What you need to know
- Mastercard First-Party Trust (FPT) is the programme Mastercard built to deflect friendly fraud disputes before they become formal chargebacks.
- It works by matching device, delivery, and identity evidence from your transaction records against prior undisputed purchases for the same cardholder.
- A dispute resolved through FPT does not become a formal chargeback. It does not add to your dispute count or affect your network monitoring ratios.
- FPT has two paths: a pre-authorisation route via 3DS Identity Check Insights, and a post-dispute route via the Ethoca Consumer Clarity API.
- The device fingerprint data that wins Visa CE 3.0 cases satisfies Mastercard FPT's Category 1 Device requirement. Device data collected by fingerprinting tools like cside can integrate into both card networks.
How Mastercard First-Party Trust reduces chargebacks
Here is how FPT works in practice, using a digital goods merchant as an example.
A customer disputes a legitimate subscription charge. They contact their bank and say they do not recognise the transaction. Under the standard process, this becomes a chargeback immediately and counts against the merchant's ratio.
With FPT, the flow changes:
- Evidence is already on file. At the original checkout, the merchant captured a device fingerprint, the customer's email address, and their billing address. These satisfy all three FPT evidence categories.
- The dispute is intercepted. When the issuer receives the dispute, Mastercard's AI matches the device and identity evidence against prior undisputed transactions from the same cardholder. The match is strong.
- The issuer contacts the cardholder directly. The customer sees the evidence, recognises the charge, and withdraws the dispute. No formal chargeback is filed, no fraud report is generated, and the merchant's ratio is untouched.
The result: the merchant keeps the revenue, avoids the chargeback fee, and stays further from EFM and ECP monitoring thresholds. This is what chargeback evidence looks like when it is captured at the right layer.
What is Mastercard First-Party Trust?
First-Party Trust is Mastercard's structured dispute deflection programme. You share device, delivery, and identity evidence when a transaction is disputed. Mastercard's AI compares that evidence against prior undisputed transactions for the same cardholder, and when the match qualifies, the issuer resolves the dispute directly.
Programme timeline
FPT launched as a US pilot in 2023, reached full US availability in October 2024, and expanded globally in June 2025 to Canada, Latin America, the Caribbean, and Asia Pacific.
It is Mastercard's counterpart to Visa's Compelling Evidence 3.0. Both programmes use prior transaction evidence to deflect friendly fraud before it becomes a chargeback, and both shift liability to the issuer when evidence standards are met.
How FPT differs from representment
Representment responds after a chargeback has already been filed and counted. FPT intercepts the dispute earlier, either at checkout via the pre-authorisation path or after a dispute is filed but before the formal chargeback cycle processes.
Neither path adds to your chargeback count.
Why Mastercard built First-Party Trust
Visa estimates that up to 75% of all chargebacks are friendly fraud, with the problem most acute in digital goods verticals. On a consumer level, Mastercard and Stripe's joint 2025 research found that one in eight Americans admit to filing a fraudulent dispute.
This is not a niche problem. It is a structural feature of the card dispute system.
The ratio problem
Traditional dispute management is reactive. A chargeback is filed, it registers in your monthly ratio, and then you respond. Winning that representment recovers the funds but does not reverse the ratio damage.
FPT changes the sequence: it gives issuers the evidence to resolve disputes before they enter the formal chargeback cycle, so the damage never happens.
In our experience at cside working with chargeback leaders, the moment this lands is when they check their ratio calculation. The problem is rarely the representment win rate. Teams will boast that they already win 90%+ of cases. There is still a cost to take on those cases. Programmes like FPT deflect disputes before they become cases at all.
How First-Party Trust works: the three-category evidence framework
FPT requires one data element from each of three categories. All three must be covered at transaction time for FPT to protect that transaction.
| Category | Required elements (choose one) | Typical data source |
|---|---|---|
| 1. Device | IP address, device ID, or device fingerprint | Browser session, payment SDK |
| 2. Delivery | Shipping address, email address, or telephone number | Checkout form, account record |
| 3. Identity | Account ID or login history, device name, device location, or billing address | Account system, transaction record |
Where the gap is
Category 2 and Category 3 are almost always covered by standard checkout and account data. Category 1 is where most merchants fall short.
IP addresses change between sessions and network environments. Basic device IDs are unavailable in browser-based transactions and can be reset on mobile.
Device fingerprinting is the most durable Category 1 signal. It combines 50 or more browser and hardware signals into a persistent hash that links a disputed transaction to prior sessions on the same device, even when the IP address or network changes.
In my experience reviewing merchant data submissions, Category 1 coverage is the deciding factor in whether a merchant can use FPT at scale. Category 1 requires an additional instrumentation step at the browser layer. That is the gap cside fills.
Pre-authorisation and post-dispute: the two FPT paths
FPT operates through two technical paths. Both can result in a dispute that never becomes a formal chargeback.
| Pre-authorisation path | Post-dispute path | |
|---|---|---|
| Timing | At checkout | After dispute filed, before chargeback cycle |
| Tool | 3DS Identity Check Insights | Ethoca Consumer Clarity Merchant Transactions API |
| Prior history required | No | Benefits from prior undisputed transaction matching |
| Outcome | Lower dispute rate from issuers | Dispute withdrawn before formal chargeback |
| Effect on ratio | Dispute never filed | Dispute filed but withdrawn; not processed as chargeback |
Pre-authorisation: 3DS Identity Check Insights
You submit FPT data at checkout as part of the 3DS flow. The device fingerprint, email address, and billing address travel with the transaction in the 3DS data payload.
Mastercard's AI assesses the risk profile in real time. The programme is designed so that higher-confidence legitimate transactions are less likely to trigger issuer dispute prompts. A dispute that is never filed does not touch your chargeback count.
Post-dispute: Ethoca Consumer Clarity
When a dispute is filed, the Ethoca Consumer Clarity Merchant Transactions API lets you submit transaction evidence the issuer uses to re-evaluate before processing the formal chargeback cycle.
The issuer contacts the cardholder with your device and identity evidence. If the cardholder recognises the transaction and withdraws, the dispute does not become a formal chargeback and does not register in your monitoring ratio.
What happens when First-Party Trust resolves a dispute
A dispute resolved through FPT does not become a formal chargeback. There is no chargeback record filed, no Mastercard fraud report generated, and no increment to the chargeback count that determines your EFM or ECP monitoring status.
The funds stay with you, and your ratio is unaffected.
FPT vs representment for ratio management
A representment win recovers your funds. An FPT deflection recovers your funds and prevents the chargeback from counting in the first place. At EFM threshold levels, that distinction is the difference between a month inside the programme and a month outside it.
What the data shows
Consumer Clarity programme data from Mastercard and Stripe's 2025 joint research shows a 1-4% dispute rate reduction for merchants using the programme.
- At a fraud-to-sales ratio of 0.48%, that reduction creates buffer before the 0.50% EFM trigger.
- At 0.52%, a 4% deflection rate can drop a merchant below the trigger entirely.
For a full worked example at threshold, see the companion post on how FPT reduces EFM and ECP ratios.
First-Party Trust, EFM, and the Excessive Chargeback Programme
EFM triggers when your Mastercard fraud-to-sales ratio crosses 0.50% alongside three other conditions. ECP's Excessive Chargeback Merchant (ECM) tier triggers at a 1.5% chargeback ratio alongside 100 or more chargebacks per month.
FPT deflects the friendly fraud disputes that drive both programmes, before either is counted.
- EFM tracks fraud-coded chargebacks under reason code 4837. First-party misuse generates most of these chargebacks. FPT deflects first-party misuse; EFM ratio falls.
- ECP tracks all chargebacks regardless of reason code. Deflected disputes do not enter the chargeback cycle; ECP ratio falls.
- Exit requirement: both programmes require three consecutive clean months. FPT's ratio reduction effect compounds monthly.
- Dual enrolment: a merchant can be in both programmes simultaneously; fines are calculated independently.
For full EFM and ECP threshold detail, fine escalation schedules, and a worked numerical example, see the detailed guide to reducing EFM and ECP ratios with First-Party Trust.
Which merchants should implement First-Party Trust
Any card-not-present merchant with a meaningful friendly fraud problem benefits from FPT. The merchants who benefit most are in digital goods, subscriptions, and travel, where first-party misuse concentrates.
If your Mastercard fraud-to-sales ratio is above 0.40%, or your overall chargeback ratio is above 1.2%, FPT is the highest-leverage tool to create threshold buffer before the monitoring programmes trigger.
Best-fit merchant profiles
- High share of card-not-present transactions. FPT targets CNP fraud chargebacks, which is where friendly fraud concentrates.
- Digital goods or subscription products. Friendly fraud is most prevalent in digital goods verticals, where Visa estimates up to 75% of chargebacks are first-party misuse. If you sell software, media, gaming credits, or subscription access, this describes your dispute profile.
- Recurring billing. Subscription merchants frequently see "I did not recognise this charge" disputes on recurring transactions. FPT's device and identity matching proves the same cardholder completed prior undisputed billing cycles.
- High-value travel transactions. A single travel booking dispute can materially affect your monthly ratio. FPT protects high-value transactions where device and delivery data is strong.
- Merchants approaching EFM or ECP thresholds. If your fraud ratio is above 0.40% or your overall chargeback ratio is above 1.2%, you are within a bad month of triggering a monitoring programme.
Merchants who benefit least are those with predominantly in-person or card-present transactions, or those whose dispute profile is dominated by genuine fraud rather than first-party misuse.
How cside provides the evidence FPT requires
cside captures device fingerprints at the browser layer, the same environment where card-not-present transactions originate. That fingerprint is the most durable Category 1 Device signal available for FPT. It identifies the same cardholder across sessions more reliably than an IP address or basic device ID.
The evidence gap in most fraud suites
Many chargeback tools and anti-fraud solutions rely on network-layer signals: the transaction record, the payment confirmation, and the shipping address.
What they typically lack is deep device fingerprinting at the browser layer. In some fraud suites, device fingerprinting exists as a secondary feature rather than a core evidence capability, which means the device match data needed for FPT Category 1 is either shallow or missing entirely.
cside captures that layer as its primary function.
One instrumentation, both card networks
For Mastercard, that data satisfies Category 1 of the FPT three-category framework. For Visa CE 3.0, it satisfies the device data element. The evidence standard differs in structure between the two networks, but the underlying browser-layer data is the same.
One instrumentation. Both card networks covered.
Partnership with Chargebacks911
cside works with Chargebacks911 in a partnership that combines browser-layer evidence capture with specialist dispute representment operations. When your FPT evidence is strong and a dispute still reaches the representment stage, Chargebacks911 handles the operational submission.
Already running Visa CE 3.0?
If your team is already running browser-layer evidence for Visa CE 3.0, your Category 1 Device data for Mastercard FPT is already being captured. Mapping it to the Ethoca Consumer Clarity or 3DS Identity Check Insights flow is a configuration step, not a new build.
About the author
Mike Kutlu is Head of GTM at cside. He works directly with Heads of Payments, Risk, and Finance at e-commerce, subscription, and digital goods merchants on implementing browser-layer chargeback evidence for Visa Compelling Evidence 3.0 and Mastercard First-Party Trust. He covers VAMP, EFM, ECP, TC40 mechanics, and dispute evidence strategy for enterprise merchants. His focus is the operational gap between how card networks define dispute evidence and what most chargeback and anti-fraud tools actually capture.
