Visa's primary CNP fraud code, decided on whether the merchant can prove the legitimate cardholder authorized or benefited from the charge.
Visa 10.4 is the most common fraud code in e-commerce, and it is also the code that hides the most friendly fraud. A real fraud case and a buyer pretending the charge was not theirs both arrive under the same code, with the same notification, on the same 30-day clock. The work of the rebuttal is separating the two using evidence the issuer is equipped to read.
How the dispute actually arrives
The cardholder has up to 120 days from the transaction date to file a 10.4. Most file within 30 to 60 days, when the statement arrives. The merchant gets the notification through their processor, with the cardholder's claim summarized in a sentence. The 30-day response window starts on the day of the notification, not the day the cardholder filed.
A 10.4 against a digital-goods seller often arrives months after the buyer used the product. A 10.4 against a physical-goods seller often arrives after the package was delivered to the cardholder's billing address. Both patterns are common, and both can win at representment with the right evidence.
What the issuer is looking for
Issuers reviewing a 10.4 ask one question: was the legitimate cardholder responsible for the transaction. The answer is built from several pieces, and no single piece is decisive on its own.
AVS and CVV matches at the time of the transaction show the buyer had the billing address and the printed security code. Those are necessary in 2026 but no longer sufficient on their own. 3D Secure authentication, where the issuer's own systems verified the cardholder at checkout, shifts liability away from the merchant entirely for that transaction. Where 3DS was used and passed, the merchant should cite it explicitly and the dispute should not have been filed against the merchant in the first place.
Device fingerprint, IP geolocation, and session history matter most when the cardholder claims they were not at their computer. If the order came from the same device that placed three earlier orders, from the same city the cardholder lives in, the friendly-fraud story gets harder to maintain. Prior order history from the same card, to the same shipping address, especially with positive feedback or no prior disputes, builds the same picture.
Delivery confirmation to the cardholder's verified billing address is the closing piece for physical goods. A package sent to the billing address on file and signed for there is hard to disown.
Visa Compelling Evidence 3.0 (CE 3.0)
Visa introduced Compelling Evidence 3.0 to give merchants a structured way out of a 10.4 when a buyer has done business with the merchant before. The framework lets the issuer rule in the merchant's favor on the basis of a documented pattern of prior matching transactions, rather than on the closer evidence around the disputed order alone. Where the pattern is established and submitted in the right form, the dispute does not even need to be argued at representment in the conventional sense; the rules direct the issuer to close it.
Eligibility is determined by what the merchant has on file. The merchant must produce two prior undisputed transactions from the same cardholder, completed at least 120 days before the disputed transaction, and each of those prior transactions must share at least two identifiers with the disputed one. Visa accepts device ID, IP address, account login, and delivery address as the matching identifiers. The records have to have been captured at the time of each prior order; reconstructing them after the chargeback arrives does not qualify, and a merchant whose order pipeline does not store device fingerprint or IP against the order at checkout will find the eligibility window closed before the dispute begins.
The letter cites CE 3.0 eligibility when the evidence supports it and the prior-transaction pattern is in hand. We do not invent eligibility, and we do not claim the framework will apply to every 10.4 case. Most 10.4 disputes are still won on the conventional evidence around the disputed order. CE 3.0 is the lever that closes the case before the conventional evidence has to do the work, when the merchant captured the right records at signup and on each subsequent order.
Common scenarios merchants see
A cardholder spots a charge they do not recognize on a months-old statement and files a 10.4 without first contacting the merchant. The full session history, including the email confirmation the buyer received and the delivery to their billing address, often resolves the case at representment.
A buyer used the card, received the goods, and is now claiming the transaction was unauthorized. This is the textbook friendly fraud case. Login records to the buyer's account, the IP address matching prior legitimate sessions, and any post-delivery communication from the buyer carry the case.
A family member or partner used the card without explicit permission. Under Visa rules, the cardholder is generally responsible for transactions made by household members with access to the card. Evidence that the order shipped to the cardholder's address and was retained, rather than refused or returned, is the relevant ground.
A true account takeover where stolen credentials were used to place an order. These are the cases merchants should lose, and should lose quickly, because fighting genuine fraud at representment damages the merchant's dispute ratio without recovering revenue.
What this code is not
Reason code 10.4 is not a dispute about whether the merchandise arrived or matched the description. If the buyer says they got it but it was not what they ordered, the dispute belongs under a 13-series consumer-dispute code, including Visa 13.1 (merchandise or services not received). Merchants who confuse the two and submit non-receipt evidence on a 10.4 are arguing a different case from the one the issuer is reviewing.
Where this fits in our service
Visa reason code 10.4 is the highest-volume fraud code we draft rebuttal letters against. The letter is built from the AVS and CVV state at the transaction, the 3DS posture, the session evidence available, and the buyer's relationship with the merchant before the dispute. A 10.4 letter for a first-time buyer and a 10.4 letter for a repeat customer with three prior delivered orders look almost nothing alike. If you are reading this because you just received one, you can start with a free first letter.
Official source: Visa rules. Last reviewed 2026-05-11.