Why the real risk of Visa’s new monitoring program goes beyond the penalties — it’s the business you’ll never see again.
Visa’s new Acquirer Monitoring Program — VAMP — has been live since April 2025, and the payments industry has been buzzing ever since.
The conversation usually goes something like this:
“Your VAMP ratio needs to stay under threshold. Watch your chargebacks. Reduce your TC40s. Prepare for enforcement.”
All true. All important.
But here’s what most of that conversation misses:
The fine isn’t the real threat. The lost business is.
What VAMP Actually Does
VAMP consolidates what used to be five separate Visa programs into a single unified framework — one ratio, one system, one point of accountability.
At its core, VAMP measures a combined fraud-and-dispute ratio across your entire card-not-present transaction volume. Fraud reports and chargebacks are no longer tracked separately. They’re combined — and in many cases, fraud-related disputes are counted twice.
That last part matters more than most merchants realize.
If a TC40 fraud report results in a chargeback, it inflates your ratio from both sides simultaneously. A single bad transaction hits you twice. And the thresholds are tightening: what’s currently 2.2% for merchants in most regions drops to 1.5% in April 2026.
Acquirers face their own thresholds — 0.50bps at the “Above Standard” level, 0.70bps at “Excessive” — and they’re now responsible for the performance of their entire merchant portfolio. That means even merchants who stay within their own limits can create problems for their acquirer if their fraud and dispute patterns are consistently elevated.
Enforcement began October 1, 2025. Penalties are real: $8 per disputed transaction at the Excessive level, for both merchants and acquirers.
The Conversation Everyone Is Having
Most of the VAMP coverage focuses on compliance mechanics:
- How to calculate your ratio correctly
- How to use RDR, CDRN, and CE 3.0 to exclude disputes from the count
- How to monitor TC40 and TC15 data
- How to stay below threshold before enforcement escalates
This is necessary. If you’re not monitoring these metrics, you need to start immediately.
But reducing VAMP to a compliance exercise misses the underlying dynamic that created the problem in the first place.
The Conversation We Think You Should Be Having
Chargebacks and fraud reports don’t appear out of nowhere.
They are the downstream consequence of decisions made — or not made — earlier in the transaction lifecycle.
A chargeback is what happens when a fraud signal goes undetected at checkout and then continues undetected through fulfillment. It’s the bill that arrives after the problem has already compounded.
Most fraud prevention systems are designed to catch risk at checkout. That’s where the rules are applied, the scores are calculated, the approve-or-decline decision is made. And for the most obvious fraud, this works reasonably well.
But modern fraud — especially the kind that drives sustained VAMP ratio problems — doesn’t look dangerous at checkout.
It passes the initial checks. It gets approved. And then it waits.
The address changes post-payment. The delivery destination shifts. The account shows unusual engagement with support. The purchase behavior doesn’t match any prior history. By the time a TC40 report appears in your data, the goods are gone, the dispute is filed, and your ratio has already moved.
You’re not failing at chargeback management. You’re failing at post-payment visibility.
What This Looks Like in Practice
One of our clients operates in one of the highest-risk verticals in e-commerce — a market where fraud exposure is elevated, but the bigger threat is friendly fraud: chargebacks filed by real customers, sometimes intentionally, sometimes not.
Their collaboration with FUGU started in a focused, targeted way: analyzing only the highest-risk orders. Logical. Efficient. And, as it turned out, not enough.
Because the orders quietly undermining their chargeback ratio weren’t the ones that looked dangerous. They were the ones that looked fine.
Friendly fraud passes every checkout signal. The card is real. The identity is real. The address matches. There is nothing at the moment of purchase to distinguish a legitimate customer from someone who will dispute the charge later.
By focusing only on high-risk orders, they were catching the fraud they could see. The fraud they couldn’t see kept compounding — until Visa noticed.
Their chargebacks climbed into VAMP territory. Their acquiring banks responded: use third-party fraud prevention tools, or lose access to processing. They implemented one of the most widely deployed checkout-level platforms in the market.
It cancelled close to 60% of incoming orders.
For a merchant already under pressure, losing more than half of their revenue wasn’t a solution. It was a different kind of crisis. And it illustrates the exact trap that VAMP creates when approached purely as a compliance problem: tighten controls enough to satisfy the ratio, and you quietly destroy the business you were trying to protect.
When the collaboration with FUGU was restructured to cover all orders — with continuous post-payment monitoring across the full transaction lifecycle — the picture changed.
Chargebacks dropped. Order rejection rates fell. The client exited the VAMP program entirely. And every other fraud prevention platform was removed — FUGU became the single, fully customized layer.
Not by blocking more. By finally seeing what was actually happening after checkout.
VAMP has clarified one thing the industry has been slow to accept: dispute management tools alone are not a fraud prevention strategy.
Tools like CDRN, RDR, and Ethoca Alerts are valuable. They allow merchants to resolve disputes before they become formal chargebacks — potentially keeping them outside the VAMP ratio calculation. For merchants under threshold pressure, they can buy time and reduce exposure.
But they’re reactive. They tell you a dispute has been filed. They don’t stop the fraud from happening.
For merchants with sustained fraud exposure — especially in high-risk verticals — the right architecture covers the full lifecycle of a payment:
Pre-payment signals catch the most obvious fraud before checkout. Basic hygiene, but necessary.
Post-payment monitoring catches behavioral risk in the window between approval and fulfillment — where the signals that precede friendly fraud and policy abuse actually live.
Alert integration manages disputes that escalate despite prevention, resolving them early enough to stay outside the VAMP count.
Evidence collection builds a documented customer interaction trail for chargeback disputes that still go through.
Each layer reduces ratio exposure differently. Combined, they address fraud where it actually lives — not just at the moment of checkout, but across everything that comes after.
The Number Nobody Is Talking About
Every VAMP conversation focuses on the ratio. On the threshold. On the $8-per-transaction fine.
Here’s the number that should concern you more:
80% of declined transactions are legitimate customers.
For every fraudulent order your tighter controls block, roughly four real customers are turned away. Their revenue disappears. Their loyalty disappears. And none of that damage appears in your VAMP ratio — it appears somewhere else, quietly, in your business.
The merchants and PSPs who navigate VAMP well won’t be the ones who declined their way to compliance.
They’ll be the ones who built enough visibility across the transaction lifecycle to protect revenue on both sides — approving more with confidence, and catching fraud where it actually hides: after checkout, in the behavior that precedes the dispute.
Fixing your VAMP ratio by over-tightening controls isn’t a win.
It’s trading one problem for a quieter one.
Every payment counts. Make sure you’re not letting VAMP make that decision for you.