EvidenceLoop — dispute-evidence packet engine for SaaS merchants

1. One-liner

Pulls a SaaS app’s own login and usage logs into a Compelling Evidence 3.0 chargeback packet and files it automatically.

2. Trend signal — why now?

Three things moved in the last 14 months and they all point the same way.

First, first-party (“friendly”) fraud exploded: the Merchant Risk Council’s 2026 report puts it at 36% of all global ecommerce fraud, up from 15% a year earlier. For subscription businesses it’s worse — up to 70% of their chargebacks are friendly fraud (customer forgot they subscribed, couldn’t find the cancel button, or just wants a free month). SaaS chargeback rates run 0.5–1.0%, roughly double the 0.26% general average.

Second, Visa Compelling Evidence 3.0 got a major upgrade on April 1, 2026. Merchants can now submit prior-transaction history and “historical footprint” evidence directly to the issuing bank during review, before the chargeback is decided — not after. This is the biggest change to dispute-evidence rules since CE was introduced. Subscription billing history is the textbook CE3.0 “historical footprint.”

Third, the manual process is a known loser: Stripe-admin manual representment wins under 20% of cases because issuer systems now screen for structured, reason-code-specific evidence, not prose. Founders openly say disputes “were rarely if ever contested due to the time involved.”

Signal sources: chargeback.io statistics 2026, MRC 2026 report (via sift.com), chargeflow.io Stripe disputes guide, Stripe disputes docs.

Provenance:

• Signal 1 (Demand): SaaS chargeback rate 0.5–1.0% vs 0.26% general; up to 70% of subscription chargebacks are friendly fraud; manual representment wins <20% — https://www.chargeback.io/blog/chargeback-statistics , https://www.chargeflow.io/chargebacks-101/stripe-disputes — 2026-06-14
• Signal 2 (Feasibility): Visa Compelling Evidence 3.0 upgraded 2026-04-01 to allow prior-transaction/historical-footprint evidence submitted upstream before decision; Stripe docs confirm SaaS evidence = IP/system logs, login proof, usage records — https://sift.com/blog/what-you-need-to-know-about-the-visa-compelling-evidence-3-0-update/ , https://docs.stripe.com/disputes/categories — 2026-06-14
• Signal 3 (Economic): Friendly fraud 15%→36% of ecommerce fraud in one year (MRC 2026); chargeback automation incumbents (Chargeflow, Disputifier at 25% of recovered) funded and active; 62% of merchants deploying AI for friendly-fraud detection — https://www.chargeback.io/blog/chargeback-statistics , https://www.chargeflow.io/chargeflow-vs-disputifier — 2026-06-14 Category: Tech-unlock

3. The opportunity

The chargeback-automation market is owned by tools built for the wrong merchant. Chargeflow, Disputifier, Redo — they are Shopify-first. Their whole evidence engine assumes a physical shipment: tracking number, carrier scan, proof-of-delivery, AVS match. That’s the strongest evidence a card network accepts, and it’s exactly the evidence a SaaS company does not have. There is no package. There is no tracking number.

A SaaS or subscription merchant has a completely different — and arguably stronger — evidence set sitting in its own database: login timestamps, IP and device history, feature-usage events, “you canceled and we let you” flow logs, email opens, and a clean billing history of prior non-disputed charges. That last one is the CE3.0 historical footprint, handed to them for free by the subscription model. Nobody is assembling this.

The incumbents can’t pull it because it doesn’t live in Stripe or Shopify — it lives in the merchant’s own product. Stripe’s own Smart Disputes auto-assembles only what Stripe can see. The gap is a tool that connects to the app’s product database and turns raw usage telemetry into a reason-code-specific, CE3.0-formatted representment packet — then files it inside Stripe’s deadline.

4. Target market

• Primary customer: Founders and finance/ops leads at bootstrapped-to-Series-A B2C and prosumer SaaS / subscription apps doing $300K–$15M ARR on Stripe Billing, Paddle, Chargebee, or Braintree. Think habit apps, dating, fitness, AI tools, creator subscriptions, indie productivity SaaS — high transaction count, high friendly-fraud exposure, no dedicated disputes person.
• Why they buy, in their words: “Disputes were rarely if ever contested due to the time involved.” “If the dispute is for a small dollar amount with a low win rate, you may spend more in labor than it’s worth.” They lose the money and the $15 dispute fee and risk Stripe flagging them high-risk if the rate creeps up.
• Rough TAM reasoning: Hundreds of thousands of subscription merchants run on Stripe Billing alone. The serviceable wedge — B2C/prosumer apps with enough chargeback volume to care and an accessible usage database — is realistically tens of thousands of accounts. Even 1,500 paying ~$150/mo is a $2.7M ARR business.
• Why now for them: CE3.0’s April 2026 upgrade made their own data newly powerful, and friendly fraud doubling means the pain crossed the threshold where ignoring it stops being rational.

5. Product sketch (MVP)

• One-click connect to Stripe Billing (or Paddle/Chargebee) — auto-imports every incoming dispute with its reason code and deadline.
• Lightweight SDK / webhook so the merchant pipes in login events, key feature-usage events, and cancel-flow records from their own app (or connects an existing analytics source like PostHog/Segment).
• For each dispute, auto-assembles a reason-code-specific evidence packet: usage timeline, IP/device match, prior non-disputed transaction pairs (CE3.0 historical footprint), cancellation-policy acknowledgment, and a clean narrative.
• CE3.0 pre-qualifier: flags which disputes meet the “two prior undisputed transactions” bar so the merchant submits the strongest cases first.
• Auto-submits the formatted response inside Stripe’s deadline; tracks win/loss outcomes and surfaces a per-reason-code win rate.
• “Prevention” tips fed from loss patterns (e.g., your billing descriptor doesn’t match your app name — the #1 trigger).

6. AI angle — what’s load-bearing

AI does the part a human paralegal does badly at 2am: it reads the dispute reason code, decides which of the merchant’s raw events actually matter for that code, and writes a tight, issuer-readable narrative that maps telemetry to Visa’s CE3.0 criteria. Issuer review is increasingly automated and screens for structure — so the win comes from selecting and framing evidence correctly, not dumping logs. Remove the AI and you’re back to a founder hand-writing prose that loses 80% of the time. The model is the representment specialist, not a chatbot bolted on a dashboard.

7. Localization angle (if any)

N/A — this is a global play. The card-network rules (Visa CE3.0, Mastercard equivalents) are global, Stripe/Paddle are global, and the customer (SaaS founders) is a borderless, English-first, online-reachable audience. Forcing a geography wedge here would weaken it. If anything the localization is by billing platform (Stripe → Paddle → Chargebee), not by country.

8. Business model — path to $1M–$5M ARR

• Pricing: Hybrid. Base SaaS tier $99–$299/mo by dispute volume, plus a 15% success fee on recovered chargebacks (undercuts Disputifier’s 25%). The base fee covers the always-on integration; the success fee aligns incentives and captures upside.
• ACV: ~$1,800–$3,600 base + variable recovery. Call it ~$3,000 blended for a mid-tier account.
• Rough math to $1M ARR: ~330 customers × ~$3,000 blended ACV. Achievable inside the Stripe-Billing SaaS niche.
• Rough math to $5M ARR: ~1,500 customers, or fewer if the success-fee component scales with larger merchants’ volume. Requires expanding past Stripe to Paddle/Chargebee and moving upmarket to $10M+ ARR subscription apps.
• Expansion path: Win-rate improves → success-fee revenue compounds; add platforms (Paddle, Braintree); add prevention (descriptor fixes, pre-dispute alerts via Ethoca/Verifi) as a higher tier.

9. Go-to-market wedge — first 100 customers

• Stripe App Marketplace + Paddle app directory: list a native “SaaS dispute evidence” app. Merchants browsing for dispute tools there are pre-qualified by intent. This is a named channel with a captive, high-intent audience.
• Indie Hackers + r/SaaS + r/stripe direct outreach: there’s a steady stream of founders posting about chargeback pain (the Indie Hackers “Dark Side of SaaS Growth” thread is one of many). Reply with a teardown of their specific reason codes, offer a free first-month packet. Warm, targeted, ~hundreds of identifiable prospects.
• Cold outbound to subscription apps with public app-store presence: scrape App Store / Play Store subscription apps in habit/fitness/dating/AI categories, find the founder, send a 60-second Loom showing their likely friendly-fraud exposure and a sample packet. High-AOV-of-pain audience, 3–5% reply realistic.
• Partner with fractional-CFO / Stripe-consultant niche: a dozen of these advise hundreds of SaaS startups each; rev-share referral.

10. Build complexity — justification

Medium. The Stripe/Paddle dispute APIs, webhooks, and evidence-submission endpoints are all off-the-shelf and well-documented. The AI packet-writer is a structured-output LLM task over the merchant’s events — standard. The real work is the merchant-side ingestion SDK and mapping messy, per-app telemetry into a normalized evidence schema across many app shapes. A technical pair ships a Stripe-only v1 in ~10–12 weeks; multi-platform and a polished ingestion layer push it toward 4 months.

11. Gating checklist

Gate	Pass?	Note
Legal in target market	✅	Filing legitimate dispute evidence on the merchant’s behalf; standard.
Ethical — no harm / dark patterns	✅	Helps merchants contest genuine friendly fraud with real usage data — not fabricating evidence. Must refuse to dress up illegitimate charges.
Market exists (evidence above)	✅	Funded incumbents, hard friendly-fraud stats, public founder complaints.
1–5 person team can build this	✅	Technical pair, off-the-shelf APIs + LLM.
Launchable with <$50K / ₹40L	✅	API costs + inference; no capital intensity.

12. Feasibility score

Axis	Weight	Score	Notes
Problem intensity	20	14/20	Real, recurring, costs money — but per-dispute amounts are often small, so it’s “annoying loss” more than “hair on fire” for many merchants.
Demand evidence	15	12/15	Multiple hard signals: funded incumbents, doubling friendly fraud, <20% manual win rate, founder complaints. Strong but the incumbents prove demand more than the SaaS-specific cut does.
Build feasibility	15	11/15	Off-the-shelf APIs; the cross-app ingestion layer is the gnarly part.
Distribution clarity	15	10/15	Named channels (Stripe Marketplace, IH, cold app-store outbound) but conversion uncertain and the buyer is busy/distracted.
Revenue mechanics	15	11/15	Hybrid pricing benchmarks below incumbents; success fee aligns. ACV moderate; needs volume.
Time to first revenue	10	6/10	Trial-to-paid; first dollar in 4–8 weeks but the integration ask (pipe in your usage logs) adds onboarding friction.
Defensibility	10	4/10	Stripe Smart Disputes is the elephant — the platform owner is already in the room. Moat is cross-platform coverage + app-data depth Stripe can’t see, which is real but thin.
Total	100	68/100

13. Qualitative modifiers

Founder-fit tags

technical-heavy — the value is in API integrations and the evidence-mapping engine; sales is product-led/community-led.

Key assumptions to validate (3–5)

1. Assumption: SaaS merchants will install an SDK / wire up usage events to win disputes worth $20–$80 each. How to test: Offer 20 IH/r/SaaS merchants a free done-for-you packet if they grant read access to their event data; measure how many actually complete the integration step.
2. Assumption: SaaS-native evidence packets meaningfully beat the <20% manual baseline (target 40%+ win rate). How to test: Run 50 real disputes through the engine across 5 design-partner merchants; measure overturn rate vs their historical rate.
3. Assumption: The cut survives Stripe Smart Disputes — i.e., merchants want app-data depth and multi-platform coverage Stripe doesn’t offer. How to test: Interview 15 merchants already using Smart Disputes; ask what it misses.

Risk flags

1. Platform dependency / incumbent-by-the-platform: Stripe Smart Disputes can auto-assemble disputes for free inside the dashboard and could expand to ingest app data. This is the dominant risk — the moat must be cross-platform + deeper app integration.
2. Low per-dispute value: if average dispute amounts are small, merchants may rationally not care, capping willingness-to-pay.
3. Onboarding friction: the “pipe in your own usage logs” step is the conversion killer; if it isn’t near-zero-effort, activation stalls.

14. Structured verdict

Score:                  68/100
Verdict:                VALIDATE
Confidence:             Medium
Best-fit builder:       Technical founder/pair, comfortable with payments APIs and LLM structured output
Time to revenue:        6–10 weeks (Stripe-only design partners)
Capital to launch:      $5–10K ($ inference + API + landing)
Top 3 assumptions to validate first:
  1. Merchants will complete the usage-log integration to fight sub-$80 disputes — free done-for-you packet test on 20 merchants
  2. Engine beats the <20% manual win-rate baseline (target 40%+) — 50 real disputes across 5 design partners
  3. The cut survives Stripe Smart Disputes — 15 interviews with merchants already using it
Kill criteria:
  - Abandon if <30% of free-trial merchants complete the usage-data integration
  - Abandon if measured win rate doesn't clear ~35% across the first 50 real disputes
  - Abandon if Stripe ships app-data ingestion into Smart Disputes before your v1

15. Next step — 1-week validation sprint

• Day 1–2: DM 25 founders from r/SaaS, r/stripe, and the Indie Hackers chargeback threads. Offer: “Send me one lost dispute + read access to the user’s login/usage history; I’ll hand you a CE3.0-formatted packet free.” Goal: 8 yeses.
• Day 3–4: Hand-build the packets (manually, no product yet) using their data and Stripe’s evidence fields. Submit the ones with live deadlines.
• Day 5: Decide. Falsifiable outcome: go if ≥6 of 8 merchants completed the data-access step and at least one submitted packet clears CE3.0 pre-qualification with evidence the merchant agrees beats what they’d have sent. No-go if merchants won’t share data or the packets aren’t materially stronger than a manual response.

The whole bet rides on one question the sprint answers cleanly: will a busy SaaS founder do the integration work to recover small disputes, and does the SaaS-native evidence actually win more? If yes, it’s a build. If no, it’s a PASS dressed as a VALIDATE.