Visa 10.4 - Card Absent Environment (Fraud)
This is Visa's primary fraud code for e-commerce and card-not-present transactions.
Overview
Used when a cardholder claims they did not authorize a transaction that occurred in a card-not-present environment (online, phone, mail order).
When This Code Applies
- Cardholder denies making online purchase
- Card credentials used without authorization
- Account takeover resulting in CNP fraud
- Stolen card used for online purchase
- Family/friendly fraud (cardholder claims unauthorized)
Conditions for Valid Dispute
Issuer Must Verify
- Cardholder did not authorize the transaction
- Cardholder did not receive benefit from transaction
- Transaction occurred in card-absent environment
- Within time frame limits
Transaction Must Be
- E-commerce
- Mail order/telephone order (MOTO)
- Recurring without proper authentication
Time Frames
| Scenario | Dispute Window |
|---|---|
| Standard | 120 days from transaction date |
| With delivery | 120 days from delivery date (or expected delivery) |
| Digital goods | 120 days from transaction date |
Liability Shift with 3D Secure
Full Liability Shift (Issuer Liable)
When transaction is fully authenticated:
- Visa Secure (3DS 2.0) - Challenge flow completed
- ECI = 05 (fully authenticated)
- Cryptogram present and valid
Partial/No Liability Shift (Merchant Liable)
| Scenario | ECI | Merchant Liability |
|---|---|---|
| Authentication attempted, issuer unavailable | 06 | Reduced |
| Authentication failed | 07 | Full |
| No authentication attempted | 07 | Full |
| 3DS not supported | N/A | Full |
Compelling Evidence 3.0 (CE 3.0)
Visa's enhanced compelling evidence program for repeat customers.
CE 3.0 Requirements
To qualify for CE 3.0 representment:
- Two prior undisputed transactions with same payment credentials
- At least 120 days before disputed transaction
- Matching data elements (at least two of four):
- IP address
- Device ID/fingerprint
- Shipping address
- User account ID
CE 3.0 Process
CE 3.0 Benefits
- Pre-arbitration liability protection
- Higher win rates
- Faster resolution
Standard Representment Options
1. Transaction Was Authorized
Evidence required:
- Cardholder correspondence acknowledging purchase
- Order confirmation sent to cardholder email
- IP/device match to prior purchases
- Signed delivery confirmation
2. 3D Secure Authentication
Evidence required:
- ECI value showing authentication
- Cryptogram/CAVV
- Authentication timestamp
- 3DS transaction ID
3. AVS/CVV Verification
Evidence required:
- AVS match (full or partial)
- CVV2 match
- Delivery to verified address
4. Delivery Confirmation
Evidence required:
- Carrier tracking showing delivered
- Signature confirmation
- Delivery address matches billing
- Photo proof of delivery (if available)
5. Digital Goods Access
Evidence required:
- IP address at time of download/access
- Access logs showing usage
- Account login after purchase
- Download confirmation
6. Prior Transaction History
Evidence required:
- Previous undisputed purchases
- Same email/phone/device
- Established customer relationship
Representment Time Frames
| Stage | Window |
|---|---|
| Initial response | 30 days from chargeback |
| Pre-arbitration | 30 days from representment |
| Arbitration | 45 days from pre-arb |
Prevention Strategies
Authentication
- Implement 3D Secure 2.0 - Liability shift protection
- Use frictionless flow - Better conversion with protection
- Challenge high-risk - Step up when signals indicate risk
Verification
- AVS checking - Verify billing address
- CVV2 required - Always collect
- Email verification - Confirm customer email
- Phone verification - For high-risk orders
Evidence Collection
- Log everything - IP, device, timestamps
- Keep communications - Emails, chats, calls
- Delivery confirmation - Tracking + signature
- Account history - Document relationship
Fraud Screening
- Real-time scoring - ML-based fraud detection
- Velocity checks - Unusual patterns
- Device fingerprinting - Track devices
- Behavioral analysis - Navigation patterns
Win Rate Expectations
| Defense Type | Expected Win Rate |
|---|---|
| 3DS authenticated (ECI 05) | 80-95% |
| CE 3.0 qualifying | 70-85% |
| AVS match + delivery proof | 40-60% |
| Standard evidence | 25-40% |
| No evidence | Under 15% |
Common Mistakes
- Not implementing 3DS - Missing liability shift
- No delivery confirmation - Can't prove receipt
- Missing logs - No IP/device records
- Slow response - Missing 30-day window
- Weak evidence - Insufficient documentation
Related Codes
- 10.3 - Other Fraud Card Present
- 10.5 - VFMP
Next Steps
Got this chargeback?
- Check if 3DS was used → If ECI 05, you have strong defense
- Check CE 3.0 eligibility → Prior undisputed transactions from same customer?
- Gather evidence → Representment Workflow
- Respond within 30 days
Prevent future 10.4 chargebacks:
- Implement 3D Secure for liability shift
- Set up dispute alerts to refund before chargeback
See Also
- 3D Secure Implementation - Liability shift protection
- Compelling Evidence Guide - CE 3.0 requirements
- Friendly Fraud - First-party abuse patterns
- Device Fingerprinting - Proving cardholder involvement
- AVS & CVV - Address verification
- Third-Party Fraud - True fraud vs. friendly
- Account Takeover - ATO patterns
- Velocity Rules - Fraud detection
- Risk Scoring - Pre-transaction screening
- Chargeback Alerts - Deflect before filing
- VFMP Thresholds - Fraud program limits
- Fraud vs. Friendly - Classification