Mastercard First Party Trust Program: Merchant Guide 2026

What Is Mastercard's First Party Trust Program?

The First Party Trust program (FPT) is Mastercard's dispute framework for addressing first-party fraud — situations where the cardholder themselves made the disputed purchase but claims "unauthorized transaction." It operates similarly to Visa's CE 3.0 by allowing merchants to present prior transaction history as evidence that the cardholder is a known, established customer.

When a merchant invokes FPT, they're arguing: "This cardholder has made previous undisputed purchases with us under the same card and with matching attributes. The claim that this specific transaction was unauthorized is inconsistent with their documented history as a genuine customer."

FPT was developed in response to the same trend that motivated CE 3.0 — the dramatic growth in first-party fraud, where cardholders deliberately dispute legitimate purchases. By allowing merchants to use transaction history evidence, Mastercard has given merchants a more effective tool for fighting these clearly fraudulent dispute claims.

FPT Eligibility Requirements

Mastercard's FPT program has specific eligibility requirements that determine whether the framework applies to a given dispute.

Applicable reason codes: FPT applies to Mastercard reason code 4853 (Goods or Services Not as Described or Defective) and 4863 (Cardholder Does Not Recognize — Potential Fraud). It's particularly targeted at the "cardholder does not recognize" dispute type that's commonly associated with first-party fraud.

Prior transaction requirement: the merchant must have at least one prior undisputed transaction from the same cardholder with matching characteristics. Mastercard's specific matching attributes and requirements should be confirmed in the current Mastercard Transaction Processing Rules, as these details evolve.

Transaction recency: prior transactions must be within a specified lookback period. Check current Mastercard rules for the applicable lookback window.

Matching characteristics: the prior transactions must share specific attributes with the disputed transaction — device identifiers, IP addresses, or cardholder account attributes that demonstrate the same cardholder made previous purchases.

Implementing FPT Data Collection

Like CE 3.0, the First Party Trust program requires merchants to systematically collect and retain specific transaction data. Without this data, you cannot invoke FPT even when the cardholder clearly has a prior purchasing relationship with you.

Device fingerprinting: implement persistent device identification across customer sessions. When the same customer returns with the same device, the device fingerprint creates a linkage across transactions that is the foundation of FPT claims.

IP address logging: log the IP address at transaction time (not just the session level). Store this data linked to the transaction ID for easy retrieval when a dispute arrives.

Account linkage: maintain records of customer accounts and their transaction history. When a dispute arrives, you need to quickly identify whether this cardholder has prior undisputed transactions that meet FPT requirements.

Data retention: retain transaction data with full attribute details for at least 18 months. This covers the standard dispute filing window plus the lookback period for prior transactions.

Work with your fraud management platform: most modern fraud scoring platforms (Kount, Sift, Forter, Stripe Radar) capture device IDs and risk signals that include the data elements needed for FPT. Verify that your platform retains this data in a format retrievable for dispute evidence.

How FPT Differs from Visa CE 3.0

While Mastercard's FPT and Visa's CE 3.0 share the same underlying logic — using prior transaction history to challenge first-party fraud — they differ in specific requirements and application.

Reason code scope: CE 3.0 applies to Visa 10.4 (fraud disputes). FPT applies to different Mastercard reason codes, particularly 4853 and 4863. Understanding which reason codes each framework covers is essential for applying the right approach to each dispute.

Evidence threshold: the specific number of qualifying prior transactions and the matching attribute requirements differ between Visa and Mastercard. Merchants managing both Visa and Mastercard disputes need to understand both frameworks and their specific requirements.

Outcome when successful: in both programs, a successful invocation results in chargeback reversal. The specific mechanics of how the reversal is processed may differ.

Implementation in practice: dispute management services like ChargeMate apply both CE 3.0 and FPT to qualifying disputes across networks. For merchants managing disputes themselves, understanding the network-specific requirements prevents applying the wrong framework to a dispute.

Building a First-Party Fraud Defense Strategy

First Party Trust and CE 3.0 are the most powerful tools available for fighting friendly fraud, but they're most effective as part of a comprehensive first-party fraud defense strategy.

Identify your friendly fraud rate: analyze your dispute data to estimate what percentage of disputes are likely first-party fraud vs. true fraud. This informs how much to invest in FPT/CE 3.0 implementation.

Implement data collection systematically: the data elements for both frameworks should be captured automatically on every transaction, not just collected reactively when a dispute arrives. Building this infrastructure once creates ongoing dispute management improvement.

Apply frameworks at scale: for merchants handling significant dispute volumes, manually checking each dispute for FPT/CE 3.0 eligibility is impractical. Automated dispute management services that apply these frameworks at scale provide the most value.

Combine with other defense mechanisms: FPT and CE 3.0 work best alongside other evidence types — delivery confirmation, customer communication, usage records. When multiple evidence types align in your favor, win rates are highest.

Track outcomes: measure your win rates on disputes where FPT/CE 3.0 was applied versus those where it wasn't. This data helps you quantify the value of the framework and justify continued investment in data collection infrastructure.