The Visa Fraud Monitoring program is essentially a way for Visa to keep an eye on merchants identified as “high risk.” This could be due to the products they sell, their business models, or their individualized risk profiles.
Of course, there’s much more to it than that. If you find yourself forced into the VFMP, it’s going to be a less-than-pleasant experience, as we’ll see below.
Recommended reading
- Chargeback Thresholds: How Many is Too Many Chargebacks?
- High-Risk Merchant Accounts: The Best Providers of 2024
- What is a High-Risk Business? Why Does it Matter?
- How the Terminated Merchant File Can Affect Your Business
- Merchant Account Reserves: What You Need to Know in 2024
- Visa Dispute Monitoring Program: What is the VDMP?
What is the Visa Fraud Monitoring Program?
As the name implies, the Visa Fraud Monitoring Program, or VFMP, is a merchant monitoring initiative administered by Visa. The program aims to help merchants manage their criminal fraud risk and, in turn, protect the larger payments environment.
If you’re inducted into the Visa Fraud Monitoring Program, it’s typically because you’re experiencing a high volume of fraud-related Visa disputes. A counterpart program, the Visa Dispute Monitoring Program, may apply to both fraud- and non-fraud-related reason codes. You can be inducted into both programs at the same time.
When you've moved into the VFMP, Visa will require you to develop a mitigation plan with your acquiring bank to address your rising chargeback problem. For the first four months, you won’t have to worry about any penalties or additional fees associated with the VFMP. But, if you're unable to get your chargeback rate under the acceptable threshold after those first four months, Visa will begin assessing fines and fees for every chargeback you receive.
If you consistently exceed Visa’s predetermined “acceptable” level for fraud, Visa will assume that your fraud detection practices need adjustment in some way. Thus, VFMP is Visa’s way of forcing you to examine your core business practices for hidden fraud triggers and incentivizing the necessary changes which would prevent these incidents.
This might seem heavy-handed to some. It’s not unreasonable, though; after all, if you’re the common denominator. Also, as the largest credit card network in the world, Visa are within their rights to dictate rules within their network.
Calculating Your VFMP Merchant Threshold
Entry into the Visa Fraud Monitoring Program is based on your Visa fraud rate. This is factored by comparing the dollar value of the transactions you lost to fraud over the specified month, relative to the total value of transactions conducted during the same period.
Visa takes that number and applies it against a fraud “threshold.” This threshold marks the point at which you become subject to the program:
Exceptions
- It’s worth noting that Visa only counts the first ten fraudulent transactions or ten chargebacks from a single cardholder. So, if a fraudster uses one card to run dozens of fraudulent attacks on you in a given month, only ten of those transactions will count.
- Visa excludes fraud type code 3 (fraudulent application) from your fraud-to-sales ratio, as per the Visa Core Rules.
- Visa only factors transactions conducted in the US, Australia, Canada, Europe (Germany and the UK), and Brazil into your fraud ratio.
Keep your buyers—and your business—safe from fraud and chargebacks.
Other VFMP Factors to Consider
When you’re in the Visa Fraud Monitoring Program, there are certain restrictions on your activity, as well as other conditions that may apply.
Use of 3-D Secure
You should also note the effect that 3-D Secure technology has on US-based merchants with regard to VFMP. If you use 3-D Secure antifraud software in this market, but exceed fraud thresholds on 3DS transactions, you’ll be relegated to the VFMP-3DS silo. This program is dedicated to fraud tracking practices specific to 3DS technology.
The VFMP-3DS thresholds are as follows:
Early Warning
A fraud rate of 0.5% and at least $5,000 in total fraud from 3-D Secure transactions.
Standard
A fraud rate of 0.75% and at least $7,500 in total fraud from 3-D Secure transactions.
When enrolled in VFMP-3DS, you do not enjoy the fraud liability protection typically associated with 3-D Secure. Instead, if you breach a threshold higher than the standard level, Visa will automatically assign you liability for fraud-related disputes (Visa chargeback reason code 10.5 under Visa Claims Resolution).
How VFMP Timelines Affect Fines and Fees
On the standard timeline, Visa provides merchants and their acquiring banks a 12-month window to accomplish certain benchmarks. However, for the first month in either program (the notification period), acquirers must inform merchants if they have exceeded their chargeback threshold.
After the first program month, you must work with your acquirer to develop a fraud remediation plan. Months 2-4 are considered the “implementation period” for this plan. Then, months 5-12 are considered the enforcement period, in which acquirers are required to make corrections and adjustments to bring the merchant's fraud thresholds below program levels.
| Months in Program | Monthly NCA (Europe) | Monthly NCA (Rest of World) |
| Months 1-4 | Not Applicable | Not Applicable |
| Months 5-6 | €21,750 | $25,000 |
| Months 7-9 | €43,500 | $50,000 |
| Months 10-12 | €62,250 | $75,000 |
Non-Compliance Asessments for VFMP (High-Risk/Excessive) Timeline
| Months in Program | Monthly NCA (Europe) | Monthly NCA (Rest of World) |
| Months 1-3 | €8,750 | $10,000 |
| Months 4-6 | €21,750 | $25,000 |
| Months 7-9 | €43,500 | $50,000 |
| Months 10-12 | €62,250 | $75,000 |
VFMP timelines become particularly important concerning fees and fines, as indicated in the tables above. Essentially, after month 5 in the “Standard” timeline, merchants are subject to non-compliance assessments. On the other hand, merchants in the “Excessive” timeline are subject to non-compliance fees starting from day one.
How Do I Get Out of the VFMP?
You can be removed from the Visa Fraud Monitoring Program and save yourself the stress and cost of compliance. But, as you probably suspect, there are some qualifications to that.
First, you can exit the program only after keeping your fraud rate below the acceptable threshold for three consecutive months. If you make it through two months, then breach the threshold again, you’ll need to start over. Also, note that you can be in the Visa Fraud Monitoring Program and the Visa chargeback Monitoring Program simultaneously. They’re independent of one another, and exiting one doesn’t mean you’ve exited both.
Something else worth pointing out: even though you can be moved from a standard monitoring program to an excessive-risk one, the opposite is not true. Visa does not move merchants from the excessive monitoring program to the standard monitoring program, regardless of performance.
This is an issue you must take seriously, as there are consequences for failing to rectify the situation. Like we mentioned earlier, if you fail to bring your fraud rate under control after 12 months in either the standard or excessive fraud program, you become eligible for disqualification. This means Visa can block you from accepting Visa payments altogether and permanently ban you from the network.
Visa is the most widely-used card brand throughout North America and Europe. Disqualification from the Visa network due to the VFMP is not an event your business will likely survive.
How To Avoid the VFMP Altogether
Fraud is a major concern on the Visa network. This is especially true as first-party fraud threats like friendly fraud become a serious problem; according to the 2022 Chargeback Field Report, friendly fraud is a growing concern for 65% of merchants.
But, despite the growing threats which both first- and third-party fraud represent, you should not expect any leniency from Visa. They’re dedicated to preventing fraud activity on their network wherever possible, and if that means cutting a high-risk merchant loose, they’ll do it.
That’s why it’s so important to keep your Visa fraud rate below acceptable limits. To accomplish this, you must build out the right strategy to limit your fraud exposure. A successful risk-mitigation strategy includes:
Have additional questions about the Visa Fraud Monitoring Program? Need help bringing your fraud losses under the threshold established by Visa? Don’t worry—help is just a click away!
Continue below and find out how to lower your risk today.
