Digital Goods Evidence
Before diving into digital goods evidence, understand:
- Winning evidence basics and what issuers look for
- Representment process and response timing
- Compelling Evidence 3.0 requirements
- Friendly fraud patterns
Digital goods have the worst chargeback win rates in e-commerce. Physical goods merchants win 40-50% of their disputes. Digital goods merchants are lucky to hit 25%.
The reason: no delivery proof, no signature, no package photo. Just bits on a wire.
But you can win digital disputes if you collect the right data and present it correctly. This page shows you how.
On this page
- Why Digital Goods Are Different
- Evidence That Wins Digital Disputes
- Evidence Collection by Product Type
- Visa Compelling Evidence 3.0 for Digital
- The Usage-After-Dispute Strategy
- Evidence Assembly Checklist
- Common Mistakes
- Test to Run
- Scale Callout
- Where This Breaks
- Analyst Layer: Metrics to Track
- Next Steps
- See Also
Why Digital Goods Are Different
The Evidence Gap
| Physical Goods | Digital Goods |
|---|---|
| Tracking number | No tracking |
| Carrier confirmation | No carrier |
| Delivery photo | No photo |
| Signature | No signature |
| Weight/dimensions | No physical attributes |
What You Have Instead
Digital goods evidence relies on:
- Access logs - Proof of login and usage
- Download records - Proof of delivery to their device
- IP correlation - Same person who bought also used
- Device matching - Same device for purchase and access
- Account activity - Ongoing usage proves receipt
The challenge is collecting and presenting this data in a format issuers understand.
Evidence That Wins Digital Disputes
Tier 1: Strongest Evidence
These have the highest impact on dispute outcomes.
| Evidence | Why It Works | How to Collect |
|---|---|---|
| Post-purchase login from same IP | Proves cardholder accessed after buying | Log IP + timestamp at every login |
| Device fingerprint match | Same device for purchase and usage | Implement fingerprinting SDK |
| In-product activity after purchase | Proves they used what they bought | Log all feature usage with timestamps |
| Customer acknowledgment | They admitted receiving/using | Support tickets, emails, chat logs |
| Account activity summary | Pattern of ongoing access | Generate usage reports |
Tier 2: Strong Evidence
These support your case but rarely win alone.
| Evidence | Why It Helps | Limitation |
|---|---|---|
| Download/activation timestamp | Proves delivery | Doesn't prove who downloaded |
| Email delivery confirmation | Shows notification sent | Doesn't prove it was read |
| Account creation pre-dispute | Shows established relationship | Doesn't prove this transaction |
| AVS/CVV match | Authorization passed | Cardholder could still dispute |
| 3DS authentication | Cardholder verified | May shift liability, varies by issuer |
Tier 3: Weak Evidence
Don't rely on these alone.
| Evidence | Why It's Weak |
|---|---|
| Terms of service screenshot | Proves nothing about this transaction |
| Refund policy | Proves you have a policy, not that it applies |
| "Digital goods are non-refundable" | Doesn't override dispute rights |
| Email confirmation sent | Doesn't prove delivery or receipt |
| Generic security description | "We use SSL" means nothing to issuers |
Evidence Collection by Product Type
SaaS / Subscription Software
What to capture at purchase:
- IP address + geolocation
- Device fingerprint
- Account ID
- Subscription terms acknowledged (with timestamp)
What to capture ongoing:
- Login timestamps and IPs
- Features accessed
- Data created (documents, records, settings)
- API calls made
- Session duration
Evidence package for disputes:
1. Account overview
- Created: [date]
- Email: [email]
- Subscription: [plan name]
- Status: Active / Cancelled on [date]
2. Purchase transaction
- Date: [date/time]
- Amount: $X
- IP: [IP address] (Location: [city, country])
- Device: [fingerprint hash]
3. Post-purchase activity (last 30 days before dispute)
| Date | Action | IP Address |
|------------|-------------------------|---------------|
| [date] | Login | [same IP] |
| [date] | Created document | [same IP] |
| [date] | Invited team member | [same IP] |
| [date] | Changed settings | [same IP] |
4. Customer communication
[Any support tickets, emails acknowledging service]
Digital Downloads (Software, Games, Music)
What to capture at purchase:
- IP address
- Device fingerprint
- Download link generated
What to capture at download:
- Download initiation timestamp
- Download completion (if trackable)
- IP address at download
- Device/browser at download
What to capture at activation:
- License key activation timestamp
- Hardware ID (for device-locked licenses)
- Activation IP
Evidence package for disputes:
1. Purchase record
- Date: [date/time]
- Product: [name]
- IP: [IP address]
- Device fingerprint: [hash]
2. Download record
- Link generated: [timestamp]
- First download: [timestamp]
- Download IP: [IP address]
- Downloads completed: [count]
3. Activation record (if applicable)
- License key: [last 4 chars]
- Activated: [timestamp]
- Hardware ID: [hash]
- Activation IP: [IP address]
4. IP correlation
Purchase IP [X.X.X.X] matches download IP [X.X.X.X]
Streaming / Video / Courses
What to capture at purchase:
- Standard (IP, device, account)
What to capture ongoing:
- Content accessed (video IDs, lesson names)
- Watch time / completion percentage
- Progress saved
- Notes or bookmarks created
Evidence package for disputes:
1. Account and purchase details
[Standard info]
2. Content access log
| Date | Content Accessed | Duration | Completion |
|------------|-------------------------|-----------|------------|
| [date] | Module 1: Introduction | 45 min | 100% |
| [date] | Module 2: Basics | 62 min | 100% |
| [date] | Module 3: Advanced | 28 min | 45% |
3. Total engagement
- Videos watched: 12 of 20
- Total watch time: 8.5 hours
- Last access: [date] (after dispute filed)
In-App Purchases / Gaming
What to capture:
- Account ID and age
- Purchase IP and device
- Virtual goods delivered
- Goods consumed/used
- Gameplay time
Evidence package:
1. Account overview
- Account created: [date]
- Account level/rank: [X]
- Total playtime: [hours]
2. This purchase
- Date: [date/time]
- Item: [name]
- IP: [IP address]
- Device: [fingerprint]
3. Item delivery and usage
- Item credited: [timestamp]
- Item used/consumed: [timestamp]
- Gameplay after purchase: [hours]
4. Account activity (post-purchase)
[Login timestamps, achievements, multiplayer sessions]
Visa Compelling Evidence 3.0 for Digital
CE 3.0 works for digital goods, but you need to capture the right data.
CE 3.0 Matching Elements
You need at least two of these to match between the disputed transaction and prior undisputed transactions:
| Element | Digital Implementation |
|---|---|
| Device ID/fingerprint | Use fingerprinting SDK (DeviceAtlas, Iovation, etc.) |
| IP address | Log at transaction time |
| Shipping address | Use billing address (no shipping for digital) |
| User account | Account ID / email |
Prior Transaction Requirements
Prior transactions must be:
- 120-365 days before disputed transaction
- Undisputed
- Same card number
Digital CE 3.0 Example
Disputed Transaction (Dec 15, 2024):
- Amount: $99
- Device ID: abc123
- IP: 203.0.113.42
- Account: user@email.com
Prior Transaction #1 (Aug 10, 2024):
- Amount: $49
- Device ID: abc123 ← MATCH
- IP: 203.0.113.42 ← MATCH
- Account: user@email.com ← MATCH
- No dispute
Prior Transaction #2 (May 22, 2024):
- Amount: $29
- Device ID: abc123 ← MATCH
- IP: 198.51.100.23 (different)
- Account: user@email.com ← MATCH
- No dispute
CE 3.0 Qualification: YES
Matching elements: Device ID + Account (2+ matches)
The Usage-After-Dispute Strategy
The strongest evidence for digital goods is usage after the customer filed the dispute.
Why This Works
If the customer claims they never received the product, but you can show they:
- Logged in after the dispute date
- Accessed features after disputing
- Created content after disputing
- Made API calls after disputing
Then they clearly received and used what they claim they didn't get.
How to Present It
Timeline:
Dec 1: Purchase made ($99)
Dec 15: Dispute filed - "Never received"
Dec 16: Customer logged in (IP: X.X.X.X) ← AFTER DISPUTE
Dec 17: Customer accessed Dashboard ← AFTER DISPUTE
Dec 18: Customer exported report ← AFTER DISPUTE
Dec 20: Dispute response due
The customer claims they never received access to [Product].
However, our logs show they logged in and actively used the
product on Dec 16, 17, and 18 - AFTER filing the dispute.
This demonstrates the customer received and continues to use
the service they claim was never delivered.
Logging Requirements
To use this strategy, you need:
- Login timestamps with IP
- Feature access logs with timestamps
- Session data (what they did, when)
- Correlation to the specific account
"Can we generate a usage report for any account showing: all logins with IP, features accessed with timestamps, and any content created? We need this for chargeback responses."
Evidence Assembly Checklist
Before submitting a digital goods dispute response, verify you have:
Required (Don't Submit Without)
- Transaction timestamp and amount
- Customer email and account ID
- IP address at purchase
- At least one proof of access/usage after purchase
Strongly Recommended
- Device fingerprint match (purchase to usage)
- Multiple usage events with timestamps
- IP correlation (purchase IP = usage IP)
- Usage after dispute date (if available)
Supporting (Include If Available)
- Prior successful transactions on same account
- Customer support tickets (especially positive ones)
- Email confirmations with delivery timestamps
- AVS/CVV match confirmation
- 3DS authentication confirmation
Format Checklist
- Single PDF document
- Summary on first page
- Strongest evidence highlighted
- Timestamps clearly visible
- Under 10 pages if possible
- Professional, not emotional
Common Mistakes
Mistake 1: "Digital = No Delivery Proof Needed"
Wrong thinking: "It's digital, so there's no delivery to prove."
Reality: You must prove delivery differently. Access logs, downloads, and activations are your delivery proof.
Mistake 2: Relying on Confirmation Emails
Wrong thinking: "We sent a confirmation email, so they received it."
Reality: Email confirmation proves you sent an email. It doesn't prove:
- They opened it
- They clicked the link
- They accessed the product
- They are the cardholder
Mistake 3: Generic Responses
Wrong thinking: "Our standard response covers everything."
Reality: Generic responses like "We delivered the digital product as described" lose every time. Show specific access logs for this specific customer.
Mistake 4: Not Collecting Data
Wrong thinking: "We'll figure out evidence when we get a chargeback."
Reality: You can't retroactively capture login IPs, device fingerprints, or usage patterns. Evidence collection must happen at transaction and access time, not at dispute time.
Mistake 5: Fighting Unwinnable Disputes
Wrong thinking: "We'll fight every chargeback on principle."
Reality: If you have no usage logs, no login records, and no device match, you're going to lose. Save the effort for disputes you can win.
Test to Run
Digital evidence audit (7 days):
Day 1-2: Inventory
- List all data points you currently capture at purchase
- List all data points you capture at login/usage
- Identify gaps
Day 3-4: Implement
- Add missing logging (minimum: IP at purchase, IP at login, usage events)
- Verify device fingerprinting is active
- Test evidence retrieval for a sample account
Day 5-7: Template
- Create evidence package template by product type
- Build query to pull usage report for any account
- Train support team on evidence assembly
Success criteria: Can generate a complete evidence package for any disputed transaction within 30 minutes.
Scale Callout
| Volume | Focus |
|---|---|
| Under $100k/mo | Implement basic logging (IP, login, usage). Manual evidence assembly. |
| $100k-$500k/mo | Device fingerprinting. Automated usage report generation. CE 3.0 data capture. |
| Over $500k/mo | Full fraud stack with fingerprinting. Auto-generated evidence packages. API integration with processor for CE 3.0 submission. |
Where This Breaks
-
Account sharing. If the cardholder shared their login with someone else, that person's usage doesn't prove the cardholder used the product. You may still lose.
-
Stolen credentials. If a fraudster created the account using stolen card data, all your usage logs are from the fraudster, not the cardholder. True fraud = true loss.
-
Immediate disputes. If the customer disputes within minutes of purchase, you won't have usage logs. Some fraud rings do this intentionally.
-
No logging infrastructure. If you don't capture IPs, fingerprints, and usage data, you have no evidence. Implement logging before you need it.
Analyst Layer: Metrics to Track
| Metric | What It Tells You | Target |
|---|---|---|
| Win rate (digital goods) | Overall effectiveness | > 30% |
| Win rate by product type | Where to focus | Varies |
| Evidence completeness rate | Data capture health | > 90% of disputes have full evidence |
| Time to evidence package | Response efficiency | < 30 minutes |
| CE 3.0 qualification rate | Prior transaction matching | > 50% of fraud disputes |
| Usage-after-dispute rate | Post-dispute access | Higher = better |
Win Rate Benchmarks for Digital
| Product Type | Typical Win Rate | Good Win Rate |
|---|---|---|
| SaaS subscriptions | 20-30% | 35-45% |
| Digital downloads | 15-25% | 30-40% |
| Streaming/courses | 25-35% | 40-50% |
| In-app purchases | 10-20% | 25-35% |
If you're below typical, you likely have evidence collection gaps.
Next Steps
Not collecting usage data?
- Implement IP logging at purchase and login → Minimum viable evidence
- Add device fingerprinting → CE 3.0 eligibility
- Log feature usage with timestamps → Proof of access
Getting chargebacks you should win?
- Audit your evidence package → What's missing?
- Build product-specific templates → Standardize evidence
- Check for usage-after-dispute → Your strongest argument
High volume digital business?
- Automate evidence assembly → One click to generate package
- Integrate CE 3.0 data with processor → Automated submission
- Build chargeback prevention → Alerts and 3DS
See Also
- Winning Evidence - General evidence strategy
- Compelling Evidence 3.0 - CE 3.0 details
- Representment - Fighting chargebacks
- Friendly Fraud - Customer abuse patterns
- Device Fingerprinting - Implementation
- Subscriptions & Recurring - Subscription disputes
- 3D Secure - Liability shift for digital
- Chargeback Alerts - Prevention tools
- Chargeback Metrics - Win rate tracking
- Refund Strategy - When not to fight