Impact Assessment: Understanding Visa's New Acquiring Monitoring Program (VAMP)

Blog
Keith Briscoe, VP of Member Advocacy, MRC
Jan 08, 2025
Blog

VAMP (Visa Acquirer Monitoring Program) is Visa’s latest evolution of its dispute and fraud monitoring programs. When the program starts to take effect in April 2025, Visa’s existing fraud monitoring compliance program (VFMP) and dispute monitoring compliance program (VDMP) will be retired. VAMP will effectively combine fraud and disputes into a single program and calculation based on the total count of CNP fraud and non-fraud-based disputes.

Visa’s stated intentions in reinventing the programs stem from an ongoing commitment to creating a secure and compliant payment processing environment. VAMP is designed to help acquirers, and their designated agents and merchants, maintain proper controls and oversight processes to deter fraudulent and compromising business practices. Strengthening acquirer risk controls related to fraud, dispute, and enumeration attacks can help minimize activities that adversely affect the ecosystem and reduce friction for consumers. It builds on Visa's existing compliance efforts and is expected to have a wide-ranging impact on businesses that handle card-not-present (CNP) transactions.

Let’s take a closer look at what VAMP is, why it matters, and how it will affect various stakeholders in the payments ecosystem. The intent of this article is to explore the implications of the new program, but here is a summary of the key program elements:

  • VAMP Ratio – To level set, the VAMP ratio is the sum of CNP fraud cases (called TC40) and non-fraud disputes (TC15, dispute conditions 11, 12, and 13) with a monthly minimum of 1000 transactions. This numerator is then divided by the total number of settled CNP transactions to yield the VAMP ratio.
  • Enumeration Ratio – In addition to the fraud and dispute ratio, VAMP will introduce changes to the enumeration ratio to better address the problem of enumeration attacks. This calculation is the number of enumerated authorization transactions (both approved and declined) divided by the total number of CNP authorized transactions with a monthly minimum of 300,000 enumerated transactions, identified and confirmed via the VAAI (Visa Attack Account Intelligence) Score system.
  • Program AdministrationMuch as the name suggests, one critical difference is that this new program will be administered at the acquirer level, replacing the existing merchant side programs. We’ll talk about the implications of this shortly. 
  • Ratio Thresholds & Effective DatesEffective April 1, 2025, the Excessive category for acquirers is >=50 bps. Effective January 1, 2026, two threshold categories will be in play: Above Standard’, defined as >=30 to <50 bps, and the ‘Excessive threshold at >=50 bps. On top of this, there is a merchant-specific threshold as well, and fines will apply accordingly at the merchant level. Effective April 1, 2025, ‘Excessive is defined as >=150 bps, and effective April 2026 Excessive’ will move down to >=90 bps. It’s critical to note that the VAMP ratio will exclude resolutions from pre-dispute tools, including RDR (Rapid Dispute Resolution), CDRN (Cardholder Dispute Resolution Network), and the Compelling Evidence 3.0 program. Exclusions will also be granted for any data processed through Visa Net which is card network agnostic.
  • FinesFor acquirers, USD $5 will apply for each CNP fraud and dispute non-fraud in the ‘Above Standard’ threshold. USD $10 USD will apply in the ‘Excessive’ threshold. If acquirer performance is above the specified threshold, fees will apply to each fraud and non-fraud dispute for all merchants with a VAMP ratio >=30 bps. In addition, if merchant performance is above the specified ‘Excessive’ threshold, a $10 fee will apply to each fraud and non-fraud dispute for that merchant only. It’s worth noting that while the program includes fines at both acquirer portfolio and merchant level, all fines will be administered to the acquirer. The acquirer will then have to determine how they pass those fees down to the merchant. 
  • Grace Periods – For first-time identifications withing a rolling 12-month period, a three-month grace period will be given before enforcement actions are taken. Identifications after the grace period will be fully subject to published fines. 

Impacts, Consequences & Recommendations

The new VAMP program is a significant reinvention of the existing fraud and dispute monitoring programs with potentially serious implications. It’s imperative that both merchants and acquirers start preparing for these changes immediately: while the advisory and grace periods appear to provide ample time, adequately changing business processes on both sides will be a significant lift. Some of the broader implications include: 

 

  1. Multi-Acquired Merchants Given this new program will be administered at the acquirer level, any merchant that leverages multiple acquirers will need to get clarity on how each acquirer intends to respond. Will each acquirer simply pass down fees accordingly? How aggressively will acquirers look to rationalize their merchant base in advance of the tightened monitoring thresholds? How should merchants be thinking about adjusting acceptance strategies given that more traffic typically results in higher disputes and potentially higher penalties? There are many considerations at play that may influence future acquiring strategy decisions. 

  1. Orchestration & Transaction RoutingIt’s likely that acquirers will respond differently to these new portfolio risk levels, and each may decide to apply specific controls or fees for merchants that present increased risk of breaching the program thresholds. For merchants, this is going to be an additional factor in how traffic will be funneled for both maximum authorization performance, as well as potential downstream dispute program penalties.

  1. Fee Assessment Modeling It’s unclear at present how the previous programs’ monitoring assessment fees will compare to the $10 ‘Excessive’ fee at the merchant level. To address this, it’s critical that merchants start working with their acquirers to better understand where they might end up from a financial penalty perspective. This will have a fundamental impact on both merchants’ existing processing strategies, including what products/services they sell and how they acquire traffic (particularly in higher risk merchant segments). 

  1. Use of Risk & Dispute Mitigation Tools – Both merchants and acquirers should be thinking about potential impacts to risk, fraud and dispute mitigation tools. Getting these tools in place and running efficiently can take time, so it’s essential this is addressed with urgency. Tightening fraud and dispute controls at the network level means increased vigilance for both merchants and acquirers. 

  1. Agnostic Dispute Resolution Tools It’s especially imperative that merchants pay close attention to the carve-outs that will be provided, both through the Visa product set (RDR, CDRN, and the CE 3.0 program), as well as other agnostic (i.e., non-Visa owned) tools. The effectiveness of other agnostic tools outside of the Visa network, e.g., services that leverage direct integrations into Visa issuers to provide resolution of disputes prior to chargeback, could be impacted

 

Key Recommendations: 

  • While a fraud dispute prevented by non-Visa tools isn’t a chargeback and won’t be included in the VAMP numerator as such, reported TC40s from those transactions will likely still end up hitting the numerator unless actions are taken by merchants, acquirers, issuers and pre-dispute resolution providers. 
  • For disputes resolved outside its toolset, Visa intends to recognize ‘signals’ provided during the TC40 fraud reporting process that tie the fraud record to a confirmation of a resolved dispute. While the fraud record will still exist, this will ensure that it does not count against the VAMP ratio. It’s important to note that this capability does not currently exist as part of fraud reporting at the issuer or network level. It’s imperative merchants work with their acquirers and processing partners to get the required data to Visa to ensure they are receiving the appropriate credit for disputes resolved outside of Visa’s tools. 
  • Merchants should also start working with their dispute resolution partners to determine how to address this potential gap in reporting to Visa. The health of VAMP ratios may hinge on this closed-loop reporting back to Visa, so time is a critical factor here. 

 

It will take some time to better assess how far-reaching the impacts of Visa’s new program will be. Simplifying and consolidating compliance programs is a step in the right direction and can serve to strengthen the overall CNP payments ecosystem. For both merchants and acquirers, being prepared and proactive is critical – don’t underestimate the potential ripple effects and need to pivot business operations. At the end of the day, fraud and dispute mitigation decisions are revenue decisions – and these decisions also impact customers

 

Tagged:
Blue-tinted background of a man watching a webinar

Host a Webinar with the MRC

Help the MRC community stay current on relevant fraud, payments, and law enforcement topics.
Submit a Request

Publish Your Document with the MRC

Feature your case studies, surveys, and whitepapers in the MRC Resource Center.
Submit Your Document

Related Resources

View All Resources