Author

Mike Kutlu

Client-side security consultant at cside. 10+ years of experience implementing technology solutions for enterprises (previously at Oracle, Cloudflare, and Splunk). Now helping teams use client-side intelligence to catch & reduce fraud.

Articles by Mike Kutlu

How to Block Perplexity Shopper on Your Website

Perplexity Shopper browses and buys from retail websites on behalf of Pro users. Learn how to detect its browser-layer signals and govern the traffic.

AI-Agent Based Credit Card Testing Bots | How to Stop Them

AI credit card testing agents use real browsers to test stolen credentials at scale. Learn how to detect and block them before a transaction completes.

What Are Stealth (or 'Anti-Detect') Browsers and When to Block Them

Stealth browsers bypass bot detection. Anti-detect browsers spoof fingerprints. Learn the signals that reveal both, even when they look human.

What Is Mastercard First-Party Trust? How It Reduces Chargebacks

Mastercard First-Party Trust deflects friendly fraud disputes before they become formal chargebacks. Here is how the evidence framework works.

Mastercard First Party Trust: Improve EFM and ECP Ratios with Device Fingerprinting

Mastercard's First Party Trust program uses device fingerprinting to deflect friendly fraud disputes before they inflate your EFM and ECP ratios.

Friendly Fraud in Travel and Hospitality: The 2026 Playbook

Travel and hospitality merchants face the highest-value friendly fraud disputes. How CE 3.0 and browser-layer evidence rebalance the win rate.

Mastercard Scam Merchant Monitoring 2026: What Merchants Must Know Before July

Mastercard Scam Merchant Monitoring takes full effect on 24 July 2026. Here are the SMMP triggers, how it differs from ECM and EFM, and how merchants can prepare.

Utah SB 73: You Are Now Liable for Users' VPNs

Utah SB 73 holds operators liable when users bypass age gates with VPNs. An IP blocklist cannot keep pace. Behavioural detection is what works.

CE 3.0 Auto-Qualification: What Changed on 17 October 2025 and What To Do Now

Visa auto-qualifies transactions for Compelling Evidence 3.0 via Visa Secure and Visa Data Only. What changed, who benefits, and the evidence gap.

Friendly Fraud in Gaming and iGaming: The 2026 Chargeback Playbook

iGaming merchants run the highest chargeback ratios of any vertical. VAMP 2026 tightened the line. How CE 3.0 plus browser-layer evidence rebalances the book.

VAMP 2026: Visa's New Thresholds and How to Survive Them

Visa's VAMP ratio dropped to 1.5% on 1 April 2026 with $8-per-transaction fines. A merchant playbook for staying under the new thresholds using CE 3.0.

Compelling Evidence 3.0 Requirements: What Visa Mandates and What Actually Wins the Case

The four data elements Visa requires for CE 3.0, and what separates winning representments from losing ones.

What CTEM at the browser layer actually looks like: one third-party script, five findings

A live analysis of one Skeepers widget on a major international bank surfaced a 360-day cookie on auth subdomains, a CSP gap, and a server-controlled sub-script. Here's what CTEM looks like applied to the browser layer.

Friendly Fraud in SaaS and Subscription Businesses: The 2026 Playbook

SaaS and subscription businesses have a specific friendly fraud profile: descriptor drift, recurring billing, and CE 3.0-eligible customers. Here is how to fight it.

How to Remove a TC40 from Your VAMP Ratio: The CE 3.0 Mechanic

TC40 fraud reports feed your VAMP ratio without a chargeback. A successful CE 3.0 representment is the only way to remove one. Here's how it works.

Why Chargeback Indemnification No Longer Works With the New VAMP Ratio

Chargeback indemnification won't protect you under new VAMP rules. You still face the risk of penalties and account termination. Here's how to adapt: