What is the Visa Fraud Monitoring Program & How Can You Avoid It?
As the name implies, the Visa Fraud Monitoring Program (or VFMP) is an initiative administered by Visa. The program’s aim is to help merchants manage their criminal fraud risk and, in turn, protect the larger payments environment.
The program is essentially a way for Visa to keep an eye on merchants identified as “risky.” This could be due to the products they sell, the business models they employ, or simply their individualized risk profiles.
Of course, there’s much more to it than that. If you find yourself forced into the VFMP, it’s probably a less-than-pleasant experience, as we’ll see below.
Do I Qualify for the Visa Fraud Monitoring Program?
The Visa Fraud Monitoring Program is divided into three key levels—warning, standard, and excessive—and which level applies to you is based on your Visa fraud rate. That’s the dollar value of the transactions you lost to fraud over the specified month, relative to total transaction value from the same period.
Visa takes that number and applies it against a fraud “threshold,” signifying the point at which you become subject to the program. As discussed in a recent blog post, The VFMP threshold imposed by Visa changed effective October 1, 2019:
|VFMP Early Warning Level
At this stage, you’re not really in the program yet. This is simply a notification for you (as well as your acquirer) advising you to investigate the root cause your rising fraud levels.
0.65% of sales value
|VFMP Standard Level
Here, you’re allowed a four-month workout period, during which you can try to bring your fraud instances under control. If you can’t make that happen, Visa begins your eight-month enforcement period.
0.9% of sales value
|VFMP Excessive Level
This is reserved for merchants who breach the designated excessive Visa fraud threshold. Merchants in a high-risk merchant category code (MCC) are placed here automatically. This includes Visa MCCs 5962, 5966, 5967, 7995, 5912, 5122, and 5993.
1.8% of sales value
- EXCEPTION: It’s worth noting that Visa only counts the first ten fraudulent transactions or ten chargebacks from a single cardholder. So, if a fraudster uses one card to run dozens of fraudulent attacks on you in a given month, only ten of those transactions will count.
- EXCEPTION: Visa excludes fraud type code 3 (fraudulent application) from your fraud-to-sales ratio, as per the Visa Core Rules.
At Risk of Breaching the Visa Threshold?
There’s no time to waste. Click below now and learn how to mitigate chargebacks and protect your merchant accounts.
So, we know how one gets added to the Visa Fraud Monitoring Program. Now, what are the consequences of being placed in the program?
First, for both the standard and excssive VFMP, you do not enjoy the fraud liability protection offered by 3-D Secure (this applies specifically to US merchants). Instead, Visa will automatically assign you liability for fraud-related disputes (Visa chargeback reason code 10.5 under Visa Claims Resolution). The company is essentially saying that fraud is a persistent problem for you, and that you no longer deserve the benefit of the doubt when a customer alleges criminal fraud.
Standard VFMP merchants were previously not liable for fines due to noncompliance. Effective April 2021, however, both standard and excessive VFMP merchants are subject to a compliance fee regiment. During the program duration, merchants will receive costly non-compliance asessments (NCAs) charged for every month they breach the acceptable threshold:
Non-Compliance Asessments for VFMP (Standard) Timeline
|Months in Program||Monthly NCA (Europe)||Monthly NCA (Rest of World)|
|Months 1-4||Not Applicable||Not Applicable|
Non-Compliance Asessments for VFMP (High-Risk/Excessive) Timeline
|Months in Program||Monthly NCA (Europe)||Monthly NCA (Rest of World)|
Can I Get Out of the VFMP?
The short answer is yes: you can be removed from the Visa Fraud Monitoring Program and save yourself the stress and cost of compliance. As you probably suspected, there are some requisites to that.
First, you can exit the program only after keeping your fraud rate below the acceptable threshold for three consecutive months. If you make it through two months, then breach the threshold again, you’ll need to start over. Also, note that you can be in the Visa Fraud Monitoring Program and the Visa chargeback Monitoring Program at the same time. They’re independent of one another, and exiting one doesn’t mean you’ve exited both.
Something else worth pointing out: even though you can be moved from a standard monitoring program to an excessive-risk one, the opposite is not the case. Visa does not move merchants from the excessive monitoring program to the standard monitoring program, regardless of performance.
This is an issue you must take seriously, as there are consequences for failing to rectify the situation. If you fail to bring your fraud rate under control after 12 months in either the standard or excessive fraud program, you become eligible for disqualification. This means Visa can block you from accepting Visa payments altogether and permanently ban you from the network.
Visa is the most widely-used card brand throughout much of North America and Europe. Thus, disqualification due to the VFMP is not an event your business is likely to survive.
The 2021 Chargeback Field Report
The 2021 Chargeback Field Report is now available. Based on a survey of over 400 US and UK merchants, the report presents a comprehensive, cross-vertical look at the current state of chargebacks and chargeback management.Free Download
Implementing a Mitigation Strategy
Fraud is a major concern on the Visa network, and the card scheme takes the matter very seriously. Between September 2015 and March 2019, Visa and their customers managed to reduce the total amount lost to counterfeit card fraud by 87%. Despite increased transaction volume, total Visa card-present fraud declined by 40% during that period.
It’s an impressive stat at first glance; less so, though, when you realize that most of that fraud simply migrated to the card-not-present environment. With most card-present merchants now employing EMV chip-enabled cards, online fraud is the path of least resistance.
You’re not going to see any leniency, despite the increased threat facing eCommerce operations. Thus, if you’re going to keep your Visa fraud rate below acceptable limits, you need to do everything in your power to limit your fraud exposure. This successful risk-mitigation strategy includes:
Adopting a Multilayer ApproachOne or two disparate fraud tools won’t cut it. You need a strategy employing multiple complimentary tools that work together as part of a larger, overall plan designed to flag new and developing threat sources.
Educating YourselfBe cognizant of different fraud red flags, including address mismatches, transaction velocity, and more. Also, keep up-to-date on new developments in the market and be aware of new fraud trends impacting other merchants.
Manually Reviewing TransactionsWhile you want to minimize the number of transactions requiring this process, a manual review of transactions flagged as potential fraud is necessary in many cases. Don’t be afraid to review transactions deemed suspicious.
Turning to the ExpertsCriminal fraud is a complicated matter requiring specialized expertise. The most cost-effective solution is often to work with a professional fraud mitigation service like Kount, which specializes in eliminating online criminal fraud.
Have additional questions about the Visa Fraud Monitoring Program? Need help bringing your fraud losses under the threshold established by Visa? Click below and find out how to lower your risk today.