The Visa Issuer Monitoring Program: Helping Ensure Best Practices at the Banking Level
Like most companies, Visa is extremely protective of its brand image and reputation. The company provides literally hundreds of pages of documentation to specify all the rules, requirements, and best practices for being a Visa merchant. Chargebacks are a great example of this.
Visa has detailed parameters for how many chargebacks a merchant can receive. They also outline what happens if they cross that threshold, and at what point the card brand will intervene. Visa also has processes like this in place for banks and financial institutions, though.
In this post, we’ll take a closer look at the Visa Issuer Monitoring Program, or VIMP. We’ll see what it is, how it works, and why it’s necessary.
Recommended reading
- Merchant Identification Number: How to Find Your Merchant ID
- Issuer Declines: 7 Reasons They Happen & How to Fix Them
- Why is My Bank Account is Under Investigation?
- What Is an Acquirer Reference Number? Is an ARN Necessary?
- What is a Billback? Is This Method Right for My Business?
- Issuer vs Acquirer: What’s the Difference?
Understanding Visa Risk Monitoring Programs
Merchants have a good reason to comply with Visa regulations: the inability to accept Visa card payments is enough to put most sellers out of business.
Visa is currently the largest card brand operating in the US, with almost $2 trillion in purchasing volume in 2020. That’s more than double the volume of Mastercard, their closest competitor. Being suddenly cut off from the Visa network, and being unable to accept Visa cards as a payment option, would spell disaster for almost any business. It would be even worse in the eCommerce space, where card payments are the default.
One common way merchants lose their Visa privileges is by receiving excessive chargebacks (or “disputes,” as Visa labels them). Visa views a business with too many chargebacks as a black mark. If this happens to you, then you might become a threat to their brand by compromising consumers’ faith in payment cards.
At the same time, the company recognizes that a bad chargeback situation is not always the merchant’s fault. Placing business into a fraud monitoring program or dispute monitoring program is Visa’s way of acknowledging that there’s a problem, but also giving you a chance to fix it.
Learn more about Visa monitoring programsWhat is the Visa Issuer Monitoring Program?
Historically, issuing banks didn’t need to worry about fraud or chargebacks sourced from cards they’d issued. Unless the merchant deployed EMV technology, the issuer didn’t have to accept liability. That changed with the 2019 adoption of the Visa Issuer Monitoring Program.
Under this program, Visa closely monitors card-not-present (CNP) sales, dispute, and fraud activity to identify issuers with excessive fraudulent activity. The card network mandates that those issuers must take steps to reduce the number of disputes and/or fraud incidents involving their cardholders.
According to Visa, the ultimate objectives of the VIMP are:
- Identify and remediate issuers with excessive fraud/dispute levels.
- Promote appropriate and proper use of fraud prevention tools by issuers.
- Protect the integrity of the Visa payment system.
How Does the Visa Issuer Monitoring Program Work?
Put simply: Visa doesn’t like chargebacks. A dispute-prone bank can erode the confidence of cardholders and investors, and can encourage widespread first-party fraud. By adopting the Visa Issuer Monitoring Program, the card network is trying to kill two birds with one stone.
At the beginning of each month, the VIMP identifies issuers that “…meet or exceed the program thresholds for excessive dispute or fraud activity involving CNP transactions.” With Visa’s help, these issuers will develop and implement plans to reduce their dispute or fraud occurrences to an acceptable level. On a larger scale, Visa is also trying to ensure that all their network members are doing their part to categorically reduce fraud, as opposed to just shifting responsibility to someone else.
The Visa Issuer Monitoring Program took effect in most global regions on October 19, 2019. The rollout was delayed for the Asia-Pacific market until April 2020. Europe already had an analogous program in place, called the Cross-Border Fraud Issuer Monitoring Program, but this program was decommissioned and rolled into the VIMP.
Issuers who exceed fraud thresholds will be required to submit a detailed remediation plan to Visa within 10 days of being notified. The issuer will then be allowed a three-month Notification Period similar to the workout period allowed for merchants under the Visa Fraud Management Program. The bank won’t suffer any negative ramifications for activities during this timeframe. And, if they manage to show improvement and get fraud filings under control, they’ll be allowed to exit the program.
Online fraud is a headache for merchants AND banks. Chargebacks911® offers the industry’s most advanced solutions for fraud and chargebacks.
VIMP Enforcement Period: Fees & Penalties
If the bank fails to bring the number of fraudulent transactions they authorize under the thresholds set by Visa, they’ll enter the Enforcement Period. Visa imposes stiff penalties at this stage, including:
- Non-compliance fees of up to $100,000
- Inability to collect Visa Chargeback Monitoring Program reimbursements
- Requirements to continue reducing CNP fraud
- Time-consuming assessments and written summaries of performance
In simple terms: once an issuer enters the program, they have 12 months to get fraud under control. If they fail, they could face Visa member risk-reduction requirements. As outlined in the Visa Core Rules, these measures could include any number of actions deemed necessary by Visa. They may even lose the right to issue (or reissue) Visa-branded cards.
Visa Issuer Monitoring Program Thresholds
As spelled out in the Visa Core Rules, an issuer will be subject to the VIMP if the fraudulent transactions they process go above a specified level:
Originally, there were different thresholds for domestic and international transactions. Visa did away with that distinction in early 2022, but there is still one facet of the program that involves the US region only. Domestic transactions in which 3-D Secure is used have a much lower fraud threshold:
3-D Secure has proven to be highly effective at weeding out potential fraud. Thus, implementing it should lower the merchant’s chargeback rates by default. Visa seems to be implying that, by using 3DS, banks have even less of an excuse for excessive fraud.
Issuers will be notified if they pass either of these thresholds. The network also offers Early Warning Notifications for issuers in danger of hitting the threshold.
Does the VIMP Affect Chargeback Issuances?
Yes. The Visa Issuer Monitoring Program places additional restrictions on issuing banks in terms of chargeback issuance. That’s not necessarily a bad thing, though.
It’s understandable that banks would be reluctant to fully investigate disputes. Verifying cardholders’ claims can be hard, so filing a chargeback is often faster, easier, and appeases the customer. At the same time, if a bank rubber-stamps dispute requests, it’s only fair that they take responsibility for invalid claims.
The Visa Issuer Monitoring Program gives banks a clear, present reason for investigating customer complaints thoroughly before officially filing a dispute. Issuers are more likely to reject iffy claims, or test legitimacy by requiring more evidence. In that way, the VIMP works to decrease overall chargeback volume.
Visa wants to see stakeholders working together to prevent disputes. They want everyone involved to take responsibility for helping lower Visa chargebacks and fraud. The VIMP seems to do just that.
VIMP: A Good Step, but More Is Needed
The Visa Issuer Monitoring Program has undeniably been a positive step, but it’s clearly not enough. From 2020 to 2021, fraud risk more than doubled for retail and social networking brands, and more than tripled for primarily eCommerce brands. The problem is too far-reaching for any single initiative to correct.
A real, sustainable solution to friendly fraud will necessitate a coordinated, industry-wide push. It will require consumer education, faster and more efficient recordkeeping and transferal, and cross-scheme collaboration in developing standardized chargeback rules and procedures.
Have additional questions about the Visa Issuer Monitoring Program? Join the conversation in the comments section, or click below to speak with one of our chargeback experts.
FAQs
What is The Visa Issuer Monitoring Program?
The Visa Issuer Monitoring Program is an initiative that identifies Visa issuers who process excessive chargebacks, then closely monitors them for a set period, imposing fees and restrictions as needed. Banks can exit the program if they successfully lower their chargeback volume. If not, Visa will take additional enforcement action.
What is the purpose of the VIMP?
The Visa Issuer Monitoring Program was designed to reduce the amount of fraud and chargebacks associated with Visa payment cards. The initiative supports issuers struggling with excessive chargebacks and helps ensure that all stakeholders do their part to lower disputes.
Why would an issuer enter the VIMP?
According to Visa, US banks may be placed in the VIMP if their fraudulent card-not-present transactions in a given month meet or exceed $500,000 AND surpass 1% of their fraud-to-sales-dollar ratio. If 3-D Secure was used in the transaction, the threshold is much lower: $100,000 and 0.75% of the fraud ratio.
What are the consequences for issuers in the VIMP?
Visa imposes stiff penalties on issuers during the Visa Issuer Monitoring Program enforcement period. These include non-compliance fees of up to $100,000, ongoing restrictions on fraud activity, inability to collect Visa Chargeback Monitoring Program reimbursements, and time-consuming assessments and written summaries of performance.
How long do issuers have to exit the VIMP?
Once an issuer enters the program, they have 12 months to get fraud under control. If they fail, they could face Visa member risk-reduction requirements. As outlined in the Visa Core Rules, these measures could include any number of actions deemed necessary by Visa. The bank may even lose the right to issue (or reissue) Visa-branded cards.