Visa overhauled its dispute monitoring system in 2025, replacing the legacy Visa Dispute Monitoring Program (VDMP) and Visa Fraud Monitoring Program (VFMP) with a unified framework called the Visa Acquirer Monitoring Program (VAMP). For merchants, understanding VAMP is critical, exceeding thresholds can result in significant fines and jeopardize your ability to accept Visa cards.
ConvesioPay helps WooCommerce merchants stay below Visa thresholds with built-in fraud rules, 3D Secure, and real-time dispute monitoring. Get started →
1. What Is VAMP?
VAMP (Visa Acquirer Monitoring Program) is Visa’s framework for monitoring acquirers and, through them, merchants with elevated fraud and dispute rates. Introduced in 2025, VAMP consolidates what were previously three separate programs into a single, acquirer-focused monitoring system.
VAMP evaluates two primary metrics:
- VAMP Ratio — the combined rate of enumeration fraud and non-fraud disputes relative to total settled transactions
- TC40 (fraud) Ratio — the rate of fraud-related disputes specifically
Merchants who trigger VAMP thresholds are flagged to their acquirer (payment processor), who must then implement remediation or face fines themselves. The acquirer pressure flows down to merchants.
2. VAMP Thresholds and Tiers
VAMP uses a tiered structure:
| Tier | VAMP Ratio | Monthly Transactions | Consequence |
|---|---|---|---|
| Standard (no action) | Below 0.3% | Any | None |
| VAMP Notification | 0.3%–0.5% | Any | Acquirer notified; monitoring begins |
| VAMP Remediation | Above 0.5% | 1,000+ | Remediation plan required; fines may apply |
Merchants processing fewer than 1,000 transactions/month may have different treatment VAMP primarily targets higher-volume merchants, but smaller merchants can still be flagged through their acquirer’s internal risk management.
3. How VAMP Differs from Legacy VDMP/VFMP
Key differences from the programs VAMP replaced:
| Legacy VDMP/VFMP | VAMP (2025) | |
|---|---|---|
| Who is monitored | Merchant directly | Acquirer (with merchant-level data feeding in) |
| Metrics | Separate fraud and dispute ratios | Combined VAMP ratio + TC40 ratio |
| Enumeration fraud | Not separately tracked | Explicitly included in VAMP ratio |
| Fine structure | Merchant fined directly | Acquirer fined; pressure passed to merchant |
| Remediation | Merchant managed independently | Acquirer accountable for remediation |
The shift to acquirer accountability means your payment processor has a stronger incentive to manage your chargeback and fraud rates, which is both a protection (they’ll warn you earlier) and a pressure point (they may restrict or terminate processing for persistent violations).
4. Enumeration Fraud and VAMP
One of VAMP’s most significant changes is the explicit inclusion of enumeration fraud in the monitored metric. Enumeration fraud (also called card testing or credential stuffing) occurs when fraudsters run automated attacks against your checkout to test whether stolen card numbers are valid.
Card testing attacks generate large numbers of small transactions (often $0 or $1 authorization attempts) that — if they complete — become fraud disputes. VAMP now holds merchants accountable for the fraud exposure created by these attacks.
Mitigation measures for enumeration fraud:
- Bot detection and CAPTCHA on checkout
- Rate limiting on payment attempts
- Velocity rules (multiple failed attempts from same IP/device)
- 3DS authentication requirements
- Monitoring for unusual authorization patterns (many small transactions)
5. Staying Below VAMP Thresholds
The target is to stay below 0.3% VAMP ratio, below the notification threshold. Tactics that directly lower your VAMP ratio:
- 3D Secure — authenticated transactions reduce fraud disputes that feed into the VAMP ratio
- Bot/enumeration protection — prevents card testing attacks that generate TC40 fraud reports
- Fraud rules and risk scoring — catch fraudulent orders before they settle
- RDR enrollment — resolves qualifying disputes pre-chargeback, keeping them out of the VAMP calculation
- Clear billing descriptors — reduces “unrecognized transaction” disputes
6. What Happens If You Enter VAMP Remediation
If your acquirer is flagged under VAMP due to your transaction profile:
- Your acquirer contacts you with a remediation requirement
- You must submit a remediation plan addressing root causes
- Monthly review of your metrics against the plan
- If metrics don’t improve, the acquirer may impose restrictions — reduced processing limits, reserve requirements, or termination
VAMP remediation is not a one-off event, you must demonstrate sustained improvement. Most acquirers expect a clear downward trend in the first 30–60 days of a remediation plan.
7. Mastercard’s Chargeback Monitoring Programs
Mastercard’s equivalent programs — the Excessive Chargeback Program (ECP) and Excessive Fraud Merchant (EFM) program — operate separately from VAMP. ECP thresholds are 1.5% chargeback ratio and 100 chargebacks/month for Standard level. EFM monitors fraud-to-sales ratios independently.
For ratio calculation details and how to calculate your own rate, see Chargeback Ratio: Understanding Thresholds and How to Stay Below Them.
Stay compliant with Visa VAMP requirements. ConvesioPay includes 3DS, fraud rules, RDR, and bot protection to keep WooCommerce merchants in good standing. Get started →