Visa operates the Visa Acquirer Monitoring Program (VAMP) to identify acquirers and merchants with excessive dispute or fraud rates and promote fraud controls and fair business practices.
At the start of each month, Visa reviews the previous month’s processing activity to identify merchants exceeding program thresholds. A business must surpass both thresholds to be enrolled in the program.
Visa identifies a merchant based on a descriptor and conducts a monthly review of all activity under these descriptors. While this process focuses on individual merchant accounts that exceed thresholds, Visa may also assess merchants at an aggregated level by grouping multiple accounts or business entities under a broader structure.
If enrolled, you are required to submit a monthly remediation plan detailing the root cause and recovery actions. Penalties for non-compliance are calculated monthly based on the number of disputes and fraudulent transactions.
To opt out, your company must stay below the thresholds for one month. If your company is in the program for more than 12 months, you risk losing the ability to accept Visa payments.
VAMP
On April 1, 2025, Visa enhanced the program. VAMP aims to create more seamless controls and processes for acquirers and merchants to prevent fraud, avoid enumeration attacks, and effectively manage disputes, contributing to a more secure environment. The revised program introduces transaction-based metrics called the VAMP Ratio and VAMP Enumeration Ratio.
VAMP Ratio
This metric combines fraud and non-fraud chargebacks into one measure, offering a clearer view of overall risk.
Where:
- TC40: number of card-not-present fraud transactions
- Non-Fraud Disputes: number of disputes with reason codes under 11, 12, and 13 categories
- Total Sales Count: number of settled transactions
- Non-fraud disputes resolved through Rapid Dispute Resolution (
Guide
Quickly resolve disputes with instant refunds to customers RDR ) - Confirmed Compelling Evidence 3.0 (
Guide
Improve customer experience and prevent fraud chargebacks CE 3.0 )
Please note that TC40 associated with RDR are NOT excluded from threshold calculations.
The Visa monitoring metrics thresholds, categorized as Excessive and Above Standard, will be implemented in two phases, on 1 April 2025 and 1 January 2026.
Merchant VAMP Ratio
| Date | EU, US, other regions | UAE region | LATAM region |
|---|---|---|---|
| Effective April 1, 2025 | ≥ 1.5% | ≥ 1.5% | ≥ 0.9% |
| Effective January 1, 2026 | ≥ 0.9% | ≥ 1.5% | ≥ 0.9% |
Acquirer VAMP Ratio
| Date | Global |
|---|---|
| Effective April 1, 2025 | ≥0.5% |
Acquirer VAMP Ratio
| Date | Global |
|---|---|
| Effective April 1, 2025 | N/A |
| Effective January 1, 2026 | ≥0.3% but ≤0.5% |
Additional criteria for merchant and acquirer thresholds: minimum of 1,000 monthly combined TC40 and Non-Fraud Disputes.
VAMP Enumeration Ratio
This metric measures the frequency of enumeration attacks, where fraudsters systematically test card details to uncover valid account information.
Where:
- Enumerated Transactions: number of enumerated authorization attempts, both approved and declined
- Total Transactions Count: number of authorization transactions, approved and declined
The Visa monitoring metrics threshold for the VAMP Enumeration Ratio is categorized only as Excessive.
Merchant Enumeration Ratio
| Date | Global |
|---|---|
| Effective April 1, 2025 | ≥ 20% |
Additional criteria for merchant and acquirer thresholds: minimum of 300,000 enumerated transactions, identified and confirmed through the Visa Account Attack Intelligence (
Glossary
Visa Account Attack Intelligence Score helps identify the likelihood of enumeration attacks in card-not-present transactions. It is able to detect patterns in data that are otherwise undetectable by humans, identifying instances of brute force payment account enumeration.
VAAI
) Score system.
Non-compliance may lead to corrective actions, including penalties, fees, and potential closure of merchant accounts.
VAMP grace period
The grace period covers a 3-month grace timeframe for first-time identifications in a 12-month rolling period. That means remediation will be requested, but no penalties will be imposed during the first three months of exceeding the thresholds.
VAMP penalties
Following the end of the grace period, fines will be applied to each transaction counted under the VAMP metric, including both fraud and non-fraud. Enforcement fees apply per dispute, both fraud and non-fraud, for acquirer portfolios that exceed the above standard threshold. Merchants that exceed such thresholds will face enforcement fees individually.
- Merchant fees:
- Excessive (VAMP Ratio > 1.5%): $10 fee
- Excessive (VAMP Ratio > 0.9%): $10 fee, effective January 2026
- Acquirer fees:
- Excessive (VAMP Ratio > 0.5%): $10 fee
- Above Standard (VAMP Ratio > 0.3%): $5, fee effective 2026
Participants will exit the program if they remain below the thresholds for one month.
VAMP advisory period
Visa is providing acquirers and merchants with an advisory period beginning 1 April 2025 and running through 30 September 2025. Fines are not assessed during this 180-day advisory period. This period allows Visa’s clients to understand the new program criteria, make operational changes, and begin remediation if their performance is not compliant with the program requirements.