Some payment facilitators (PayFacs) and independent sales organizations (ISOs) are now receiving requests from their acquiring banks to pay fees related to Visa's Acquirer Monitoring Program (VAMP). In several recent cases we have reviewed, detailed transaction data shows a disconnect: the PayFac or ISO merchants are not the ones driving the acquirer's VAMP exposure.
This pattern is increasing. An acquirer enters VAMP monitoring, then allocates costs or remediation requirements downstream to PayFacs and ISOs in their portfolio. The problem is structural. VAMP is assessed at the acquirer's total card-not-present (CNP) portfolio level, not at the individual PayFac level. This creates a misattribution risk.
VAMP is fundamentally a performance model, not a merchant category code (MCC) model. Visa monitors acquirers based on a count-based ratio calculated from CNP activity:
(TC40 fraud reports + TC15 dispute claims) ÷ TC05 settled transactions
VAMP ratio
Count of Fraud Advices (TC40) plus Disputes (TC15), divided by the count of Sales Transactions (TC05).
Visa also monitors card testing activity, known as enumeration, through authorization behavior patterns. This means an acquirer can be flagged for VAMP monitoring even when dispute ratios appear acceptable if there is detectable enumeration activity in the portfolio.
When an acquirer's ratio crosses Visa's threshold, the acquirer enters monitoring. Visa may impose penalties, require action plans, or in severe cases, restrict processing capabilities.
The challenge for PayFacs and ISOs is that they operate as a subset of the acquirer's total portfolio. If the acquirer is flagged, the acquirer may look downstream to allocate responsibility. However, VAMP metrics aggregate across all merchants processed by the acquirer, not just those onboarded through a specific PayFac or ISO.
In practice, we see acquirers taking one of two approaches when they enter VAMP:
The second approach is more defensible, but only if the data is accurate. In cases we have reviewed, the actual drivers of VAMP exposure were legacy merchant portfolios, high-risk verticals processed directly by the acquirer, or other downstream partners with weaker underwriting standards.
Example: Timeline Misalignment
In one case we analyzed, an acquirer entered VAMP monitoring in Q2 2025. A PayFac partner had onboarded merchants starting in Q4 2024. The acquirer attributed a portion of VAMP costs to this PayFac.
When we examined the transaction data:
The ratio pressure was driven by existing merchants in unrelated verticals. The PayFac merchants were performing better than the portfolio average.
PayFacs and ISOs that are being asked to absorb VAMP costs should approach this with transaction-level evidence. The conversation needs to shift from assumptions to data.
Break the acquirer's VAMP ratio into components:
Calculate the ratio for your sub-portfolio and compare it to the overall acquirer ratio.
If your ratio is significantly below the acquirer's threshold, this is direct evidence that your merchants are not the source of VAMP pressure.
We recommend requesting monthly TC40, TC15, and TC05 reports segmented by merchant identification number (MID) from the acquirer.
Most acquirers have access to this data through their Visa reporting dashboards but do not proactively segment it.
Card testing (enumeration) is a distinct VAMP trigger. It involves automated scripts testing stolen card numbers through small authorization attempts.
Visa detects this through patterns such as:
Demonstrate whether confirmed enumeration activity is occurring on your merchant set or elsewhere in the acquirer portfolio. This typically requires authorization-level data, not just settlement data.
In one case we reviewed, an acquirer flagged a marketplace platform for enumeration activity. The platform's authorization decline rate was within industry norms for their vertical.
The actual enumeration was traced to a separate merchant group processing digital goods with an elevated decline rate and clear bot traffic signatures.
Show that your merchants do not exhibit the operating patterns that typically drive VAMP exposure:
These controls are measurable. We look for evidence such as refund-to-sale ratios below 5%, chargeback rates below 0.50%, and authorization retry limits enforced at the gateway level.
Merchants with strong risk mechanics are statistically less likely to generate TC40 and TC15 reports.
Overlay the acquirer's VAMP ratio deterioration timeline with your merchant onboarding dates. If the ratio worsened before your merchants began processing, or if the deterioration rate did not change after onboarding, this supports non-attribution.
Request month-over-month VAMP ratio data from the acquirer. Compare:
If the slope of deterioration remains constant or improves post-onboarding, your merchants are not the driver.
Example: Authorization Velocity Analysis
In another case, a PayFac was asked to implement additional enumeration controls after their acquirer entered VAMP. We analyzed authorization patterns across the PayFac's merchant portfolio:
These metrics indicated normal consumer behavior, not card testing activity. When the acquirer examined their full portfolio, they identified a different merchant segment with:
The enumeration pressure was concentrated in merchants the PayFac had not onboarded.
PayFacs and ISOs should not be absorbing VAMP-related penalties simply because they exist in an acquirer's portfolio. Responsibility needs to follow measurable contribution, not convenience.
When the conversation is grounded in TC40, TC15, TC05, and authorization-level enumeration data, the allocation discussion changes. Acquirers that operate with transparency and segmented reporting can identify the actual sources of VAMP pressure. Those that do not often default to blanket allocation, which penalizes well-performing partners.
We recommend that PayFacs and ISOs:
This is not a theoretical exercise. In cases we have reviewed, teams that bring transaction-level data to VAMP allocation discussions have successfully challenged unwarranted fees. Those that rely on aggregate assurances or reputation are more likely to absorb costs they did not create.
The attribution model described here requires infrastructure. Risk teams need:
Most acquirers do not provide this level of reporting by default. PayFacs and ISOs that build or integrate these capabilities are better positioned to defend against misattributed VAMP costs.
Building a VAMP attribution case requires organized merchant data and clear documentation of risk controls. Ballerine provides merchant risk infrastructure that helps PayFacs and ISOs maintain visibility into their merchant portfolios.
Our platform supports merchant monitoring and partner oversight, helping risk teams analyze merchant business models, track policy compliance, and identify potential violations. While we do not calculate VAMP ratios or provide TC40/TC15 data (which comes from card schemes and acquirers), we help organize merchant-level evidence that can support attribution discussions.
Teams use our tools to document merchant risk mechanics, track fulfillment practices, and maintain audit trails that demonstrate portfolio quality. This type of structured merchant data can be relevant when discussing responsibility for acquirer-level VAMP exposure.
Learn more about our merchant monitoring and partner oversight capabilities.
.png){kind=logo}
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.png)
