VAMP EnforcementVAMP Enforcement Began October 1. Are You Prepared?

VAMP Enforcement is Now Live. Are You Ready?

Back in 2024, Visa announced that they were consolidating their existing merchant monitoring programs — the Visa Fraud Monitoring Program and Visa Dispute Monitoring Program — under a new, expanded, and unified Visa Acquirer Monitoring program (VAMP).

Visa’s goals were ambitious. The card network claimed the new VAMP had the potential to “address four times the amount of fraud globally, accounting for more than $2.5 billion in losses, compared to previous programs.”

As part of the rollout, Visa instituted an advisory period that began on April 1st and ended on September 30th, 2025. During this time, acquirers and merchants were given the opportunity to prepare for this new framework without the threat of penalties.

However, full enforcement of the program begins on October 1, 2025 with Excessive-level enforcement, followed by Above-Standard enforcement starting January 1, 2026. The rollout is phased, but the key deadlines are set. While we’ve already written extensively about VAMP, I wanted to take this opportunity to just drive home a couple of key points right before enforcement begins.

VAMP Introduces New Core Metric

At the heart of the program is a new core fraud metric. This formula combines fraud reports (TC40 data) and dispute chargebacks (TC15) into a single ratio:

The most critical change, however, is that both fraud reports (TC40) and disputes are now included in the same ratio. A single transaction can show up in both categories if it’s reported as fraud and later disputed. However, Visa uses a deduplication process to avoid counting the exact same transaction twice.

The stricter standards for VAMP create a notable vulnerability for merchants experiencing friendly fraud chargebacks which, according to Visa’s own data, make up roughly 75% of all disputes. Specifically, when a cardholder disputes a legitimate charge by claiming it was due to third-party fraud, that single incident now adds two black marks against a merchant’s record under VAMP. 

While the program’s thresholds and fees are mostly aimed at acquirers, there is a “Merchant Excessive” tier that targets high-risk merchants, too.

Merchant Impact Analysis

So, what does this mean for eCommerce merchants?

For most small-to-medium-sized businesses, the direct impact of the Visa Acquirer Monitoring Program will be minimal. In most regions, the “Merchant Excessive” category only applies to businesses that accumulate 1,500 or more fraud and dispute instances in a single month. Regional variations apply, with lower thresholds in places like Latin America and CEMEA.

Most SMBs will likely continue to pay their standard $15 to $30 chargeback fees (the exact total depends on their acquirer or payment processor). They won’t incur additional VAMP-related penalties. At least, not directly (more on this in a second).

The stakes are considerably higher for large retailers and high-volume merchants, though. Exceeding the thresholds could lead to involuntary enrollment in a merchant monitoring program. It could also mean additional consequences like the establishment of mandatory account reserves, or even account termination.

Now, like I alluded to above, all merchants could be affected indirectly by these VAMP changes. Acquirers are now under immense pressure to keep the dispute- and fraud-to-transaction ratio of their entire merchant portfolio in check. It’s almost certain that banks will pass higher costs and stricter risk management requirements down to the merchants they serve. And, processors will be willing to terminate a merchant’s account more readily if that merchant poses a threat to their business.

Strategic Implications

It’s not hyperbole to say that the Visa Acquirer Monitoring Program will reshape — and in some cases, sour — the relationship between merchants and acquirers.

Now that acquiring banks are directly responsible for compliance, they will be scrutinizing their merchant portfolios more closely than ever. 

Merchants who have maintained a clean processing history with low rates of fraud and chargebacks should see little to no negative impact. But, merchants should expect acquirers across the board to charge higher fees for excessive chargebacks, enforce stricter underwriting rules prior to onboarding, and be quicker to terminate accounts that pose a risk to their VAMP ratio.

It’s for these reasons that VAMP ultimately elevates the importance of proactive risk management. By preventing both fraud reports and chargebacks from ever occurring — rather than simply reacting to disputes once they happen — merchants can remain in good standing with their acquirers and avoid penalties and restrictions.

Preparation Considerations

The Visa Acquirer Monitoring Program advisory period gave the industry time to prepare for this change. That time is now up, and merchants now must execute so that they can adapt to this new framework.

In practice, VAMP readiness means putting into action a dual strategy that simultaneously aims to reduce both TC40 fraud reports and TC15 disputes.

Merchants who have not already invested in enhanced fraud detection tools, better customer service practices, and setting clear billing descriptors are now behind the curve. The same applies to chargeback prevention methods like Order Insights, Compelling Evidence 3.0, and chargeback alerts. After all, enhanced monitoring and prevention systems are table stakes in this new environment.

Beyond the pressure of these new rules, though, it’s helpful to see the bigger picture. Merchants who embrace these risk management processes stand to protect their own bottom line, become a stronger partner to their acquirers, and ultimately contribute to a safer and more reliable marketplace for everyone.