April 2026 Compelling Evidence 3.0 UpdateVisa’s April 2026 Update Lets Merchants Challenge All TC40 Fraud Reports — Even Ones Without a Chargeback

Why Merchants Using CE3.0 & Order Insights Might See Their VAMP Count & Ratio Drop Dramatically With This New Update

Everyone likes to focus on chargebacks, but did you know that under the Visa Acquirer Monitoring Program (or “VAMP”), chargebacks aren’t the only threat to your standing with Visa?

TC40 filings are the fraud reports that issuers submit when cardholders claim unauthorized transactions. Prior to VAMP, TC40s didn’t factor into your ratio if the transaction was refunded. Under VAMP, though, TC40s weren’t tracked as a separate metric, and a refund would NOT remove them, regardless whether or not a chargeback actually follows. Prior to VAMP adoption, TC40s didn’t count against your ratio if the transaction was refunded. Under VAMP, though, they aren’t considered a separate metric; a refund does NOT remove them from being counted.

Well, that’s all about to change.

Visa recently announced that Compelling Evidence 3.0 (CE3.0), the framework designed to combat first-party fraud, will expand to cover non-disputed fraud effective April 18, 2026. This means merchants will finally have a mechanism to push back against TC40 fraud reports that never escalated to chargebacks. In other words: you can now protect your dispute-to-transaction ratio from damage that you previously couldn’t prevent.

It's a significant development for any merchant dealing with friendly fraud, and it adds new value to pre-dispute tools like Order Insight. Here's what you need to know.

What is Non-Disputed Fraud?

To understand why this update matters, you first need to understand the difference between a TC40 and a TC15.

When a cardholder reports a transaction as fraudulent, their issuing bank files a TC40 report with Visa. This report documents the fraud claim and becomes part of the merchant’s fraud record. However, the issuer doesn’t always follow through by filing an actual chargeback (i.e. a TC15 report). In a surprising number of cases, the bank simply absorbs the loss and moves on.

These write-offs are actually a significant cost for issuers. So then, why would an issuer file a fraud report but skip the chargeback?

There are a few common scenarios. If the transaction was authenticated through 3D Secure (3DS), then liability would have shifted to the issuer, making a chargeback unwinnable. Then there are low-value transactions, where the cost of processing a chargeback under a certain dollar threshold exceeds the value of the transaction amount itself, so the issuer writes it off. In other cases, it's simply an operational efficiency decision; fraud reports are easier to file than chargebacks, so they don’t bother with the next step.

The result — a TC40 without a corresponding TC15 — is what we might call “non-disputed fraud.” The cardholder claimed fraud, the issuer documented it, but no formal dispute ever reached the merchant.

How Non-Disputed Fraud Can Still Hurt Merchants

Sounds good from the merchant’s standpoint, right? Well, here’s where things get frustrating.

Up until now, under Visa’s Acquirer Monitoring Program, your dispute-to-transaction ratio would have been calculated using both TC40 fraud reports and TC15 chargebacks. The formula looks like this:

VAMP Ratio = (TC40 Fraud Reports + TC15 Disputes) ÷ Total Settled Transactions

This means every TC40 counted against you, regardless of whether a chargeback follows. If an issuer files 100 fraud reports on your transactions, but only bothers to chargeback 40 of them, those other 60 TC40s would still hit your VAMP ratio. And, you had no mechanism to challenge them.

The problem is compounded by the rise in first-party chargeback misuse (also called friendly fraud). When a legitimate customer falsely claims fraud, the issuer may file a TC40 without pursuing a chargeback. The merchant takes the hit to their fraud ratio, but has no opportunity to prove the transaction was legitimate. Meanwhile, the cardholder faces no consequences, which teaches some that they can repeat this behavior over and over without repercussions.

How CE3.0 Expansion Addresses the Problem

Compelling Evidence 3.0 was introduced in April 2023 to help merchants fight back against first-party fraud. It allows merchants to establish a “historical footprint” by showing two previous undisputed transactions from the same cardholder, using matching data elements like device ID, IP address, shipping address, or user account ID. If the disputed transaction matches that pattern, Visa treats the fraud claim as invalid.

Learn more about Compelling Evidence 3.0

Previously, CE3.0 only triggered when there was an actual dispute filed. The fraud report alone wasn't enough; you needed that TC15 chargeback to invoke your CE3.0 rights. That changes, effective April 18, 2026.

Visa will allow merchants to apply CE3.0 criteria to TC40 fraud reports that don’t have a corresponding chargeback. If you can demonstrate that the transaction matches the cardholder’s established purchase history, you can get that TC40 excluded from your VAMP calculations.

This is big for several reasons. First, it gives merchants a proactive tool against first-party fraud that previously went unchallenged. Second, it protects VAMP ratios from being inflated by fraud reports that merchants couldn’t contest. Third, it sends a signal that Visa is taking first-party fraud seriously at every stage of the process, not just when disputes reach the chargeback phase.

What Does This Mean for Users of Order Insight?

Merchants enrolled in Verifi Order Insight already benefit from CE3.0 at the pre-dispute stage. When a cardholder contacts their bank about a transaction, Order Insight can provide the issuer with purchase details in real time. If CE3.0 criteria are met, the inquiry is closed before it ever becomes a chargeback. This can help resolve the inquiry before it progresses to a TC40 fraud report.

This new expansion adds another layer of protection. For transactions where a TC40 was filed without a corresponding dispute, Order Insight-enabled merchants will have a path to challenge that fraud report using the same CE3.0 framework. The result is a more comprehensive defense against first-party fraud across the entire lifecycle: pre-dispute deflection, post-dispute representment, and now non-disputed fraud remediation.

This update really strengthens the ROI case for using Order Insight. Now, you’re not just preventing chargebacks; you're protecting your fraud ratio, even in situations where chargebacks never materialize.

Limitations That Still Apply

While this update is a meaningful step forward, it doesn't solve every problem.

The 120-day requirement remains in place. To qualify for CE3.0, the two historical transactions you submit must be at least 120 days old, but no more than 365 days. This requirement exists to ensure those transactions are genuinely undisputed; the cardholder's window to file a fraud dispute has passed.

This timeframe doesn’t necessarily reflect how contemporary commerce works, though.

Digital goods are delivered instantly. Subscription services often see disputes within the first billing cycle. So, a cardholder engaging in first-party fraud can file a claim within days of purchase, long before a 120-day historical footprint can be established. For merchants dealing with first-time buyers, CE3.0 protection simply isn’t available.

Additionally, the same data collection requirements apply. You need to be capturing and retaining device IDs, IP addresses, shipping addresses, and user account identifiers. If you haven’t invested in necessary data infrastructure, you won’t be able to take advantage of CE3.0. It doesn’t matter if every single transaction you process is legitimate; without the necessary data, you won’t be able to prove anything.

Finally, Visa has indicated that a fee will be introduced for successful CE3.0 qualifications, effective around the same timeframe. Merchants should factor this into their cost-benefit analysis, too.

What You Should Do Now

Already enrolled in Order Insight and actively using CE3.0? Then this update provides additional value without requiring significant changes on your end. Your existing data collection and integration work will extend to cover non-disputed fraud once the rule takes effect.

If you haven’t implemented CE3.0 yet, now is the time to get on board.

Review your data collection practices to ensure you’re capturing the required elements (device fingerprints, IP addresses, user account IDs, shipping addresses, etc.). Work with your acquirer or payment processor to understand their CE3.0 support and Order Insight integration options.

Regardless of your current setup, pay close attention to your TC40 data. A lot of merchants don’t monitor their fraud reports closely because they’ve had no way to contest them. That’s about to change. Understanding which transactions are generating TC40s, and whether those transactions would qualify for CE3.0, will help you measure the potential impact of this update on your VAMP ratio.