resolution. CE3.0 currently applies only to Visa Reason Code 10.4 disputes, while FPT covers Mastercard's first-party fraud categories. Both programs support pre-dispute chargeback deflection (before a chargeback is filed) and post-dispute representment after it's filed.
These aren't competing frameworks. If you process both Visa and Mastercard, you need both working together to close coverage gaps across your transaction volume.
Want coverage across both networks? Chargeblast Deflection integrates CE3.0 and FPT through a single connection.
What Data You Need to Have in Place
Neither CE3.0 nor FPT works without the right data being collected and stored consistently. Here's what you should be capturing for every transaction:
- Device ID or fingerprint
- IP address at the time of purchase
- Shipping address tied to the order
- Login or user ID associated with the account
- Order details, fulfillment status, and delivery confirmation
One thing worth flagging for CE3.0 specifically: the first six characters of your billing descriptor must be consistent across transactions. If they don't match between the disputed transaction and your historical ones, the evidence won't validate and you lose the protection CE3.0 would have provided.
Collecting this data is step one. Having it organized, accessible, and formatted to network specifications when a dispute triggers is the harder part, and where the right chargeback deflection infrastructure makes all the difference.
How Chargeblast Deflection Puts CE3.0 and FPT to Work
This is where it all comes together. Chargeblast's Deflection service is built to operationalize both CE3.0 and FPT for your business, without requiring you to manage two separate integrations, maintain custom data pipelines, or stay on top of every card network formatting update yourself.
Here's what Chargeblast Deflection does in practice:
- Connects to both Visa and Mastercard networks through a single integration, covering your full transaction volume across both card brands
- Stores and formats the right transaction data, device ID, IP address, shipping address, order details, in the structure that CE3.0 and FPT require
- Triggers deflection automatically when a qualifying dispute comes in, submitting your historical transaction data to the right network before a chargeback is filed
- Protects your dispute and fraud ratios by catching eligible chargebacks at the pre-dispute stage, where they don't count against you at all
- Scales with your volume, whether you're processing hundreds or hundreds of thousands of transactions a month
Without a system like this in place, even merchants with clean transaction data often miss deflection opportunities, simply because the data isn't being submitted on time or in the right format. CE3.0 and FPT are powerful frameworks, but they only work when your infrastructure is set up to use them.
Book a demo with Chargeblast and see how Deflection works for your specific transaction mix.
CE3.0 and FPT: Your Strongest Defense Against Friendly Fraud
Friendly fraud isn't going away. With chargeback costs on track to keep climbing, Visa CE3.0 and Mastercard's First-Party Trust program give merchants something they haven't had before: a structured, data-backed way to shift liability and stop losing money on disputes you know are wrong. The liability shift alone changes the math on dispute management, but it only works if your transaction data is being collected, stored, and submitted correctly every time.
Getting set up for both CE3.0 and FPT takes the right infrastructure. Chargeblast Deflection gives you exactly that.
FAQ: CE3.0 and Chargeback Deflection
Does CE3.0 apply to all Visa chargebacks?
No. CE3.0 only applies to disputes filed under Visa Reason Code 10.4, which covers card-not-present fraud like unauthorized online transactions.
What's the difference between a pre-dispute and post-dispute CE3.0 outcome?
Pre-dispute (through Order Insight), the chargeback is blocked and doesn't touch your dispute or fraud ratios. Post-dispute (through VROL), the chargeback is reversed but still counts toward your dispute ratio.
Can I use CE3.0 for a first-time customer?
No. CE3.0 requires historical transaction data, so it won't apply if the cardholder has no prior qualifying purchases with your business.
How is Mastercard FPT different from CE3.0?
CE3.0 is rules-based with a guaranteed outcome when criteria are met. FPT is reputation-based, where Mastercard's AI evaluates the quality and consistency of your historical data to influence dispute resolution.
Do I need separate integrations for CE3.0 and FPT?
Not with the right partner. Chargeblast Deflection covers both Visa and Mastercard through one connection, so you're not managing two separate setups.
Your Transaction Data Should Be Protecting You
Every day without CE3.0 and FPT coverage is a day your transaction data is sitting unused while preventable chargebacks come through. Chargeblast Deflection turns that data into a live defense system, automatically matching dispute signals to your historical transactions and submitting the right evidence to the right network at the right time.
Explore Chargeblast Deflection or book a demo below to find out more.
