Visa operates the Visa Acquirer Monitoring Program (VAMP) to identify acquirers and merchants with excessive dispute or fraud rates and promote fraud controls and fair business practices.
At the start of each month, Visa reviews the previous month’s processing activity to identify merchants exceeding program thresholds. A business must surpass both thresholds to be enrolled in the program.
Visa identifies a merchant based on a descriptor and conducts a monthly review of all activity under these descriptors. While this process focuses on individual merchant accounts that exceed thresholds, Visa may also assess merchants at an aggregated level by grouping multiple accounts or business entities under a broader structure.
If enrolled, you are required to submit a monthly remediation plan detailing the root cause and recovery actions. Penalties for non-compliance are calculated monthly based on the number of disputes and fraudulent transactions.
To opt out, your company must stay below the thresholds for one month.
VAMP
On April 1, 2025, Visa enhanced the program. VAMP aims to create more seamless controls and processes for acquirers and merchants to prevent fraud, avoid enumeration attacks, and effectively manage disputes, contributing to a more secure environment. The revised program introduces transaction-based metrics called the VAMP Ratio and VAMP Enumeration Ratio.
VAMP Ratio
This metric combines fraud and chargebacks into one measure, offering a clearer view of overall risk.
Where:
- TC40: number of card-not-present fraud transactions
- TC15: number of all card-not-present disputes
- Total Sales Count: number of сard-not-present settled transactions
- Disputes resolved through pre-dispute products, contingent on the timing of the data extract
- TC 40 fraud qualified for Compelling Evidence 3.0 (
Guide
Improve customer experience and prevent fraud chargebacks CE 3.0 ), contingent on the timing of the data extract
Visa monitoring metric thresholds, categorized as Excessive and Above Standard, will be implemented in three phases, on 1 June 2025, 1 January 2026, and 1 April 2026.
Merchant VAMP Ratio
| Date | EU, US, other regions | UAE region | LATAM region |
|---|---|---|---|
| Effective June 1, 2025 | ≥ 2.2% | ≥ 2.2% | ≥ 1.5% |
| Effective April 1, 2026 | ≥ 1.5% | ≥ 2.2% | ≥ 1.5% |
Acquirer VAMP Ratio
| Date | Global |
|---|---|
| Effective June 1, 2025 | ≥0.7% |
Acquirer VAMP Ratio
| Date | Global |
|---|---|
| Effective January 1, 2026 | ≥0.5% to <0.7% |
Acquirer VAMP Ratio
| Date | Global |
|---|---|
| Effective June 1, 2025 | ≥0.4% to <0.5% |
Additional criteria for merchant and acquirer thresholds: minimum of 1,500 monthly combined TC40 and ТС15.
However, CEMEA region Merchant Excessive only: minimum of 150 combined Frauds (TC40) and Disputes (TC15) and ≥ 75,000 USD Fraud and Dispute amount.
VAMP Enumeration Ratio
This metric measures the frequency of enumeration attacks, where fraudsters systematically test card details to uncover valid account information.
Where:
- Enumerated Transactions: number of enumerated authorization attempts, both approved and declined
- Total Transactions Count: number of authorization transactions, approved and declined
Visa monitoring metrics threshold for the VAMP Enumeration Ratio is categorized only as Excessive.
Merchant Enumeration Ratio
| Date | Global |
|---|---|
| Effective April 1, 2025 | ≥ 20% |
Additional criteria for merchant and acquirer thresholds: minimum of 300,000 enumerated transactions, identified and confirmed through the Visa Account Attack Intelligence (
Glossary
Visa Account Attack Intelligence Score helps identify the likelihood of enumeration attacks in card-not-present transactions. It is able to detect patterns in data that are otherwise undetectable by humans, identifying instances of brute force payment account enumeration.
VAAI
) Score system.
Non-compliance may lead to corrective actions, including penalties, fees, and potential closure of merchant accounts.
VAMP grace period
Visa clients are eligible for a 90-day grace period for every 12 months they are not identified in the program. That means remediation will be requested, but no penalties will be imposed during the first three months of exceeding the thresholds.
VAMP penalties
Following the end of the grace period, fines will be applied to each transaction counted under the VAMP metric, including both fraud and non-fraud. Enforcement fees apply per monthly count of fraud and disputes for acquirer portfolios that exceed the Above Standard threshold. Merchants that exceed such thresholds will face enforcement fees individually.
Fee enforcement:
- Excessive: fee applies and remediation required
- Above Standard: fee applies and remediation required
- Early Warning: no fee applies, but acquirers should be proactive to avoid Above Standard or Excessive identification
Participants will exit the program if they remain below the thresholds for one month.
VAMP advisory period
Visa is providing acquirers and merchants with an advisory period beginning 1 April 2025 and running through 30 September 2025. Fines are not assessed during this 180-day advisory period. This period allows Visa’s clients to understand the new program criteria and make operational changes.