Fraud signal
Fraud on card-not-present via TC40
Track fraud on card-not-present transactions using TC40 reports.
.png){kind=logo}
Related Questions
.png)
When Visa consolidated five existing fraud and dispute monitoring programs into the unified Visa Acquirer Monitoring Program (VAMP) in April 2025, the stakes changed for payment service providers, payment facilitators, and acquirers. VAMP measures fraud and disputes at the portfolio level, not just the merchant level. This means a handful of problematic merchants can push your entire operation above threshold, triggering mandatory remediation, issuer scrutiny, and financial penalties.
Understanding which merchant types create the highest VAMP exposure isn't about avoiding entire verticals. It's about recognizing risk signals early and deploying the right monitoring infrastructure to protect your portfolio while still supporting growth.
Fraud signal
Track fraud on card-not-present transactions using TC40 reports.
Dispute signal
Capture non-fraud transaction disputes using TC15 data.
Behavior signal
Spot authorization patterns that indicate card testing or enumeration attacks.
According to Visa's official VAMP documentation, the program calculates a single count-based ratio: total monthly TC40 fraud transactions plus TC15 disputes divided by total monthly transaction volume.
These thresholds apply to your entire acquiring portfolio, not individual merchants. One merchant's spike can contaminate your overall ratio.
VAMP operates on a single, count-based ratio that consolidates fraud and dispute monitoring into one unified monitoring metric. Understanding how this calculation works and which thresholds trigger program enrollment is critical for risk professionals managing acquirer portfolios.
According to Visa's official VAMP fact sheet, the core program metric measures card-not-present transaction quality across your entire portfolio:
Vamp ratio
Count of Fraud Advices (TC40) plus Disputes (TC15), divided by the count of Sales Transactions (TC05).
This single metric captures (based on card-not-present cleared transaction):
Important exclusions in the calculation:
The count-based approach means that high transaction volumes don't automatically protect you. If you process 100,000 transactions with 2,000 fraud advices and 500 disputes, the VAMP ratio is 2.5% regardless of total transaction amount volume.
VAMP operates at two levels: acquirer portfolio and individual merchant. Understanding both is essential because one can enter the program through either path.
The entire acquiring portfolio is monitored on a monthly basis. If the portfolio-wide VAMP ratio exceeds these thresholds, either the acquirer or specific merchant will be identified in the program:
Both identification levels require the same minimum monthly count to be met:
Regional threshold
Fraud advices and disputes threshold used for monitoring these regions.
Regional threshold
Combined activity and volume condition for fraud advices and disputes in CEMEA.
Portfolio-level identifications means the entire operation comes under scrutiny, even if most merchants are performing well. This is why identifying and addressing problematic merchants early matters so much.
If an acquirer’s portfolio stays below the Above Standard threshold, Visa still monitors individual merchants. A single merchant can drive an acquirer into VAMP i if that single merchant exceeds causes the acquirer to exceed the region-specific thresholds.
Future Thresholds (Effective April 1, 2026):
The threshold in Asia Pacific, Canada, EU, and U.S. regions drops to ≥ 150 basis points (1.50%) for Excessive Merchants. This 32% reduction in the acceptable ratio means merchants who are borderline acceptable today will breach thresholds in 2026 unless their fraud and dispute performance improves.
Beyond fraud and disputes, VAMP requires acquirers to prevent merchants from exceeding enumeration thresholds:
Vamp enumeration
Share of enumerated authorizations out of all authorization transactions, including approved and declined.
Vamp enumeration
Minimum volume of authorization transactions, including approved and declined, used for enumeration evaluation.
Enumeration monitoring and prevention will prevent high-velocity authorization patterns. Merchants processing high volumes of declined authorization attempts relative to their approved transactions signals potential card testing activity.
The new VAMP math creates a strategic challenge for acquirers.
Here's a scenario you've probably encountered: You're an acquirer processing 10 million monthly transactions across 5,000 merchants. To stay below the 50 bps portfolio threshold, you can tolerate a maximum of 5,000 combined fraud advices and disputes monthly (10,000,000 × 0.005 = 5,000).
If just three merchants each generate 500 fraud advices and 500 disputes monthly, they collectively contribute 3,000 to your count, consuming 60% of your total allowable threshold. The remaining 4,997 merchants must share the remaining 2,000-fraud advice count buffer.
This is why the merchant types we're about to discuss may likely pose a disproportionate and concentrated risk. A subscription merchant with high disputes due to unrecognized charges or a marketplace with poor seller vetting can single-handedly push your portfolio toward threshold.
Visa designated June 1, 2025, through September 30, 2025, as an advisory period for the updated VAMP program. During this window, acquirers identified as exceeding thresholds receive warnings and guidance but face reduced penalties compared to full enforcement.
The advisory period ends October 1, 2025. After that date, full VAMP enforcement including fines, remediation requirements, and potential processing restrictions applies to entities exceeding thresholds.
This gives risk leaders a narrow window to:
Certain business models can naturally generate the transaction behaviors VAMP scrutinizes more closely. Here's what risk teams need to watch.
Every transaction is card-not-present (CNP). This creates maximum surface area for the fraud and dispute patterns VAMP monitors. Card-not-present fraud is projected to reach $49 billion globally by 2030, according to FICO's analysis of payment fraud trends. The shift to digital commerce has permanently elevated CNP fraud rates, and acquirers processing high volumes of ecommerce merchants face proportionally higher VAMP exposure.
The risk compounds when ecommerce merchants:
Subscription models face a structural VAMP challenge: customers frequently forget about recurring charges and dispute them, creating non-fraud disputes that VAMP tracks equally with fraud. Industry data shows subscription merchants consistently face higher chargeback rates compared to one-time purchase businesses, due to:
Each dispute counts toward your VAMP ratio, regardless of whether it's fraud or simply a forgotten subscription.
Platforms aggregating multiple sellers behind a single merchant account create unique VAMP exposure. The 2025 Global eCommerce Payments and Fraud Report from Merchant Risk Council notes that marketplace fraud prevention requires assessing risk across vastly different transaction values, product types, and seller behaviors simultaneously.
The challenge: you're underwriting the platform but processing transactions for hundreds or thousands of underlying sellers whose quality you don't directly control.
Problems spread quickly when:
Merchants selling downloadable content, gaming currency, streaming access, or other instantly-delivered digital products present ideal targets for fraud. There's no shipping delay to allow fraud detection to work. Stolen cards get tested, validated, and monetized within minutes.
These merchants generate authorization burst patterns that trigger VAMP's enumeration monitoring.
Small digital purchases create perfect conditions for:
Merchants processing many small transactions create volume that amplifies even modest fraud percentages. A mobile top-up service, digital tip jar, or micro-donation platform processing thousands of $5 to $15 transactions daily becomes an attractive target for enumeration attacks where fraudsters test stolen card data at scale.
The math works against you: even if 98% of transactions are legitimate, 2% fraud on high volume quickly breaches VAMP thresholds.
International commerce introduces latency, currency conversion complexity, and heightened mismatch risk between cardholder location and merchant location. Visa's Global Acquirer Risk Standards emphasize portfolio monitoring that accounts for cross-border transaction risk.
Cross-border merchants face elevated VAMP exposure when:
PSPs, PayFacs, and ISOs competing on speed-to-market often accelerate merchant approvals to win business. The Visa Payment Facilitator and Marketplace Risk Guide explicitly requires continuous monitoring because rapid onboarding increases the likelihood of approving merchants whose actual business model differs from what they presented during underwriting. In addition, giving up adequate underwriting for speed in onboarding often causes problems later on.
High merchant turnover creates portfolio variance. When you're onboarding hundreds of new merchants monthly, statistical probability guarantees some percentage will likely be problematic. The faster you onboard, the more critical your ongoing monitoring becomes.
Traditional fraud programs penalized individual merchants. VAMP operates differently. It measures your entire portfolio's health and applies consequences organization-wide when thresholds breach.
The business impact cascades:
One underwriting miss or one merchant whose behavior shifts post-approval can trigger portfolio-level consequences. This makes VAMP fundamentally a portfolio management challenge, not just a merchant-level screening problem.
Most acquirers and PSPs built their monitoring infrastructure before VAMP consolidated fraud and disputes into a single metric. The gap isn't technology. It's visibility into what merchants are actually doing versus what they said they'd do during underwriting.
Static underwriting creates a snapshot at approval time. Periodic reviews happen quarterly or annually. Generic transaction monitoring watches for velocity spikes and known fraud patterns. By the time these systems flag a problem, you're already trending into VAMP territory.
The signals that matter most for VAMP sit at the intersection of merchant behavior and transaction behavior:
These behavioral signals change continuously. They shift weeks or months before they show up in fraud reports or chargeback data. Without continuous monitoring that connects merchant-level intelligence with transaction-level patterns, you're operating with blind spots.
Staying below VAMP thresholds requires shifting from reactive fraud detection to proactive merchant risk intelligence. Here's what modern acquirer risk teams need.
Real-time analysis of merchant digital presence across:
Ballerine's merchant monitoring infrastructure analyzes these signals continuously, alerting you when merchant behavior drifts from their approved profile. You see issues weeks before they manifest as VAMP-triggering fraud or disputes.
Cross-checking transaction data against merchant reality:
Ballerine's transaction behavior intelligence identifies mismatches that indicate a merchant has quietly moved into higher-risk territory. A merchant approved for software sales suddenly processing transactions that look like gambling or subscription charges becomes visible before it impacts your portfolio ratio.
Visibility across your entire merchant portfolio segmented by:
This lets risk leaders answer critical questions: Which merchant segments are dragging our portfolio ratio up? Where are fraud-like patterns emerging? Which merchants require intervention before they breach thresholds?
Automated alerts when risk indicators shift:
Ballerine functions as a radar system for portfolio health, giving you the ability to take action before Visa's monthly VAMP calculations detect the problem.
VAMP isn't purely a compliance burden. It's forcing the industry toward better portfolio management practices that benefit everyone.
Transaction laundering and undisclosed high-risk activity hurt everyone in the payments ecosystem. Early detection through merchant behavior monitoring protects your acquiring license and processor relationships. When you can demonstrate proactive oversight, you maintain better standing with card schemes and partners.
Ballerine's merchant underwriting capabilities help acquirers validate merchant legitimacy before approval, reducing the likelihood of onboarding merchants who will later trigger VAMP thresholds.
Manual spreadsheet reviews don't scale with modern onboarding volumes. Automated cross-referencing of merchant intelligence with transaction patterns sharpens focus on the merchants that actually require human review. Your risk team spends time on genuine threats, not false positives.
The first 30 to 90 days of processing reveal merchant reality. Many merchants only show their true behavior patterns after approval. Continuous monitoring during this critical window catches problems while intervention is still straightforward and before portfolio-level impact accumulates.
Ballerine's merchant onboarding platform enables acquirers to implement enhanced monitoring from day one, ensuring new merchants don't quietly drift into high-risk territory during their early processing months.
Card scheme frameworks increasingly penalize acquirers that fail to detect masked activity early. Visa's VAMP represents one example. Mastercard's BRAM program operates similarly. Demonstrating contextual transaction monitoring capabilities positions your organization as a responsible acquirer that takes portfolio quality seriously.
Transaction laundering and behavioral drift happen disproportionately among small and mid-size merchants. These merchants form the long tail of most PSP and PayFac portfolios. They blend into high-volume onboarding and evade traditional monitoring built for large merchants. Merchant-level behavioral intelligence makes SME risk manageable at scale.
For PSPs and PayFacs managing large networks of agents and sub-merchants, Ballerine's partner oversight solution provides visibility into downstream risk that traditional monitoring misses.
VAMP marks a fundamental shift in how Visa holds acquirers accountable for portfolio quality. The program consolidates multiple fraud and dispute metrics into a single measure and applies consequences at the portfolio level. This changes the math for risk management.
You can no longer afford to monitor merchants in isolation. You need visibility into how individual merchant behaviors aggregate into portfolio-level risk exposure. You need intelligence that connects what merchants claim to be with what they actually process.
Traditional transaction monitoring built for consumer fraud detection misses the merchant behavior signals that predict VAMP exposure. The future of acquirer risk management requires layering merchant intelligence with transaction analysis. It requires continuous monitoring that treats merchant relationships as living entities whose risk profiles shift over time.
The acquirers and PSPs who embrace this approach won't just stay compliant with VAMP. They'll build safer, more profitable portfolios. They'll identify high-potential merchants who need support versus high-risk merchants who need offboarding. They'll grow faster because they can confidently approve merchants other acquirers reject, knowing they have the monitoring infrastructure to manage the risk.
Protecting your portfolio from VAMP exposure starts with visibility. Explore how Ballerine's continuous merchant monitoring and transaction intelligence platform helps acquirers stay below VAMP thresholds while supporting sustainable growth.
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
