Friendly fraud in travel and hospitality, where cardholders dispute legitimate bookings under Visa reason code 10.4, is particularly damaging because single transactions carry high values and each dispute moves the VAMP ratio disproportionately. cside, the browser-layer security platform, captures the device ID and real client IP at booking that close the evidence gap for CE 3.0 representment. Repeat travellers with session history on the merchant site have the strongest evidence chains; first-time leisure travellers require alternative representment strategies. Under Visa's 2026 VAMP thresholds, every won representment that removes a TC40 matters more than it did before.
Travel and hospitality sit at the high-value end of the friendly fraud curve. Airline tickets, hotel bookings, tour packages, and car rentals produce disputes with transaction values that are typically higher per transaction than most e-commerce verticals. Per merchant survey responses in the MRC 2025 report, high-value travel tickets generate outsized VAMP ratio exposure when disputed. A single reversed flight booking can move a merchant's VAMP ratio more than a month's worth of retail disputes.
Under the 1 April 2026 VAMP thresholds, with merchant Excessive at 1.5% and $8 per violation transaction, the margin for error on high-value friendly fraud is thinner than it has ever been.
This piece is the travel-specific playbook for Heads of Payments, Directors of e-commerce, and CFOs who need a credible plan for the dispute line. The shape of the problem is distinct from retail, and so is the fix.
Why travel looks different
Travel and hospitality face four distinct friendly fraud patterns: service-failure disputes where the cardholder was genuinely unhappy, booking-error disputes where the wrong person completed the purchase, "I did not travel" disputes where the fulfilment is hard to prove in concrete terms, and high-value single-transaction disputes that move the VAMP ratio disproportionately.
Service-failure disputes are technically not reason code 10.4. A cardholder who flew but complains about service quality should file under a service dispute code, not fraud. When they file under fraud, sometimes because the issuer routes it that way, sometimes deliberately, the case becomes CE 3.0-eligible and the defence is showing that the service was consumed.
Booking-error disputes usually involve a family member, travel agent, or corporate card user completing a booking on behalf of the cardholder. These qualify as first-party misuse when the cardholder is the named account holder, and CE 3.0 applies directly.
"I did not travel" disputes are the hardest to defend with server-side data alone: the merchant has a booking, a payment, and maybe a tracking number for a confirmation email, but proving the cardholder travelled requires evidence beyond the transaction record. Check-in confirmation data is the key: boarding pass scan, hotel key-card issue log, combined with a matching browser-layer session at booking time.
High-value single disputes are the VAMP-impact problem. A single high-value flight or hotel chargeback plus the associated TC40 changes a monthly ratio more than dozens of lower-value retail disputes.
The CE 3.0 profile for travel
Travel merchants have a mixed CE 3.0 qualification profile. Repeat travellers (business travel, loyalty-programme members) meet the two-prior-transaction bar easily. First-time or once-per-year leisure travellers often do not have two prior transactions in the 120-to-365-day window. The evidence strategy must split by customer segment.
For repeat-traveller segments, CE 3.0 eligibility is straightforward. A business traveller booking through the same merchant for an eighteen-month period trivially has two qualifying prior transactions. The evidence chain is strong on server-side records alone for User ID and shipping address, but the acquirer still wants device ID or IP match for the CE 3.0 two-of-four rule.
For once-per-year leisure travellers, CE 3.0 eligibility is partial. The merchant may not have two prior transactions on the same credential within the 120-to-365-day window. In those cases, alternative representment strategies under non-CE 3.0 frameworks apply, and the server-side evidence chain (booking record, boarding pass check-in, hotel arrival) becomes more central.
The three evidence tiers for travel
Travel representment evidence runs across three tiers: the booking record (server-side), the fulfilment confirmation (mixed), and the session evidence at the point of booking (browser-layer). All three matter. Merchants who rely only on the booking record lose disputes they should win; merchants who add fulfilment evidence improve; merchants who add browser-layer evidence on top close the gap to issuer expectation.
Tier 1: booking record. Transaction ID, booking reference, itinerary, passenger name, billing descriptor, customer account history. Entirely server-side. Good for establishing that a booking existed; weaker for establishing that the cardholder authorised it.
Tier 2: fulfilment confirmation. Check-in timestamps (airline), key-card issue logs (hotel), GPS ping from the loyalty app (if available), IP of the travel confirmation email opening. Mixed source. Strong evidence that the service was consumed. For airlines, a boarding pass scan record from gate systems is strong fulfilment proof for "I did not travel" cases.
Tier 3: browser-layer session evidence. Device ID, real client IP, session continuity across booking and account login, script-verified transaction context at the point of purchase. Entirely browser-layer. This is what CE 3.0 asks for at the two-of-four data element level.
The high-value transaction problem
A single high-value dispute can swing a travel merchant's VAMP ratio. Protecting against it means every CE 3.0-eligible high-value case must win the representment, not just most. The gap between an 80% and a 95% win rate is where travel merchants under VAMP pressure actually live.
Consider a travel merchant running 50,000 monthly CNP transactions with an average ticket value above $2,000. Each dispute represents significant VAMP numerator exposure. At the 1.5% Excessive threshold, keeping the ratio below that line when high-value disputes land requires winning the CE 3.0 representment on eligible cases. The difference between a good representment win rate and a poor one translates directly to VAMP ratio headroom.
For the financial modelling, the key variable is the merchant's specific dispute rate, ticket value, and CE 3.0 eligibility split by customer segment. Travel merchants should calculate this with their own data rather than relying on industry-level estimates.
What browser-layer evidence adds specifically for travel
Browser-layer evidence captured at booking time matches the cardholder's device and IP to the prior booking sessions on the merchant's site. For a repeat traveller, that chain of matched sessions across multiple trips is stronger evidence than anything the booking record alone provides. For a "I did not travel" dispute, it establishes that the cardholder's actual device completed the booking.
The operational pattern is that travel merchants with loyalty programmes have a natural login and session stream to capture. Every booking session, every check-in, every itinerary change is an opportunity to refresh the browser-layer evidence against the same cardholder. By the time a dispute lands on a twelve-month-old booking, the merchant has multiple distinct sessions on the same device identity to draw from, any two of which qualify as CE 3.0 prior transactions if they included a purchase.
From cside data: cside analysis of travel-vertical CE 3.0 cases shows that repeat travellers (two or more bookings in a 12-month window) have significantly higher representment win rates than first-time bookers, primarily because the multi-session evidence chain provides a strong device-and-IP match. cside measures this by segmenting reason code 10.4 outcomes by prior-transaction count for travel merchant accounts on its platform.
For the TC40 removal mechanic to apply, the representment must win. Browser-layer evidence is what determines whether it does.
What about the network tools
Verifi's Rapid Dispute Resolution (Visa) and Ethoca Alerts (Mastercard) deflect disputes before they become chargebacks. Both are useful in travel, particularly for descriptor confusion cases. Neither captures browser-layer evidence. For disputes that do become chargebacks, representment still depends on the evidence chain the merchant has built.
Travel merchants typically use multiple tools in parallel:
- Verifi RDR: automatic refund resolution pre-dispute for Visa
- Ethoca Alerts: pre-dispute notification for Mastercard
- Representment workflow (Chargebacks911, Kount, or Chargeflow): handles chargebacks that get through
- Browser-layer evidence (cside): feeds device and session data into representment packets
The category is complementary, not competing.
Operational plan
Segment disputes by reason code 10.4 eligibility, repeat versus first-time traveller, and transaction value. Instrument browser-layer evidence on every booking and account login session. Target a 90% representment win rate on CE 3.0-eligible cases. Use the network deflection tools on the categories where they are most effective (descriptor confusion, recurring booking confirmations).
- Pull 90 days of disputes. Segment by reason code, customer segment, and transaction value.
- For CE 3.0-eligible cases, calculate current representment win rate at each transaction value tier.
- For losing cases, identify the evidence gap. Expect the pattern to be IP and device ID weak across cases where the customer is a repeat traveller but the merchant did not capture session data on previous bookings.
- Instrument browser-layer evidence on booking flows, account logins, and loyalty-programme interactions.
- Escalate descriptor first-six (the first six digits of the billing descriptor) consistency across PSP and IATA settlement records. Legacy travel PSPs often have descriptor drift that breaks CE 3.0.
- Track win rate by transaction value tier. Expect the biggest uplift at the high-value end because those cases are the ones with the richest session history to draw on.
For a cross-vertical comparison, see the iGaming chargeback playbook. iGaming faces similar high-ratio challenges under VAMP but with different evidence patterns.
Further reading on cside
- cside Chargeback Evidence product page
- VAMP 2026 Merchant Playbook
- CE 3.0 Requirements: The Ten Data Points
- How to Remove a TC40 via CE 3.0
This article reflects cside's analysis of VAMP and friendly-fraud regulations as of 2026-05-06. Threshold values, deadlines, and programme rules are subject to change by Visa, Mastercard, and acquirer-specific contracts. Verify with primary sources before operational decisions.
About the author
Mike Kutlu is Head of GTM at cside, where he works with Heads of Payments, Risk, and Finance on instrumenting browser-layer chargeback evidence for Compelling Evidence 3.0 representment. He writes about VAMP, friendly fraud, and the mechanics of dispute evidence for enterprise merchants.
