Digital Transactions Authoritative, insightful and timely information for payments professionals
There’s another acronym joining the payments world: VAMP is a new set of security measures and requirements coming from Visa. The full name is “Visa Acquirer Monitoring Program,” and it brings with it new challenges — and protections — for merchants, acquiring banks, and partners building payment solutions.
Why does VAMP exist?
The payment ecosystem is evolving: More consumers, more merchants, bigger enterprise players, millennial leaps in the ways people pay — it all comes with elevated fraud, disputes, and enumeration challenges.
Enumeration — or “card testing” — is the rapid, brute-force attack in which fraudsters bulk test stolen card data for validity; it leads to annual losses in the billions. Disputes are another concern. They occur when consumers call purchases into question. According to the Wall Street Journal, they resulted in $11 billion worth of charges with U.S. card issuers in 2023 alone.
The risks in ecommerce are rising. The challenges are becoming more sophisticated, automated, and pervasive. VAMP is being rolled out to help deal with these issues.
The new program aims to streamline how Visa tracks and addresses fraud, disputes, and chargebacks in payments — notably where they occur in online, card-not-present transactions. Existing security measures helped Visa prevent over $40 billion in fraud in 2023. That staggering number, however, foretells the need for payment processing to up its game. With VAMP, Visa says it “seeks to ultimately reduce fraud and enumeration across the global payments ecosystem by helping acquirers improve their risk controls.”
Visa is setting out to create seamless controls and processes that they claim will tackle four times the amount of global fraud, significantly reduce loss, and make the ecommerce world a safer place for everyone.
How VAMP works
The new program is built on the twin pillars of the Visa Dispute Monitoring Program and the Visa Fraud Monitoring Program, creating a new, singular pillar with some significant new processes, rules, and requirements entering the mix. The program uses a formula to determine a “VAMP ratio,” which is calculated by dividing the sum of fraud and dispute transaction counts by the number of settled transactions. This ratio becomes the core metric for Visa’s monitoring compliance.
The VAMP ratio includes both fraud reports (TC40) and all disputes (TC15), which means fraud-related disputes are actually counted twice. So if a TC40 report leads to a chargeback, it will impact your VAMP ratio even more.
Know your limits
VAMP ratios determine thresholds for merchants and acquirers. If they exceed their limits, these players become identified as “high-risk,” a label that, in Visa’s world, comes with penalties in the form of fines and heightened monitoring.
Starting April 1, 2026, that means an acquirer VAMP ratio of 0.7% and a merchant ratio of 1.5% are considered “excessive” — and they may get hit with higher fees and penalties.
Riskified has a more in-depth look at essential VAMP information on their site.
The burden for merchants, partners, and acquirers
While VAMP brings new levels of security and protection, it also comes with significant stressors for the merchants with whom you work. In this new era, they may be looking at:
● Increased scrutiny from Visa and their acquirers if they exceed VAMP thresholds.
● Penalties for failing to comply with new rules — and staying within acceptable ratios.
● Stronger prevention measures to help them mitigate fraud, settle disputes, and stay within required thresholds.
Prepare for VAMP
While VAMP will require effort from those who work with Visa, payment processors like North have been anticipating its arrival. There are security options that can help shoulder a merchant’s compliance burden — and prepare them for the stricter requirements of VAMP.
Here’s 3 good ways to prepare your merchants for VAMP:
1. Bulk up on security
Enhanced fraud protection can help mitigate the VAMP challenge. Protocols such as 3-D Secure are already used by North companies, and it’s legally mandated in Europe. 3-D Secure bolsters existing security measures, adding an extra layer of protection for online credit and debit card transactions. By verifying the cardholder’s identity with their bank during the checkout process, (think passwords, codes, multi-factor authentication and biometric verifications), 3-D Secure can significantly reduce fraud and chargebacks while providing more confidence for both merchants and cardholders in online transactions.
2. The need for speed
Having the ability to control a business’s velocity settings is also key to the security mix. This is an essential tool when combatting card testing. Velocity control enables a business to set the amount of times a source can try card information — effectively hobbling the enumeration game played by so many fraudsters. As card testing is a key focal point for VAMP, deploying this tool can make an enormous difference.
3. Take the smart route
Intelligent gateway routing and cascading are powerful tools for elevating authorization rates. This resource helps direct transactions to the MIDs that will approve a transaction, cascading failed payments to additional banks within a payment ecosystem to keep authorization rates higher. Higher rates mean less chargebacks, and overall transaction success keeps a business in VAMP’s good graces.
North can help with VAMP
These new security requirements may mean a bit of work, but the results will be a more secure, safer ecommerce world. Finding the right payments solutions can alleviate concerns, help you carry the requirements weight, and, ultimately, make better-informed business decisions.
Are your merchants ready for processing in the age of VAMP? North is here to help you make the right decisions — and we have a host of solutions to fit any size business. Visit us to learn more.
