Visa Fraud Monitoring ProgramWhat is the Visa Fraud Monitoring Program & How Can You Avoid It?

August 8, 2022 | 10 min read

Visa Fraud Monitoring Program VFMP

In a Nutshell

Sometimes, if you can’t get a handle on criminal fraud…the card networks will step in. We’re taking a close look at the Visa Fraud Monitoring Program. You’ll learn how you become eligible, why it’s a bad thing, and how to get out of it. We’ll also give you a few tips to avoid the program in the first place.

Important!

Beginning April 1, 2025, Visa will phase out its Visa Fraud Monitoring Program (VFMP) and Visa Dispute Monitoring Program (VDMP) for merchants operating in most global regions. The Visa Acquirer Monitoring Program will be enhanced to effectively replace these two programs.

The Visa Fraud Monitoring program is essentially a way for Visa to keep an eye on merchants identified as “high risk.” This could be due to the products they sell, their business models, or their individualized risk profiles.

Of course, there’s much more to it than that. If you find yourself forced into the VFMP, it’s going to be a less-than-pleasant experience, as we’ll see below.

What is the Visa Fraud Monitoring Program?

As the name implies, the Visa Fraud Monitoring Program, or VFMP, is a merchant monitoring initiative administered by Visa. The program aims to help merchants manage their criminal fraud risk and, in turn, protect the larger payments environment.

If you’re inducted into the Visa Fraud Monitoring Program, it’s typically because you’re experiencing a high volume of fraud-related Visa disputes. A counterpart program, the Visa Dispute Monitoring Program, may apply to both fraud- and non-fraud-related reason codes. You can be inducted into both programs at the same time.

When you've moved into the VFMP, Visa will require you to develop a mitigation plan with your acquiring bank to address your rising chargeback problem. For the first four months, you won’t have to worry about any penalties or additional fees associated with the VFMP. But, if you're unable to get your chargeback rate under the acceptable threshold after those first four months, Visa will begin assessing fines and fees for every chargeback you receive.

If you consistently exceed Visa’s predetermined “acceptable” level for fraud, Visa will assume that your fraud detection practices need adjustment in some way. Thus, VFMP is Visa’s way of forcing you to examine your core business practices for hidden fraud triggers and incentivizing the necessary changes which would prevent these incidents.

This might seem heavy-handed to some. It’s not unreasonable, though; after all, if you’re the common denominator. Also, as the largest credit card network in the world, Visa are within their rights to dictate rules within their network.

Calculating Your VFMP Merchant Threshold

Entry into the Visa Fraud Monitoring Program is based on your Visa fraud rate. This is factored by comparing the dollar value of the transactions you lost to fraud over the specified month, relative to the total value of transactions conducted during the same period.

Visa takes that number and applies it against a fraud “threshold.” This threshold marks the point at which you become subject to the program:

VFMP Early Warning Level

At this stage, you’re not really in the program yet. This is simply a notification for you (as well as your acquirer) advising you to investigate the root cause your rising fraud levels.

Monthly Threshold:

$50,000 and 0.65% of sales value

VFMP Standard Level

Here, you’re allowed a four-month workout period, during which you can try to bring your fraud instances under control. If you can’t make that happen, Visa begins your eight-month enforcement period.

Monthly Threshold:

$75,000 and 0.9% of sales value

VFMP Excessive Level

This is reserved for merchants who breach the designated excessive Visa fraud threshold. Merchants in a high-risk merchant category code (MCC) are placed here automatically. This includes Visa MCCs 5962, 5966, 5967, 7995, 5912, 5122, and 5993.

Monthly Threshold:

$250,000 and 1.8% of sales value

Exceptions

  • It’s worth noting that Visa only counts the first ten fraudulent transactions or ten chargebacks from a single cardholder. So, if a fraudster uses one card to run dozens of fraudulent attacks on you in a given month, only ten of those transactions will count.
  • Visa excludes fraud type code 3 (fraudulent application) from your fraud-to-sales ratio, as per the Visa Core Rules.
  • Visa only factors transactions conducted in the US, Australia, Canada, Europe (Germany and the UK), and Brazil into your fraud ratio.

Keep your buyers—and your business—safe from fraud and chargebacks.

REQUEST A DEMO

Other VFMP Factors to Consider

When you’re in the Visa Fraud Monitoring Program, there are certain restrictions on your activity, as well as other conditions that may apply.

Use of 3-D Secure

You should also note the effect that 3-D Secure technology has on US-based merchants with regard to VFMP. If you use 3-D Secure antifraud software in this market, but exceed fraud thresholds on 3DS transactions, you’ll be relegated to the VFMP-3DS silo. This program is dedicated to fraud tracking practices specific to 3DS technology.

The VFMP-3DS thresholds are as follows:

Visa Fraud Monitoring Program

Early Warning

A fraud rate of 0.5% and at least $5,000 in total fraud from 3-D Secure transactions.

Visa Fraud Monitoring Program

Standard

A fraud rate of 0.75% and at least $7,500 in total fraud from 3-D Secure transactions.

When enrolled in VFMP-3DS, you do not enjoy the fraud liability protection typically associated with 3-D Secure. Instead, if you breach a threshold higher than the standard level, Visa will automatically assign you liability for fraud-related disputes (Visa chargeback reason code 10.5 under Visa Claims Resolution).

Evidence for Dispute Responses When Under VFMP

Aside from VFMP-3DS, you may only contest disputes resulting from the 10.5 reason code if you can provide proof of one or more of the following:

  • You processed a refund prior to the dispute
  • A dispute was already accepted for this transaction
  • A written statement from the cardholder explaining that they are no longer disputing the transaction

If you’re in the VFMP, Visa is essentially noting that fraud is a persistent problem for you. As a result, they’re no longer willing to afford the benefit of the doubt when a customer alleges criminal fraud.

How VFMP Timelines Affect Fines and Fees

On the standard timeline, Visa provides merchants and their acquiring banks a 12-month window to accomplish certain benchmarks. However, for the first month in either program (the notification period), acquirers must inform merchants if they have exceeded their chargeback threshold.

After the first program month, you must work with your acquirer to develop a fraud remediation plan. Months 2-4 are considered the “implementation period” for this plan. Then, months 5-12 are considered the enforcement period, in which acquirers are required to make corrections and adjustments to bring the merchant's fraud thresholds below program levels.

Months in Program Monthly NCA (Europe) Monthly NCA (Rest of World)
Months 1-4 Not Applicable Not Applicable
Months 5-6 €21,750 $25,000
Months 7-9 €43,500 $50,000
Months 10-12 €62,250 $75,000

Non-Compliance Asessments for VFMP (High-Risk/Excessive) Timeline

Months in Program Monthly NCA (Europe) Monthly NCA (Rest of World)
Months 1-3 €8,750 $10,000
Months 4-6 €21,750 $25,000
Months 7-9 €43,500 $50,000
Months 10-12 €62,250 $75,000

VFMP timelines become particularly important concerning fees and fines, as indicated in the tables above. Essentially, after month 5 in the “Standard” timeline, merchants are subject to non-compliance assessments. On the other hand, merchants in the “Excessive” timeline are subject to non-compliance fees starting from day one.

How Do I Get Out of the VFMP?

You can be removed from the Visa Fraud Monitoring Program and save yourself the stress and cost of compliance. But, as you probably suspect, there are some qualifications to that.

First, you can exit the program only after keeping your fraud rate below the acceptable threshold for three consecutive months. If you make it through two months, then breach the threshold again, you’ll need to start over. Also, note that you can be in the Visa Fraud Monitoring Program and the Visa chargeback Monitoring Program simultaneously. They’re independent of one another, and exiting one doesn’t mean you’ve exited both.

Something else worth pointing out: even though you can be moved from a standard monitoring program to an excessive-risk one, the opposite is not true. Visa does not move merchants from the excessive monitoring program to the standard monitoring program, regardless of performance.

This is an issue you must take seriously, as there are consequences for failing to rectify the situation. Like we mentioned earlier, if you fail to bring your fraud rate under control after 12 months in either the standard or excessive fraud program, you become eligible for disqualification. This means Visa can block you from accepting Visa payments altogether and permanently ban you from the network.

Visa is the most widely-used card brand throughout North America and Europe. Disqualification from the Visa network due to the VFMP is not an event your business will likely survive.

How To Avoid the VFMP Altogether

Fraud is a major concern on the Visa network. This is especially true as first-party fraud threats like friendly fraud become a serious problem; according to the 2022 Chargeback Field Report, friendly fraud is a growing concern for 65% of merchants.

But, despite the growing threats which both first- and third-party fraud represent, you should not expect any leniency from Visa. They’re dedicated to preventing fraud activity on their network wherever possible, and if that means cutting a high-risk merchant loose, they’ll do it.

That’s why it’s so important to keep your Visa fraud rate below acceptable limits. To accomplish this, you must build out the right strategy to limit your fraud exposure. A successful risk-mitigation strategy includes:

Adopting a Multilayer Approach

One or two disparate fraud tools won’t cut it. You need a strategy employing multiple complementary tools that work together as part of a larger, overall plan designed to flag new and developing threat sources.

Educating Yourself

Be cognizant of fraud red flags, including address mismatches, transaction velocity, and more. Also, keep up-to-date on new developments in the market and be aware of recent fraud trends impacting other merchants.

Manually Reviewing Transactions

While you want to minimize the number of transactions requiring this process, a manual review of transactions flagged as potential fraud is necessary in many cases. Don’t be afraid to review transactions deemed suspicious.

Turning to the Experts

Criminal fraud is a complicated matter requiring specialized expertise. The most cost-effective solution is often to work with a professional fraud mitigation service which specializes in eliminating online criminal fraud. Check out our recent post outlining the top solution providers of the year to learn where to get started.

Have additional questions about the Visa Fraud Monitoring Program? Need help bringing your fraud losses under the threshold established by Visa? Don’t worry—help is just a click away!

Continue below and find out how to lower your risk today.

Like What You're Reading? Join our newsletter and stay up to date on the latest in payments and eCommerce trends.
Newsletter Signup
We’ll run the numbers; You’ll see the savings.
triangle shape background particle triangle shape background particle triangle shape background particle
Please share a few details and we'll connect with you!
Revenue Recovery icon
Over 18,000 companies recovered revenue with products from Chargebacks911
Close Form