Visa’s new VAMP program raises the bar for merchants: Here’s what you need to do to stay compliant

by avoided.io

Share this post

With Visa’s VAMP program introducing stricter compliance measures, are you prepared to navigate these changes and safeguard your business?

Introduction to VAMP

Visa’s Acquirer Monitoring Program (VAMP) is designed to uphold the integrity of the payment ecosystem by consolidating risk monitoring efforts. Effective April 1, 2025, VAMP will integrate the Visa Fraud Monitoring Program (VFMP) and the Visa Dispute Monitoring Program (VDMP) into a unified framework with stricter thresholds. This consolidation aims to streamline oversight of acquirer and merchant risk, ensuring adherence to high standards of transaction security.​

VAMP overview and key dates

  • Effective April 1, 2025: VAMP integrates VDMP and VFMP into a unified framework with stricter thresholds.​
  • Advisory period extension: Originally set for three months, the advisory period will now last until October 1, 2025, giving businesses additional time to adjust without penalties.​
  • January 1, 2026: Even stricter thresholds will go into effect.​

Who VAMP affects

VAMP impacts acquirers and merchants involved in card-absent transactions. Merchants exceeding specified thresholds will be classified as “excessive,” potentially facing fines, heightened scrutiny, or processing restrictions. Understanding these classifications is crucial for businesses to maintain compliance and avoid penalties.​

VAMP Ratio and Thresholds

The VAMP ratio is calculated as:

(Fraudulent transactions + non-fraud disputes)/Total settled card-absent transactions​

Key components include:

  • Fraud data: Sourced from TC40 reports.​
  • Non-fraud disputes: Include Visa reason codes 11, 12, 13, and TC 15 messages.​
  • Exclusions: Disputes resolved through Rapid Dispute Resolution (RDR), CDRN, or Compelling Evidence 3.0 (CE 3.0) are excluded.​

Enrollment thresholds by region:

  • 1.5% (150 bps): US, Canada, Europe, CEMA, and AP regions.​
  • 0.9% (90 bps): LAC region.​

Minimum monthly disputes:

  • 1,000 disputes required for enrollment (both merchants and acquirers).​

2026 classifications:

  • Above standard: 0.3% dispute ratio (new tier for 2026).​
  • Excessive: 0.9% dispute ratio + minimum 1,000 disputes

New metric: VAMP enumeration ratio

Visa will monitor large-scale card testing attacks (enumeration). Merchants with fewer than 300,000 enumerated transactions are excluded from this metric.​

VAMP fees and compliance penalties

  • Acquirers above standard: $5 per fraudulent/disputed transaction.​
  • Acquirers excessive: $10 per transaction.
  • Merchants excessive: $10 per transaction.​

Grace period: No fees from April to September 2025. Enforcement begins October 1, 2025.​

Strategies for compliance

To navigate VAMP’s stringent requirements, merchants should adopt the following strategies:

  1. Implement robust fraud prevention tools: Utilize Address Verification Service (AVS), Card Verification Value (CVV) validation, and real-time fraud detection systems to identify and prevent fraudulent transactions.​
  2. Enhance dispute resolution processes: Leverage tools like Rapid Dispute Resolution (RDR), Order Insight® (OI), Compelling Evidence 3.0 (CE 3.0), and the Chargeback Dispute Resolution Network (CDRN) to address disputes promptly and effectively.​
  3. Regular monitoring of transaction metrics: Consistently track dispute ratios and transaction trends to ensure they remain below VAMP thresholds.​
  4. Staff education and policy updates: Regularly train staff on fraud prevention techniques and update internal policies to align with VAMP requirements.​

Understanding key tools for compliance

Rapid dispute resolution (RDR)

RDR is Visa’s automated resolution tool that allows merchants to pre-authorize refunds for specific dispute conditions. If a dispute matches set rules (e.g., low dollar amount, repeat customer), RDR issues an instant refund—preventing a formal chargeback and keeping your VAMP ratio clean.​

How RDR helps reduce VAMP ratio:

  • Customisation: Merchants can tailor RDR rules based on amount, region, and product type.​
  • Automation: Automatically issues refunds for disputes that would lead to chargebacks.​
  • Prevention: Avoids fees and negative dispute metrics by resolving disputes before they escalate.​

Order Insight® (OI)

Developed by Visa-owned Verifi, Order Insight® enables merchants to share transaction details directly with the issuer when a customer questions a charge.​

How OI helps reduce VAMP ratio:

  • Transparency: Provides product descriptions, shipping data, tracking info, and user activity to issuers.​
  • Dispute reduction: Reduces “unrecognized transaction” disputes by clarifying transaction details.​
  • Empowerment: Allows issuers to resolve customer confusion before it becomes a chargeback.​

Compelling Evidence 3.0 (CE 3.0)

CE 3.0 is Visa’s enhanced evidence framework that supports merchants in challenging chargebacks for unauthorized transactions under reason code 10.4. To successfully dispute a claim using CE 3.0, a merchant must present:

  • At least two prior undisputed transactions using the same card.
  • Supporting data such as:
    • Matching IP address
    • Matching Device ID
    • Matching account login ID (email or username)
    • Shipping address (if applicable)

How CE 3.0 helps reduce VAMP ratio:

By providing this robust set of proof, CE 3.0 helps merchants prevent fraudulent claims from counting toward their dispute totals. The more unauthorized claims you can successfully challenge, the lower your VAMP ratio will remain.

Chargeback dispute resolution network (CDRN)

CDRN, another solution by Verifi, empowers merchants to resolve disputes in real-time, before they become chargebacks. It connects directly with issuers, providing a chance to respond instantly to pending disputes.

How CDRN helps reduce VAMP ratio:

  • Early Detection: CDRN detects disputes as soon as issuers initiate them.
  • Real-Time Alerts: Merchants receive notifications, enabling them to act quickly.
  • Flexible Resolution: Merchants can choose whether to issue a refund, contact the customer, or supply documentation, depending on the case.

This rapid response capability prevents many disputes from escalating into full chargebacks.

avoided.io: A strategic partner for VAMP compliance

As VAMP ushers in a new era of dispute monitoring and chargeback accountability, merchants need robust infrastructure to stay compliant. avoided.io offers native support for all of Visa’s approved tools, including RDR, OI, CE 3.0, and CDRN.

How avoided.io helps:

  • Automated RDR management: Configure refund rules easily and automatically handle low-risk disputes before they escalate.
  • Integrated order insight: Share rich transaction metadata directly with issuers, reducing confusion-driven chargebacks.
  • CE 3.0-ready evidence packages: avoided.io captures, stores, and compiles compliant evidence for fraud disputes on demand.
  • Real-time alerts via CDRN: Get immediate notifications of potential chargebacks, with built-in dashboard visibility and action tools.

“VAMP is the most significant change to Visa’s compliance structure in years. We’re here to ensure merchants don’t just meet the requirements—they stay ahead of them, ” —Rolands Selakovs, founder & CEO of avoided.io.

With a modular no-code integration, intuitive dashboards, and adaptive machine learning, avoided.io ensures that your business meets and thrives under Visa’s evolving standards.

Conclusion: Stay ahead of the curve

Visa’s VAMP framework is more than a compliance challenge—it’s an opportunity. Merchants that proactively invest in dispute prevention, evidence management, and fraud intelligence will not only dodge penalties but also build stronger, more resilient operations.

Tools like RDR, Order Insight, CE 3.0, and CDRN are no longer optional. They are essential components of a modern payment strategy.

If you’re ready to turn compliance into a competitive advantage, make sure you’re equipped with the right technology and partners to support your journey. VAMP is here. The time to act is now.

For more insights or to learn how avoided.io can support your compliance roadmap, visit avoided.io.

Original-on-Transparent
Article by avoided.io

More To Explore

Membership

Merchant Community Membership

Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.

Welcome

Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?