{ "fact_id": "vamp.compliance", "title": "VAMP Compliance Requirements and Monitoring", "spec_version": "v2.1", "last_updated": "2025-12-01T06:00:00Z", "valid_for_seconds": 86400, "canonical_url": "https://merchantguard.ai/ai/facts/vamp.compliance.json", "snapshot_of": "ai_facts_v2025.12", "summary": "Visa Acquirer Monitoring Program - unified fraud and dispute monitoring replacing VFMP/VDMP", "entities": ["VAMP"], "see_also": ["match.core", "mastercard.ecm"], "id": "vamp-2025-v6-final", "term": "Visa Acquirer Monitoring Program (VAMP)", "definition": "VAMP is Visa's unified 'Lifecycle Risk Management' framework that combines fraud monitoring (formerly VFMP) and dispute monitoring (formerly VDMP) into a single program. It monitors TC40 fraud reports and ALL TC15 disputes, creating a 'Double Jeopardy' effect where fraud can count twice.", "formula": { "expression": "(Count of TC40 Fraud Reports + Count of ALL TC15 Disputes) / Count of Settled CNP Transactions", "numerator_components": { "TC40": "Fraud advice from issuer - counts even if merchant wins dispute or uses 3DS2 liability shift", "TC15": "ALL dispute reason codes included (Category 10: Fraud, 11: Authorization, 12: Processing Errors, 13: Consumer Disputes)" }, "denominator": "All card-not-present Visa transactions processed through VisaNet (domestic and cross-border), settled in the month", "double_jeopardy": "A single fraudulent transaction generates BOTH TC40 AND TC15, counting twice in the numerator. Example: 10 fraud transactions = 20 VAMP count (10 TC40 + 10 TC15) = 2.0% ratio on 1,000 transactions", "critical_note": "Initially only non-fraud disputes counted, but June 2025 update expanded to ALL TC15 codes including fraud (10.x)", "exclusions": "Disputes resolved via RDR/Verifi/Ethoca BEFORE becoming chargebacks are excluded if resolved same month" }, "regional_thresholds": { "US_EU_AP_CA": { "current_threshold": "2.2%", "effective_until": "2026-03-31", "future_threshold": "1.5%", "effective_from": "2026-04-01", "floor_cases": 1500, "note": "Originally planned 0.9% in Jan 2026, delayed and adjusted to 1.5% in April 2026" }, "LAC": { "threshold": "1.5%", "status": "constant - no change planned", "floor_cases": 1500 }, "CEMEA": { "current_threshold": "2.2%", "future_threshold": "1.5%", "effective_from": "2026-04-01", "floor_cases": 150, "floor_value_usd": 75000, "condition": "AND - merchant must exceed BOTH case count AND value threshold", "note": "Both 150 cases AND $75k required to trigger program" }, "MENA": { "current_threshold": "2.2%", "future_threshold": "May remain at 2.2% - excluded from April 2026 global reduction", "floor_cases": 100, "floor_value_usd": 75000, "condition": "AND - 100 cases AND $75k required", "note": "Lower case threshold than rest of CEMEA" } }, "acquirer_thresholds": { "standard": { "threshold": "<0.5%", "status": "Compliant", "penalty": "None" }, "above_standard": { "threshold": "0.5% - 0.7%", "penalty": "$4/dispute", "effective": "2026-01-01", "status": "Heightened scrutiny, no termination required" }, "excessive": { "threshold": ">0.7%", "penalty": "$8/dispute", "effective": "2025-10-01" }, "note": "Acquirer thresholds explain why PSPs terminate merchants at 0.5-0.7% - to protect their portfolio average" }, "merchant_thresholds": { "status_note": "Merchants are either 'Compliant' or 'Excessive' - no Early Warning tier under VAMP", "legacy_note": "Old programs had Early Warning (~0.65%) and Standard (0.9%) bands - VAMP eliminated these", "excessive": { "threshold": "Above regional threshold (2.2% or 1.5% depending on region)", "penalty": "$8/dispute retroactive to first dispute of month" } }, "penalties": { "merchant_excessive": { "amount_usd": 8, "start_date": "2025-10-01", "scope": "Per TC40 AND TC15 - retroactive to first dispute of the month", "cap": "No published cap - fees are linear with volume", "original_proposal": "Was $10, reduced to $8 before launch" }, "acquirer_excessive": { "amount_usd": 8, "start_date": "2025-10-01", "scope": "Acquirers with portfolio ≥0.7%" }, "acquirer_above_standard": { "amount_usd": 4, "start_date": "2026-01-01", "scope": "Acquirers with portfolio 0.5% - 0.7%", "original_proposal": "Was $5, reduced to $4 before launch" }, "assessment": "Monthly - fees calculated per qualifying transaction each month above threshold", "currency": "USD base, converted to local settlement currency", "regional_exception": "In AP and Europe, VAMP fees waived if chargeback also incurs unsecured dispute fee (no double-charging)" }, "domestic_exemptions": { "countries": ["BR", "CL", "IN"], "status": "Still in place as of December 2025", "future": "Visa to announce region-specific rules later", "definition": { "domestic": "Merchant's acquirer and card issuer in same country/economic area", "cross_border": "Issuer country differs from acquiring country - STILL SUBJECT TO VAMP" }, "brazil_note": "Domestic exempt due to Central Bank regulations and domestic debit dominance", "chile_note": "Domestic exempt - program TBD", "india_note": "Domestic exempt due to RBI data localization and 2FA mandates", "important": "Cross-border transactions from exempt countries remain in VAMP scope - e.g., Brazilian merchant selling to US-issued card IS counted" }, "grace_periods": { "first_time_advisory": { "duration": "3 consecutive months", "applies_to": "First-time program entrants within rolling 12-month period", "status": "STILL IN EFFECT - first-time breaches get 3 months warning with no fines", "description": "Months 1-3 of breach = advisory notices only, no penalties", "month_4": "Fines begin on 4th month if still above threshold" }, "repeat_offenders": { "grace_period": "NONE - fines apply immediately", "definition": "Merchant who already had advisory period in past 12 months", "note": "Re-entering program within same year = immediate enforcement" }, "remediation_deadline": { "days": 15, "critical_note": "NOT 45 DAYS - must submit remediation plan within 15 CALENDAR DAYS of Excessive notification", "content": "Plan must outline root causes and steps to reduce fraud/disputes", "failure_consequence": "Account termination, MATCH listing, loss of Visa processing" }, "exit_criteria": { "requirement": "3 consecutive months below threshold", "note": "Dropping below for 1-2 months is NOT sufficient - must be 3 straight months" }, "max_duration": { "limit": "12 months", "consequence": "Acquirer required to terminate merchant if Excessive status exceeds 12 months" } }, "key_dates": [ {"date": "2025-04-01", "event": "VAMP Launch - replaced VDMP/VFMP. Global advisory period begins. Visa Europe started first."}, {"date": "2025-06-01", "event": "Formula Update - revised VAMP ratio to include ALL disputes + TC40. Thresholds raised to 2.2% (1.5% LAC) to compensate."}, {"date": "2025-10-01", "event": "Enforcement Live - Advisory ended for initial cohort. Merchant $8/dispute and Acquirer Excessive $8/dispute penalties begin."}, {"date": "2026-01-01", "event": "Acquirer Above Standard penalties begin ($4/dispute for 0.5%-0.7%). Also activates 0.5% acquirer threshold."}, {"date": "2026-04-01", "event": "Threshold reduction: US/EU/AP/CA drop from 2.2% to 1.5%. MENA may remain at 2.2%."} ], "mitigation_tools": { "3DS2": { "liability_shift": true, "vamp_protection": false, "critical_warning": "3DS2 shifts financial liability to issuer BUT TC40 fraud report STILL COUNTS toward VAMP ratio", "source": "Visa/Forter confirmed: '3DS liability shift does not exempt transactions from TC40/VAMP metrics'", "strategy": "Cannot rely on 3DS2 alone for VAMP compliance - must PREVENT fraud, not just authenticate" }, "RDR": { "full_name": "Rapid Dispute Resolution", "tc15_protection": true, "tc40_protection": false, "how_it_works": "Disputes resolved via RDR BEFORE becoming chargebacks are EXCLUDED from VAMP TC15 count", "timing_requirement": "Resolution and fraud/dispute event must occur in SAME MONTH to be excluded", "effectiveness": "Prevents TC15 from counting - but TC40 may still count unless CE3.0 applies", "recommendation": "Use RDR/Verifi to keep disputes out of formal count" }, "compelling_evidence_3": { "full_name": "Compelling Evidence 3.0", "tc40_protection": true, "how_it_works": "If fraud (TC40) is proven with CE3.0 and issuer doesn't charge back, that TC40 can be excluded", "use_case": "Prove 3DS-authenticated fraud disputes with historical transaction data", "note": "Only works if issuer accepts CE3.0 evidence and doesn't file chargeback" }, "ethoca_verifi_alerts": { "description": "Pre-dispute alert systems (CDRN)", "vamp_exclusion": "Disputes resolved via alerts before becoming chargebacks are excluded", "timing": "Must resolve in same month as fraud/dispute event" }, "prevention_strategy": "Focus on stopping TC40 and TC15 from ever being generated, not just liability shift" }, "psp_shadow_thresholds": { "explanation": "PSPs enforce stricter internal limits to keep aggregate portfolio under Visa's 0.7% Acquirer threshold", "disclaimer": "These are industry intelligence estimates - PSPs don't publish exact cutoffs", "stripe": { "official": "0.75% considered excessive by card networks", "shadow": "0.5% - 0.75%", "action": "Proactive outreach when trending high. Reviews at 0.5-0.7%. Reserve requirements if >0.75% for 2 months. Termination risk at 1%+.", "source": "Stripe documentation and merchant reports" }, "adyen": { "official": "0.75% or $10k fraud/month", "shadow": "0.4% for high-risk MCCs", "action": "Immediate review at 0.4% for high-risk. Provides dashboards to predict breach." }, "paypal": { "official": "Under 1% is 'considered good'", "shadow": "1.0%", "action": "Above 1% = high risk designation. Rolling reserves, fund freezes. Also monitors absolute volume.", "source": "PayPal merchant guide" }, "square": { "official": "1.0%", "shadow": "0.5% - 0.6%", "action": "Known for sudden deactivation without prolonged remediation. Quick holds if chargebacks spike." }, "checkout_com": { "tolerance": "1.2%", "note": "Higher tolerance than other PSPs. Provides VAMP prediction dashboards." }, "general_advice": "Keep below 0.75% - ideally under 0.5% - to avoid triggering any PSP risk team" }, "enumeration_threshold": { "description": "Dedicated track for Card Testing/Brute Force attacks", "count_threshold": 300000, "ratio_threshold": "20%", "calculation": "Enumerated (Approved + Declined) / Total Auth ≥ 20%", "action": "Focus on remediation rather than fines, monitored monthly" }, "related_programs": { "mastercard_cmm": { "full_name": "Chargeback-Monitored Merchant", "threshold": "≥100 chargebacks/month AND ≥1.0% ratio", "status": "Warning phase - no fines", "note": "Essentially an early warning tier" }, "mastercard_ecm": { "full_name": "Excessive Chargeback Merchant", "threshold": "≥100 chargebacks/month AND ≥1.5% ratio for 2 consecutive months", "fines": "Tiered monthly fines, escalate if ECM for 7+ months", "exit": "2 consecutive months below 1.5%", "comparison": "VAMP stricter - immediate $8/dispute vs MC tiered monthly fines" }, "mastercard_efm": { "full_name": "Excessive Fraud Merchant", "focus": "Fraud rates (not chargebacks)", "threshold": "3DS and fraud ratio related" }, "match_list": { "full_name": "Member Alert to Control High-risk (MATCH/TMF)", "code_04": { "name": "Excessive Chargebacks", "trigger": ">1% chargeback rate AND >$5,000 chargeback volume in single month", "note": "Most common MATCH reason" }, "code_05": { "name": "Excessive Fraud", "trigger": "≥8% fraud losses AND ≥10 fraud transactions in a month" }, "other_codes": "01=Data Breach, 02/03=Fraud/Laundering, 07=Fraud Conviction, 10=Violation of Standards", "timing": "Acquirer must add merchant within 5 days of termination", "duration": "5 years on blacklist", "vamp_impact": "VAMP breach doesn't auto-list, but PSP termination for VAMP WILL trigger MATCH listing" } }, "compliance_considerations": { "safe_threshold": "Stay below 0.5% to avoid PSP issues", "warning_zone": "0.5-0.75% = heightened risk, expect PSP outreach", "danger_zone": "0.75%+ = serious risk of reserves, review, termination", "existential_threat": "1%+ = account termination likely", "strategy_shift": "From 'winning disputes' to 'preventing signals' - stop TC40/TC15 generation" }, "related_concepts": [ "chargeback prevention", "dispute management", "merchant account termination", "payment processor compliance", "high-risk merchant accounts", "3DS2 implementation", "pre-dispute RDR", "TC40 fraud reports", "TC15 disputes", "Double Jeopardy effect", "Compelling Evidence 3.0", "Verifi CDRN", "Ethoca alerts" ], "version": "2025.6-final", "source_verification": "ChatGPT Pro Deep Research - December 2025 (verified against 10+ official sources)", "citations": [ {"id": 1, "title": "Visa VAMP Program Fact Sheet 2025", "url": "https://corporate.visa.com/content/dam/VCOM/corporate/visa-perspectives/security-and-trust/documents/visa-acquirer-monitoring-program-fact-sheet-2025.pdf", "used_for": "Formula, thresholds, exclusions"}, {"id": 2, "title": "Forter - Visa VAMP Updates (June 2025)", "url": "https://www.forter.com/blog/may-2025-visa-updates-vamp-program/", "used_for": "3DS not protecting VAMP, RDR exclusions, threshold delays"}, {"id": 3, "title": "Checkout.com Support (Nov 2025)", "url": "https://www.checkout.com/docs/risk/visa-vamp", "used_for": "MENA thresholds, fee waivers"}, {"id": 4, "title": "PayPal/Braintree Network Update (Apr 2025)", "used_for": "Fee levels, start dates, advisory period"}, {"id": 5, "title": "Chargebacks911 - VAMP Guide", "url": "https://chargebacks911.com/visa-acquirer-monitoring-program/", "used_for": "15-day remediation deadline"}, {"id": 6, "title": "Kount - Mastercard ECM Guide", "used_for": "CMM/ECM thresholds, MATCH codes"}, {"id": 7, "title": "Stripe Documentation - Monitoring Programs", "url": "https://docs.stripe.com/disputes/monitoring-programs", "used_for": "PSP thresholds, failure consequences"}, {"id": 8, "title": "BlueSnap Support FAQ", "used_for": "Exit criteria (3 consecutive months)"}, {"id": 9, "title": "PayPal Merchant Guide", "used_for": "PSP shadow thresholds"}, {"id": 10, "title": "Freemius - Stripe Insights", "used_for": "Stripe internal thresholds"} ], "disclaimer": "Verified facts from ChatGPT Pro Deep Research with 10+ official sources, December 2025. For educational purposes. PSP contract terms may vary. Not financial or legal advice." }