CE3 continues to evolve. Most merchants still aren’t sure what it really does.
Visa’s Compelling Evidence 3.0 (CE3) has always stood out in payments.
Ask around and you’ll hear two very different views. CE3 is either one of Visa’s most promising dispute initiatives in years, or it’s a concept that sounds great on paper but hasn’t delivered meaningful results for most merchants.
The truth is somewhere in between.
Part of the confusion comes from the fact that CE3 is often discussed as if it’s a single solution when it’s really two related concepts.
First, it’s a broader data-sharing and trust framework that helps Visa and issuers evaluate customer behavior across transactions and merchants, with the effect of stopping a chargeback.
Second, it’s a representment framework that allows merchants to recover certain fraud disputes by establishing a ‘good’ history with a customer. For example, when a food delivery platform responds to a chargeback, they can list out the details of the customer’s past orders with the same metadata (delivery address, IP address, device ID, etc.).
The challenge many merchants face is collecting, connecting, normalizing, and retrieving historical customer data in a way that can produce a CE3 eligible dataset.
To satisfy CE3 requirements, whether pre-dispute or post-dispute, the merchant must demonstrate a trusting customer relationship. Visa needs to see two prior Visa transactions that occurred more than 120 days, but less than or equal to 365 days, before the disputed transaction and were not previously reported by the issuer as fraud.
To qualify for CE3, evidence can’t simply point to “repeat customer” history. Whether pre-dispute or post-dispute, CE3 requires product descriptions for each purchase and demonstrated continuity between the disputed transaction and the two previously undisputed transactions. To demonstrate continuity, CE3 evidence provided by the merchant for the two transactions must include:
- The device ID, device fingerprint, or the IP address of the customer, and
- Proof that one or more of the following match across both non-fraud transactions and the disputed transaction:
- User ID
- IP address
- Shipping address
- Device ID or device fingerprint
Visa’s upcoming October 2026 changes will expand CE3 into more complex multi-merchant and multi-credential environments, potentially making it applicable to a much wider range of use cases.
At the same time, merchants are facing growing pressure from Visa Acquirer Monitoring Program (VAMP) thresholds, rising dispute costs, and increased issuer scrutiny.
Which raises an important question:
Can CE3 actually help merchants reduce VAMP exposure, or is it still more promise than reality?
The timing here isn’t random. Before VAMP replaced VDMP and VFMP, most merchants saw CE3 as a niche tool. A few larger players used it, but for most merchants, CE3 requirements felt impossible to satisfy. Now, with Visa’s monitoring tightening around the dispute and fraud interplay, merchants are taking a second look at anything that might help reduce their VAMP risk. CE3 has gone from a technical footnote to a valuable potential solution. The catch is, some of the attention is for the wrong reasons.
The CE3 and VAMP Connection Is Often Oversimplified
As VAMP reshapes how merchants think about fraud and disputes, CE3 increasingly comes up in conversation as a potential solution.
The relationship is real, but often misunderstood.
CE3 isn’t a switch merchants can flip to instantly lower monitoring ratios.
For merchants facing VAMP pressure, the most useful question may not be:
“Can I use CE3?”
Instead, it may be:
“Do I have the operational conditions necessary for CE3 to create value?”\
For example, first-party misuse is rampant in travel, but if an OTA’s strategy optimizes for one-off bookings, rather than repeat travelers, it is not likely to have two previous undisputed transactions from a cardholder within the designated window. CE3 is unlikely to materially reduce the VAMP ratio. The technology resources are likely better put towards other tools like pre-dispute alerts, or the customer experience itself.
Why CE3 Adoption Has Been So Difficult
The lack of public CE3 success stories has led some merchants to conclude that the program simply doesn’t work.
That conclusion may be too simplistic.
Making CE3 work requires identity continuity, authentication data, transaction history, usable payment credential information, and operational visibility across multiple systems.
Many organizations simply aren’t structured that way.
Fraud tools, dispute teams, payment systems, customer service platforms, authentication providers, and CRM systems often operate independently from one another. Consider a common setup: a merchant runs Riskified or Signifyd for fraud screening and processes payments through Adyen or Stripe. The fraud platform is the system that actually holds the device fingerprints, IP addresses, and account identifiers from the customer’s prior purchases. That is exactly the data CE3 needs, but the problem is that this data sits in the fraud tool and isn’t shared with Visa without significant data engineering.
Even when internal systems are connected, the underlying data is often fragmented. Today’s on-the-go consumers often transact across multiple devices and IP addresses, so the prior transactions that would otherwise qualify no longer share the identifiers CE3 matches. CE3 quickly exposes those gaps. It can take significant technology resources (product, engineering, data) to connect, normalize, and share the data with Visa in a way that is usable. A strong business case is needed to secure these resources – and it’s often built around VAMP compliance.
October’s Changes May Expand Opportunity. They Won’t Eliminate Complexity.
Visa’s October 2026 update will introduce support for more complex multi-merchant and multi-credential scenarios.
For many merchants, this is the most significant CE3 development since the framework was introduced.
The changes may allow a broader range of transaction histories and customer relationships to qualify. Specifically, merchants will be permitted to look across all of their accounts with a given acquirer to find the two good transactions. For example, if the OTA from the prior example also offers subscriptions, some of those transactions could potentially be used to stop a chargeback on a one-off booking – even if they are processed on a separate MID.
However, broader eligibility does not automatically translate into successful adoption.
Multi-acquirer environments, fragmented customer data, credential management, identity continuity, and internal operational silos will continue to create challenges. For example, a merchant using several PSPs won’t get the same level of data depth for CE3 dispute responses as a merchant with multiple MIDs under a single acquirer, who can link customer behavior across different merchants on their platform.
In many cases, the October changes may actually expose data-quality and organizational readiness issues that were previously hidden.
The Real CE3 Question Merchants Should Be Asking
Many merchants are currently asking:
“How do we use CE3?”
A better question may be:
“What needs to be true before CE3 can realistically work for us?”
The merchants most likely to benefit from CE3 won’t necessarily be the ones with the best dispute templates.
They will be the merchants with strong identity continuity, connected operational systems, reliable customer data, and consistent trust signals across the customer lifecycle.
Visa’s October changes may make CE3 more accessible and more flexible.
Whether that translates into meaningful business value will depend less on the framework itself and more on the operational readiness of the merchants attempting to use it.