Visa Compelling Evidence 3.0: What Shopify Merchants Actually Need to Win

CE 3.0 rewards transaction patterns, not just transaction data

Visa's Compelling Evidence 3.0 framework is specifically designed for friendly fraud disputes — cases where the cardholder made the purchase and is now denying it. The framework shifts the burden of proof by letting merchants present prior undisputed transactions from the same cardholder as evidence of established purchase behavior. That's the structural advantage CE 3.0 offers. But it only activates if the historical pattern is actually there and documented.

Inside Shopify Admin, the path starts at Orders > Order Details and then Customer Profile. Pull the cardholder's full purchase history before you build anything else. CE 3.0 requires at least two prior undisputed transactions with matching cardholder data — same card, same device or IP, within a defined lookback window (confirm the exact window with your processor, as Visa's published guidance and acquirer implementation can differ). If those prior transactions don't exist in your records, CE 3.0 doesn't apply to this dispute. Stop there and reassess whether the case is worth fighting.

If the pattern does exist, document it explicitly. Issuers need to see consistent transaction behavior — similar product categories, similar order values, same shipping address — to validate the claim that this cardholder has bought from you before without issue. Three similar orders in the past six months is a meaningful pattern. One order two years ago is not.

What the evidence package proves — and what it doesn't

AVS 'Y' is the most commonly over-relied-on data point in CE 3.0 submissions. It confirms the billing address provided at checkout matched the issuer's file. That's useful context, but issuers are explicit: AVS does not confirm the cardholder physically received the product. It confirms billing data alignment, nothing more. Visa and Mastercard may weigh AVS differently depending on processor routing, so confirm with your processor how much weight it carries in your specific dispute path.

Delivery confirmation has the same ceiling. Tracking marked delivered proves the package reached the shipping address — it does not prove the cardholder was the one who received it. Issuers routinely counter with theft or misdelivery arguments, and without a signature or cardholder acknowledgment, that counter lands. Position delivery confirmation alongside customer communications: order confirmation emails opened by the cardholder, post-purchase support interactions, or any documented exchange that places the cardholder in contact with the order after fulfillment.

The frequent-buyer pattern is CE 3.0's strongest differentiator, but it's not self-executing. Issuers can argue that a consistent purchase pattern is consistent with account takeover — a fraudster replicating prior behavior. Counter that by pairing the pattern with cardholder recognition signals: email confirmations sent to and opened from the cardholder's address, login activity on a customer account, or device fingerprint consistency across orders. The pattern supports legitimacy; the recognition signals make it hard to dismiss.

A $450 dispute where the evidence looked complete and the case was still vulnerable

A fashion retailer with a $150 average order value receives a chargeback on a $450 order — three items, one transaction. The customer placed the order with full AVS match and CVV verification. The order was fulfilled and shipped with carrier tracking to the billing address, and delivery was confirmed. The merchant pulls the customer profile in Shopify Admin and finds three similar orders placed over the prior six months, all undisputed. On paper, this looks like a strong CE 3.0 submission.

The merchant submits: AVS match (Y), CVV match, delivery confirmation with tracking number, and a transaction history showing three prior purchases. The dispute response goes in on time. The issuer rules for the cardholder.

The vulnerability was visible before submission. Delivery confirmation showed the package reached the address — but there was no signature, no post-delivery customer communication, and no record of the cardholder acknowledging the order after it shipped. The customer's claim was unauthorized transaction. The merchant's evidence showed the billing data matched and the package arrived. Neither of those facts directly contradicts an unauthorized transaction claim. The transaction history was the strongest element, but without cardholder recognition evidence layered on top, the issuer had room to side with the cardholder.

The better response would have included email confirmation open data, any post-purchase support contact, or — if available — a customer account login tied to the order. Shopify Admin > Orders > Customer Profile and the Notes section both surface interaction history that merchants routinely leave out of dispute packages. If the customer emailed about shipping timing or left a review, that's cardholder acknowledgment. It belongs in the submission.

Check Shopify Admin > Orders > Notes before finalizing any CE 3.0 package. Internal observations logged at the time of the order — unusual shipping requests, customer service contacts, anything that places the cardholder in active communication with the transaction — can close the gap that AVS and tracking alone leave open.

Decision lesson: This case was fightable with cardholder recognition evidence. It was weak without it. AVS plus delivery confirmation is a floor, not a ceiling. CE 3.0 disputes that rely only on those two data points lose at a higher rate than merchants expect.

Before you submit: what to verify in Shopify Admin

Check the dispute status and response deadline inside Shopify Admin > Payments > Disputes first. Missing the deadline forfeits the case regardless of evidence quality. Confirm whether Shopify Protect is active on the order — if the order shows PROTECTED status, Shopify may cover the dispute liability directly; verify this before spending time building a response package.

Confirm the dispute reason code. CE 3.0 applies to specific Visa reason codes tied to fraud and unauthorized transaction claims — it does not apply to all dispute types. If the reason code is service-related or non-receipt, CE 3.0 is the wrong framework entirely.

Then work through the evidence match: pull Order Details for AVS and CVV results, Fulfillment for tracking and delivery status, Customer Profile for purchase history and communication logs, and Notes for any internal observations. Verify that the delivery proof actually places the cardholder in receipt — not just that the package arrived. If you're missing cardholder recognition evidence, assess whether the case is strong enough to fight or whether accepting the chargeback is the better financial decision. Shopify Payments may handle evidence submission differently than third-party gateways — confirm the exact submission path and file format requirements with your processor before uploading. DisputeDesk's pack assembly handles evidence organization and formatting against CE 3.0 structure; merchants still own the accuracy and completeness of the underlying data pulled from Shopify Admin.