PATENT PENDING · U.S. 63/983,843

Your Merchants Are 45 Days
From a MATCH Listing.
We Stop It.

Automated graduated defense that fires HMAC-signed webhooks to your gateway when VAMP velocity spikes. Not a dashboard. Not an alert. Active mitigation.

Request 30-Day Pilot

$2,500/mo minimum · No free tier · Sales-led

The VAMP Problem

Visa's VAMP program gives ISOs 45 days to remediate merchants approaching the 1.5% threshold. Cross it and the merchant is MATCH-listed. Your portfolio eats the loss.

1.5%
VAMP Ratio = MATCH Listing

Visa's hard threshold. Cross it and you're added to the MATCH list — blacklisted from processing.

$50-100K
Cost Per MATCH Event

Fines, lost processing, merchant migration costs, legal fees. Per merchant. Not per portfolio.

45 Days
To Remediate

Visa gives you 45 days to submit a remediation plan. Miss it and the listing is permanent.

Graduated Response. Minimum Intervention.

Like a PID controller: proportional intervention based on severity. We escalate only when the previous stage fails to arrest velocity.

STAGE
1
Force 3DS on txns > $500
2-5% conversion impactEscalates after 48 hours

Surgical. Only high-ticket transactions require 3DS authentication. Minimal customer friction.

STAGE
2
Force 3DS on txns > $200
5-10% conversion impactEscalates after 24 hours

Moderate. Mid-range and above. Catches the bulk of card-testing attacks without blanket blocking.

STAGE
3
Force 3DS on txns > $100
10-15% conversion impactEscalates after 12 hours

Aggressive. Most transactions authenticated. Used when velocity is accelerating despite Stage 2.

STAGE
4
Force 3DS on txns ALL
15-25% conversion impactEscalates after Immediate

Nuclear. Every transaction requires 3DS. Last resort before MATCH listing. Better 25% conversion loss than 100% processing loss.

< 1 Hour Integration. We Send. You Enforce.

We send HMAC-signed webhooks when velocity spikes. Your gateway enforces the action.

{
  "merchantId": "mch_7x9k2",
  "vampRatio": 1.35,
  "survivalProbability": 28,
  "action": "FORCE_3DS_GATEWAY_API",
  "stage": 2,
  "market": "US",
  "checkoutType": "hosted",
  "reason": "VAMP Ratio reached 1.35%. Stage 2 mitigation engaged.",
  "timestamp": "2026-02-17T14:30:00.000Z",
  "trigger": "velocity_lagged",
  "disclaimer": "Addresses acute fraud velocity spikes..."
}

Security & Compliance

🔐

HMAC-SHA256 Signed

Every webhook payload signed with your secret key. Timing-safe verification prevents replay attacks.

📋

Deterministic JSON

Sorted keys prevent signature mismatch across implementations. Patent pending serialization method.

🛡

Redis Idempotency

7-day NX lock prevents duplicate actuator fires. One trigger per merchant per cooldown window.

Timing-Safe Compare

Constant-time signature comparison prevents timing side-channel attacks on HMAC verification.

TC40 / Friendly Fraud

Addresses acute velocity spikes (true fraud, bot attacks, card testing). Not friendly fraud — 60-80% of chargebacks.

FCRA Compliant

Not a credit report. No adverse action. VAMP remediation tooling, not consumer scoring.

Velocity Intelligence

Two detection windows catch what dashboards miss.

WINDOW 1 — 1 HOUR

Bot Enumeration Detection

Failed auths > 100 + decline rate > 40% in one hour = CAPTCHA + BIN block. Catches card-testing bots hammering auth endpoints before they generate chargebacks.

Cooldown: 1 hour
WINDOW 2 — LAGGED DENOMINATOR

The Denominator Paradox Fix

Chargebacks lag sales by 30-45 days. When sales drop, VAMP spikes without new fraud. Triple-gate trigger uses velocity delta + EOM projection + absolute volume to eliminate false positives.

Gates: ΔVAMP ≥ 0.40% | EOM > 1.45% | CB7d > 10

“We catch the math tricks that crash your portfolio.”

Every dashboard shows you VAMP after the fact. Kill Switch reads the derivative and acts before the cliff.

Multi-Market Ready

Same detection engine. Market-specific actuators.

US MARKETJAPAN MARKET
Stage 1Force 3DS > $500Transaction ceiling $500
Stage 2Force 3DS > $200Rate limit 100 txn/hr
Stage 3Force 3DS > $100Manual review queue
Stage 4Force 3DS ALLMID suspend

Japan mandated 3DS 2.0 for all e-commerce April 2025 — "force 3DS" has no effect. Actuators adapt.

MPA Addendum Template

We wrote the contract language so you don't have to.

§

Authorization to Act

ISO authorizes MerchantGuard to execute graduated 3DS enforcement on merchant MIDs when VAMP ratio exceeds configurable thresholds (default: 1.3%).

§

Liability Cap

MerchantGuard liability capped at 3x monthly fees. Conversion impact from 3DS enforcement is acknowledged and accepted as cost of MATCH avoidance.

§

Conversion Acknowledgment

Merchant acknowledges that forced 3DS authentication may reduce conversion rates by 2-25% depending on stage, and that this is preferable to MATCH listing.

Download MPA Addendum Template

Pricing

30-DAY PAID PILOT
$2,500/mo minimum

Production: 1-3 bps of portfolio volume

No free tier. No self-serve. This is enterprise.

All 4 graduated response stages
Velocity intelligence (both detection windows)
HMAC-signed webhooks with deterministic JSON
Dedicated onboarding engineer
MPA addendum template included
Multi-market actuator support
Request 30-Day Pilot

Request a Pilot

30-day paid pilot. We'll reach out within 24 hours.

Frequently Asked Questions

How does Kill Switch detect VAMP spikes?+
What happens when Kill Switch fires?+
How long does integration take?+
What about false positives?+
Is this compatible with our existing fraud tools?+
What are the pilot terms?+

Patent Pending · U.S. App. Nos. 63/983,615; 63/983,621; 63/983,843 · MerchantGuard