Visa is changing the way fraud and chargeback risk is monitored. Check out our detailed guide to learn more about the new policy updates.
High-Level Overview
Want the short version? Here’s what you need to know.
What
Visa is changing the way fraud and chargeback risk is monitored. Here are what we consider to be the key takeaways:
- Several existing monitoring programs are being consolidated into one.
- The chargeback ratio – and how it is calculated – has been updated.
- New thresholds indicate that the emphasis is on the acquirer monitoring their portfolio’s risk metrics.
- Even though the announcement is fairly detailed, there are some key elements that haven’t been disclosed yet. You will want to carefully monitor this initiative as it unfolds.
Why
According to Visa, the new update is an effort to “strengthen acquirer risk controls…to minimise activities that adversely affect the ecosystem and reduce friction for customers.”
When
Visa anticipates these updates will take effect April 1, 2025. Further updates will take place in 2026.
Who
The policy updates are being rolled out in ALL global regions. Originally, the announcement applied only to European acquirers and their merchants. However, the initiative has since expanded to other regions.
Implications
This update could impact your business in several ways. We suggest you read this entire article for the most complete understanding. But here are the essentials you need to be aware of:
- The math has changed. Your VAMP ratio could potentially be higher than your chargeback ratio was in the past — if you don’t use the right dispute resolution tools.
- Monitoring risk levels will be even more challenging. More factors go into the ratio calculation. This means you have to collect more data, and there could be accuracy issues.
- As is the case with any new policy update, acquirers and processors may be prompted to reevaluate their risk management strategy. If they decide to lower their risk tolerance, your merchant account could be in jeopardy.
- You could potentially pay more in fees.
- Chargeback prevention tools (CDRN and RDR) are now more important than ever. For some merchants, they might even be essential for survival.
- It’s getting harder and harder to navigate the world of payments on your own. You need access to experts you can trust. If you aren’t working with a payments solution provider or you don’t have confidence in your current partner, reach out to AltoPay today.
Introducing VAMP
Visa is introducing a new method to monitor acquirer and merchant risk.
Currently, Visa uses three programs to monitor payment risk:
- Visa Acquirer Monitoring Program (VAMP) – Acquirers are enrolled in this program if risk across the entire merchant portfolio is too high.
- Visa Fraud Monitoring Program (VFMP) – Merchants are enrolled in this program if too many transactions are reported as fraud.
- Visa Dispute Monitoring Program (VDMP) – Merchants are enrolled in this program if too many transactions are disputed.
Visa is consolidating all their risk monitoring initiatives into VAMP and retiring VFMP and VDMP.
The update also includes a new metric to monitor: enumeration ratios.
Enumeration is the criminal practice of testing stolen payment information, usually conducted at scale via technology. Enumeration is commonly referred to as brute force attacks, card testing attacks, or BIN attacks.
The VAMP update impacts all acquirers and their merchants.
The new policy is expected to take effect April 1, 2025 with additional changes on January 1, 2026.
Note
It’s common for policy updates to evolve and change as they are implemented. Alto Pay is in regular contact with the team at Visa. We promise to keep you updated on any new developments. This article and LinkedIn will have the most up-to-date information. You can also reach out to us directly with any questions.
VAMP Ratios
Ratios have traditionally been the primary metric for fraud and chargeback risk monitoring — and this new update is no exception.
VAMP thresholds are based on two ratios:
VAMP ratio = monthly card-absent disputes / monthly settled transactions
VAMP enumeration ratio = number of monthly confirmed enumerated transactions / monthly settled transactions
Dispute Definition
The VAMP ratio combines TC40 fraud cases and non-fraud disputes. TC40 fraud cases are defined as any transaction that receives a TC40 report. Non-fraud disputes are defined as any chargeback with a reason code in the 11, 12, or 13 category.
On the surface, it may seem like this way of classifying disputes — fraud and non-fraud — is a bunch of unnecessary jargon. However, there are some implications to take note of. We’ll discuss those later in this article.
Note
Certain TC40 cases and disputes can be excluded from your VAMP ratio. The following cases will not be calculated in your ratio:
- Resolved alerts via Cardholder Dispute Resolution Network (CDRN)
- Resolved Rapid Dispute Resolution (RDR) cases
- Order Insight inquiries that qualify for Visa CE 3.0 protection
VAMP Enrollment Criteria
In the past, Visa has had two types of monitoring programs:
- Programs that monitor an acquirer’s overall portfolio risk
- Programs that monitor individual merchant risk
However, the new VAMP combines both acquirer and merchant monitoring into one program. Therefore, there are different enrollment criteria.
Note
This article focuses primarily on merchant thresholds and enrollment. If you’d like to learn more about acquirer thresholds, please reach out to our team.
Thresholds
Acquirers are enrolled in the program if the VAMP ratio for their entire card-absent portfolio exceeds the allotted thresholds. The program launches with an “excessive” classification. A second classification — “above standard” — will be introduced in 2026 with lower thresholds.
Merchants are enrolled in the program if their VAMP ratio is:
- greater than or equal to 1.5% (150 basis points) in U.S., Canada, Europe, CEMA, and AP
- greater than or equal to 0.9% (90 basis points) in LAC
Even if the acquirer’s overall card-absent portfolio is below VAMP thresholds, any merchant over the limit will be flagged as excessive. So merchants in an otherwise healthy portfolio could be enrolled, fined, and eventually closed.
Note
These are the thresholds that will be applicable when the initiative goes into effect April 1, 2025. Visa has plans to lower the thresholds on January 1, 2026.
Minimums
The VAMP announcement also outlines minimums.
- An acquirer is only enrolled in VAMP if its portfolio has received 1,000 or more card-absent disputes (fraud and non-fraud combined) in the given month.
- A merchant is only enrolled in VAMP if it has received 1,000 or more card-absent disputes (fraud and non-fraud combined) in a given month.
While these are Visa’s official guidelines, there are still several unknowns about how these minimums will be implemented. Acquirers will probably manage minimums on a case-by-case basis. For example, some might wait until a merchant breaches both the minimum and the ratio. However, others might take action based on ratios alone.
We recommend you monitor this element closely as the initiative unfolds.
VAMP Fees
Merchants and acquirers that breach program thresholds will pay additional fees. Program fees for merchants are in addition to traditional chargeback fees.
While the announcement does a good job of transparently sharing fee amounts, there are a couple details that probably won’t be clear until after the initiative goes into effect.
For example, will you be charged the minimum amount outlined by Visa? Or will acquirers add on administrative fees before passing the cost along to you?
And when will fees be assessed?
Normally, fees would be charged after you’ve breached the program threshold. However, with the newly outlined structure, there’s a chance you could be charged program fees even if you aren’t enrolled in the program.
Check with your acquirer on what fees you can expect — and at what ratio.
Managing fees on a merchant-by-merchant basis could be quite challenging. To simplify workflows, we anticipate acquirers may increase upfront chargeback fees across their portfolio — regardless of enrollment status for them or you.
Again, these details likely won’t be addressed until after the program is live.
We suggest you keep a close eye on the initiative as it unfolds and reach out with any questions.
Fortunately, there are some things we do know today.
Visa has provided very clear suggestions on how to avoid the VAMP program and any corresponding fees. You just need to use proven-effective chargeback prevention tools to keep your ratios below thresholds.
How to Prepare For VAMP
1. Use suggested tools to keep ratios in check.
Merchant accounts are valuable assets. You should always do whatever you can to protect them. And, in light of the new VAMP updates, account health is more important than ever before.
Fortunately, there are several tools and technologies that can help you better manage chargebacks.
Note
Cardholder Dispute Resolution Network (CDRN) and Rapid Dispute Resolution (RDR)
Remember how we said that VAMP ratios combined TC40 fraud cases and non-fraud disputes? This is an important detail to note.
Any time a transaction is disputed as suspected fraud, the issuer is required to file a TC40 case. However, not all TC40 fraud cases become chargebacks. In fact, data shows that only about 50% of TC40 cases advance to a chargeback.
Yet, monitoring program ratios are now calculated with TC40 case data — not just chargeback data.
Therefore, your VAMP ratio could potentially be higher than your old chargeback ratio.
However, there is good news.
There are various proven-effective prevention tools that can quickly reduce VAMP ratios — CDRN (prevention alerts provided by Visa’s technology provider, Verifi) and RDR are two examples.
Both CDRN and RDR provide the ability to have the transaction in question refunded so it doesn’t become a chargeback and won’t count against your VAMP ratio.
If you don’t want to see a 50% increase in your VAMP ratio, you’ll want to implement CDRN and RDR as soon as possible.
The functionality and workflow for each are slightly different, so you’ll want to sign up for both to maximise your protection. Reach out to the AltoPay team to get started.
Note
Prevention alerts are also provided by Ethoca — which refunds both Mastercard and Visa disputes. However, VAMP ratios will not be reduced by Ethoca alerts — even if the dispute is for a Visa transaction. If you currently use Ethoca alerts for chargeback prevention, note that your Visa ratio will no longer be protected. If you are using Ethoca exclusively, you’ll want to add in Verifi’s CDRN and RDR.
Pre-Authorization Fraud Tool
Because enumeration is a new metric that will be monitored, card testing attacks must be detected and prevented.
VAMP enumeration ratio = number of monthly confirmed enumerated transactions / monthly settled transactions
If you are not already using a tool for pre-authorization fraud detection, now is the time to get started. Technology can help detect threats and quickly block activity before a full-scale attack hits your business.
Reach out to our team if you’d like recommendations.
Why Chargeback Prevention Matters
Any time policies change — especially those related to risk management — industry members have a tendency to react conservatively.
Before the initiative even goes into effect, processors and acquirers might be quick to terminate accounts and avoid potential risk. If your business is over existing thresholds or is close to a breach, you should take action immediately.
Once the rules are implemented, acquirers will have to keep their dispute ratio below 0.5% for the entire portfolio. If they can’t, they’ll pay a fee for each dispute received by every merchant with a ratio above 0.3%. That’s a really low threshold — with the potential for a massive expense.
In response, acquirers will likely try to eliminate the merchants that pose the biggest and costliest threat.
So even if you are technically below the enforcement threshold, the acquirer may still have to pay a fee for your disputes. If you have a high volume of chargebacks, you could be an obvious choice for remediation or closure.
Remember, processors, acquirers, and card brands don’t want your business’s risk to put their portfolio at risk. Make sure you aren’t viewed as a liability for anyone else in the ecosystem.
2. Create a system for reporting and reconciliation.
The inclusion of TC40 data — along with CDRN and RDR exemptions — introduce new dispute management challenges.
In theory, this is the calculation you’ll use to determine your VAMP ratio:
VAMP ratio = monthly card-absent disputes / monthly settled transactions
However, it will actually look more like this:
VAMP ratio = (TC40 cases + Dispute Condition Codes 11, 12 and 13) – (RDR cases + CRDN alerts) / settled card-absent transactions
You’ll need to pull data from multiple places and consolidate it into a single point of truth. That requires quite a bit of planning and organisation.
Note
Typically, TC40 data is difficult to obtain. Your best bet is to sign up for Verifi’s Inform product and receive TC40 data directly from the card brand. If you are interested in this option, you can receive Inform reports from AltoPay. Pricing is per MID, not per case. Let our team know if you are interested.
Once you’ve collected and consolidated your data, you’ll also need to check for accuracy issues.
When RDR was unveiled several years ago, acquirers struggled to accurately distinguish between successful RDR cases and actual chargebacks. For a while, RDR cases were included in the chargeback ratio.
We anticipate similar struggles with the new VAMP ratio calculations. It will be important for you to conduct your own reconciliation and compare it to the calculations your acquirer comes up with. Any errors or discrepancies need to be reported before you are incorrectly penalised.
Note
This task will likely be very difficult — maybe impossible — to manage on your own. Fortunately, AltoPay provides access to an all-in-one reporting platform that can make monitoring simple and accurate. Contact our team today to learn more.
3. Stay Alert
It’s important to track this initiative as it unveils — for several reasons.
First, the new policy announcement is fairly detailed. But there are a few key elements that have not, as of yet, been disclosed. For example:
- How does an acquirer or merchant get out of the program? How long do you have to keep ratios below thresholds?
- When does an acquirer have to terminate a merchant?
- How will enumeration attacks be monitored and reported? Are fees assigned if the enumeration count is above the threshold?
- How will monthly minimums factor into the monitoring program?
Second, it’s very common for policy updates to change and evolve as a card brand moves toward actual implementation. Industry feedback and technical limitations may cause the rules to change.
We suggest you follow AltoPay on LinkedIn to receive early notifications of any major updates. You can also bookmark this page and check back frequently. If you have specific questions or things you’d like us to ask Visa, feel free to reach out to our team.
We also suggest you reach out to your account manager at your payment processor to see what insights you can gain about the upcoming policy change. For example:
- What are your current fraud and chargeback ratios?
- Does your processor have any advice on how to better manage your current situation?
- Can your processor share any insights on how they plan to address the new update?
Check in now and again closer to the implementation date.
Note
Payment processes and regulations can be difficult to manage. But you shouldn’t have to navigate them on your own. If you are unable to reach your payment processor account manager or you feel you don’t receive adequate answers, it might be time to consider a different payment setup. Life is too short to work with a solution provider you don’t like or trust. Let AltoPay be your trusted advisor for all things payments. Reach out to our team today to learn more.
Want help preparing for upcoming changes?
The new VAMP initiative will be here before you know it. Proactively make updates now so your business will be protected and compliant from day one.
If you’d like help preparing for VAMP, reach out to our team of experts. We have everything you need — CDRN, RDR, reconciliation reporting, professional insights, actionable advice, and more.
For more than a decade, Jessica Velasco has been a thought leader in the payments industry. She aims to provide readers with valuable, easy-to-understand resources.
