The Blog

NextGen Payment Newsletter

VAMP, CE3.0 & RDR: Merchant and Acquirer Impacts

understanding-the-new-visa-acquirer-monitoring-program-vamp-and-its-implications-for-merchants-and-acquirers

Key Summary

      VDMP and VFMP will be retired on 31st March 2025, merging into the new VAMP Framework.

Unified Metrics
  • Unified Metrics : Fraud and non-fraud disputes are now tracked under a single metric.

Timeline of Implementation
  1. April 1–June 30, 2025 : 90-day advisory period with no fines; stakeholders must prepare for compliance.
  2. July 1, 2025 : Fines begin for exceeding thresholds.
  3. January 1, 2026: Final threshold reductions enforced globally.

Current Visa Programs

  • As of April 1st, 2025, Visa will consolidate multiple fraud and dispute programs into a single, comprehensive Acquirer Program

Why This Matters :
  1. Acquirers have greater control over merchant onboarding, Risk policies, and fraud prevention strategies.
  2. Merchants will no longer be directly accountable under specific Visa programs.
  3. April 1–June 30, 2025 : 90-day advisory period with no fines; stakeholders must prepare for compliance.

Current Visa Program Thresholds

Program Monthly Threshold
VFMP Early Warning $50,000 and 0.65% of sales value
VFMP Standard $75,000 and 0.9% of sales value
VFMP Excessive $250,000 and 1.8% of sales value
VDMP Monthly Threshold
VDMP Early Warning 0.65% chargeback ratio and 75 chargebacks
VDMP Standard 0.9% chargeback ratio and 100 chargebacks
VDMP Excessive 1.8% chargeback ratio and 1,000 chargebacks
VAMP Program Threshold
VCMP Card-Absent Dispute Threshold 750 disputes and 1% dispute ratio
VAMP Card-Absent Fraud Threshold $500,000 in card-absent fraud and 1% fraud-to-sales ratio

New Vamp Ratio Calculation

  • The Visa Acquirer Monitoring Program (VAMP) will replace VFMP, VDMP, and VCMP. The new rules will dramatically shift how acquirers manage fraud, with a focus on the entire merchant portfolio.
TC40 + TC15 (RDR + CE3.0)
CNP settled transactions

Key Changes Under VAMP :
  1. Acquirers are responsible for the fraud and dispute performance of the entire merchant portfolio.
  2. No early warning system: Visa will not provide early warning signals for acquirers.
  3. Grace period for first-time offenders : Acquirers will get a three-month grace period for first-time infractions

New Vamp Ratio Fines

Key Changes Under VAMP:
  • Exiting VAMP : Acquirers can exit VAMP by bringing their fraud ratio below the threshold in the following month
Levels Fine Amount (Per dispute)
Above Standard Acquirer $5 for card-not-present (CNP) TC40 fraud and TC15 non-fraud disputes
Excessive Acquirer $10 for CNP TC40 fraud and TC15 non-fraud disputes
Excessive Merchant $10 for CNP TC40 fraud and TC15 non-fraud disputes

What Happens If a Merchant Exceeds the VAMP Threshold?

  • ✅  The Merchant Faces No Direct Penalties from Visa
  • ❌  But the Acquirer May Take Action Against the Merchant

Potential Actions by Acquirers :
  1. Stricter Acquirer Limits: Acquirers may impose stricter chargeback thresholds.
  2. Financial Consequences: Merchants may face increased fines, reduced authorisation rates, and higher reserve requirements.
  3. Operational Adjustments: Merchants must optimise fraud prevention and improve dispute management.

Example: How “Low Risk” Merchants Can Still Cause Issues

  • Even low-risk merchants can collectively push an acquirer above the compliance threshold. Here’s an example :
  • Key Takeaway: Even low-risk merchants can collectively push an acquirer above the compliance threshold.

Merchant VAMP Ratio (bps) Above Visa’s 0.90% Limit? Impact on Acquirer?
Merchant A 0.85% (85 bps) ❌ No Adds risk to acquirer
Merchant B 0.60% (60 bps) ❌ No Adds risk to acquirer
Merchant C 0.40% (40 bps) ❌ No Adds risk to acquirer
Merchant D 0.25% (25 bps) ❌ No Minimal Impact
Acquirer Portfolio 0.72% (72 bps) ✅ Yes (VAMP Triggered) Acquirer penalised

How NextGen Payment Can Help

  1. As VAMP goes live in April 2025, acquirers and merchants must act now to ensure compliance and minimise operational risk. Here’s how NextGen Payment can help :
  • ✅ VAMP Compliance Assessments : Analyze your fraud exposure and provide actionable strategies.
  • ✅  RDR & CE3.0 Implementation : Reduce fraud ratios and stay within Visa's limits.
  • ✅  Portfolio Optimization & Merchant Risk Segmentation : Prioritise high-risk merchants and reduce overall fraud ratios.

👉🏻 Need Assistance? Contact Us for VAMP Compliance

Enumeration Ratio Calculation

  • Enumeration attacks are a growing concern for merchants and acquirers. Here’s how the enumeration ratio is calculated :

Key Changes Under VAMP :

Count of Enumerated Transactions
Count of Total Sales

Preventing Enumeration Attacks:
  1. Implement strong bot detection systems
  2. Use fraud prevention tools like Visa's VAAI (Visa Anti-Attack Intelligence) model.

Glossary

  • CE3.0 (Compelling Evidence 3.0): A Visa initiative that allows merchants to use historical data to prevent chargebacks.
  • RDR (Rapid Dispute Resolution): A Visa service that automatically resolves disputes before they turn into chargebacks.
  • VAMP (Visa Acquirer Monitoring Program): A new consolidated fraud and dispute monitoring program replacing VFMP and VDMP.

TC40 (Fraud Report - Visa Risk Identification Service) :
  • A fraud notification report Visa generates when issuers identify confirmed fraud transactions on a Visa card.
  • Even if no chargeback occurs, TC40 data helps acquirers and merchants track fraudulent transactions before disputes escalate.

TC15 (Dispute Monitoring Report):
  • A Visa report used to track disputed transactions, especially fraud-related chargebacks under reason code 10.4 (Fraud - Card Absent Environment). It provides details on which transactions have been formally disputed and helps merchants assess chargeback risks.

Enumeration (Card Testing Fraud) :
  • Fraudsters use automated bots to rapidly test thousands of stolen card details on a merchant’s checkout page to find valid payment credentials.
  • Small-value transactions (e.g., $0.10 or $1.00) are used to verify if a card is active and usable before attempting larger fraud transactions.
  • Merchants who experience sudden spikes in declined transactions with multiple card attempts should investigate potential enumeration attacks.

CNP (Card Not Present) Transactions : Occurs when a payment is processed without a physical card present, such as:

  • E-commerce purchases (online checkouts)
  • MOTO (Mail Order / Telephone Order) transactions
  • Digital wallets or subscription billing

NextGen Payment provides secure transactions, fraud prevention, and banking solutions for high-risk businesses worldwide.