On April 1, Visa significantly updated its fraud and chargeback monitoring, which has important ramifications for merchants and acquirers alike.
Basically, Visa is consolidating its existing fraud and dispute programs into a single streamlined system. More specifically, Visa has merged its Visa Fraud Monitoring Program—also known as VFMP—and its Visa Acquiring Program—commonly referred to as VDMP—into one unified program. This new program is called the Visa Acquirer Monitoring Program, or VAMP.
VAMP aims to simplify compliance and enforcement while strengthening prevention measures. For merchants and acquiring banks, VAMP is designed to make it much easier to track and assess the kinds of risks that indicate and often lead to fraud or an increase in chargeback disputes.
Altogether, VAMP provides greater transparency and precision, helping merchants and acquirers better manage risks while aligning with compliance standards.
But be advised: VAMP represents stricter criteria by which Visa now monitors fraud and chargebacks. It also means potentially more severe penalties.
The VAMP ratio is still the key to understanding Visa’s updated monitoring program. It’s a single, count-based metric that helps merchants and acquirers assess fraud and dispute activity at a glance—if not exactly with ease, then at least with clarity.
Here’s how it works:
The ratio begins with the number of fraud cases reported against a merchant. These are captured in a TC40 data file, created by the cardholder’s issuing bank and shared with Visa, the acquiring bank, and eventually the merchant. TC40 reports reflect confirmed fraud events, such as unauthorized card use.
To that, Visa adds all processed disputes, which are logged under TC15. This now includes both fraud-related and non-fraud-related chargebacks—authorization errors, processing mistakes, and consumer complaints.
However, disputes that are resolved through Visa’s pre-dispute tools—like Rapid Dispute Resolution (RDR) and Order Insight—are excluded from the VAMP ratio calculation, as long as they are intercepted before becoming formal chargebacks. Timing matters here: only disputes that fully complete the pre-dispute resolution process in time are removed from the count.
Then, the total (TC40 + TC15) is divided by the number of settled transactions (TC05):
VAMP Ratio = (TC40 fraud + TC15 disputes) ÷ TC05 settled transactions
The result is a single figure—expressed in basis points—that Visa uses to determine whether a merchant or acquirer exceeds its defined risk thresholds. If the ratio goes above the allowable range, Visa considers that a threshold breach, and enforcement actions may follow.
While the formula is simple, the implications are not.
By including fraud and all disputes (not just a subset), Visa is sending a clear message: dispute volume in any form is now a critical risk signal.
Now, let’s talk about enumeration—a fancy name for a very real problem: bots trying thousands of stolen card numbers until one works, also known as carding. It’s one of the fastest-growing forms of card fraud.
To address this, Visa introduced the enumeration ratio as part of its official monitoring program. The math is straightforward in theory, but less so in practice:
Enumerated authorization attempts (approved + declined), as flagged by Visa’s Account Attack Intelligence (VAAI) model, divided by total authorization attempts (approved + declined).
This ratio applies only to merchants processing 300,000 or more Visa authorization attempts per month and only to card-not-present transactions. But if that’s you, Visa is now actively watching.
Important note: This ratio won’t be easy to calculate manually, since only Visa knows which authorizations it considers to be enumerated. However, a good starting point is to track your overall decline rate—look at all declines as a percentage of total auth attempts. While not exact, this can give you directional insight into whether something unusual might be brewing.
Just like with the VAMP ratio, Visa has set a clear benchmark: if your enumeration ratio exceeds 2,000 basis points (20%), you’ll be flagged for excessive activity.
Visa has a business to run. And so do you. This is why everyone must understand how essential it is that all involved do what they can to keep credit card processing as safe and secure as possible. Because if customers lose confidence in the convenience and reliability of credit card usage, then none of us will be in business much longer. As part of this effort to keep the card transaction processing operating smoothly, Visa has introduced VAMP.
The thresholds defined by the VAMP ratios serve as a line or boundary that merchants should try not to exceed. By not exceeding these defined thresholds, Visa judges merchants to be in good standing and remain eligible to accept Visa cards.
On the other hand, merchants who exceed their specific thresholds will face penalties depending on the severity of their non-compliance. These enforcement actions are determined by the merchant's performance and the acquiring bank's VAMP ratio.
By staying below their thresholds, merchants can avoid penalties and preserve a strong relationship with Visa and their acquirer bank.
In this regard, investing in the most advanced fraud prevention tools is more important than ever if you haven't already. Fraud activity is not only time-consuming and annoying but also very expensive. Preventing fraud is essential in protecting your bottom line.
While Visa has outlined enforcement structures and fee ranges, acquirers are still working through how those fines will be passed along or absorbed. That means merchants should expect some variability in how penalties are applied depending on their acquiring partner.
It’s also important to note that acquirers themselves are subject to the VAMP ratio. Visa monitors both merchant-level activity and acquirer portfolio-level performance. So even if a single merchant is compliant, their fees and risk exposure can still be affected if their acquirer’s overall metrics cross the line—and vice versa.
Visa hasn’t publicly published all the exact ratios, but it has made it clear that it will use regional data and volume to determine thresholds over time. Merchants flagged as at risk will be notified and given an opportunity to correct their actions before enforcement kicks in.
Merchants will want to take other steps as Visa rolls out its new VAMP program, starting with regularly tracking their VAMP ratio. This enables merchants to spot potential harmful trends early and make necessary adjustments to stay compliant.
Merchants will also want to make sure their internal business systems are up-to-date and flexible enough to deal with VAMP's tougher guidelines.
As we said, Visa's VAMP enhancements result in stricter oversight. This means merchants may face potentially more serious financial consequences if they fail to manage their fraud and dispute levels adequately.
Fortunately, Visa is giving merchants time to get up to speed. They'll have until September 30, 2025, to adopt whatever strategies they feel necessary to meet the new VAMP protocols with no penalties assessed. During this time, Visa will provide advisory assistance to those identified as exceeding the new VAMP standards and likely to face financial consequences once October 1, 2025, rolls around.
There's no denying that VAMP adds extra complexity to running your business. You might even find it more challenging than those old algebra classes. But help is available. Your merchant provider can assist you if you are confused or get caught up in all the technological logistics.
Qualpay is undoubtedly ready to guide you. We are working on presenting the ratio and have started with displaying TC40s as fraud alerts. You can find these in the dispute reporting by selecting dispute type as Fraud Alert. Contact us now about how we can ensure that you are prepared to meet the new Visa VAMP program's requirements.
