- Threshold Change: As of April 1, 2026, the 'Excessive' VAMP threshold is 1.5%.
- Calculation: (TC40 Fraud Reports + TC15 Disputes) / Total Settled CNP Transactions.
- Grace Period: A three-month grace window is available for first-time offenders with a 12-month clean record.
- Non-Compliance Fines: Fines typically range from $8 to $10 per transaction for each month in violation.
- Remediation Strategy: Mandatory adoption of Compelling Evidence 3.0 (CE 3.0) for dispute reversal.
Quick Answer: Visa’s VAMP (Visa Acquirer Monitoring Program) officially tightened its merchant “Excessive” threshold from 2.2% to 1.5% on April 1, 2026. That means if your combined fraud reports and disputes exceed 1.5% of your total card-not-present transactions in any given month, you’re now in violation — and facing $8 in fines for every offending transaction with no warning tier to catch you first. Here’s everything small business owners and ISVs need to know to stay compliant right now.
Contents
- What Is VAMP and Why Does It Matter to Your Business?
- How Is the VAMP Ratio Calculated?
- What Changed on April 1, 2026?
- VAMP Timeline (2025 Rollout & Enforcement Phases)
- What This Means for Merchants
- VAMP Penalties and Fees (What We Know)
- Why This Matters
- Advisory Period vs. “Grace Period” Explained
- How to Stay Below the 1.5% Threshold Right Now
- What ISVs and Payment Facilitators Need to Know
- Frequently Asked Questions About VAMP
- Further Reading
What Is VAMP and Why Does It Matter to Your Business?
If you’ve been processing card-not-present payments — online orders, phone transactions, recurring billing VAMP is the Visa program that’s now watching every fraud report and dispute attached to your merchant account. Launched in April 2025, VAMP replaced two separate Visa programs, the Visa Fraud Monitoring Program (VFMP) and the Visa Dispute Monitoring Program (VDMP), with a single unified framework that combines both fraud and chargeback data into one ratio. Visa’s official VAMP fact sheet lays out the program structure and enforcement mechanics in full.
What changed on April 1, 2026, is significant: the threshold that defines “Excessive” dropped sharply, and merchants who were sitting comfortably at 1.8% or even 2.0% are now in violation territory overnight — with no yellow-light warning to alert them. For small business owners and ISVs processing ecommerce or recurring transactions, this isn’t a compliance checkbox. It’s a direct threat to your ability to accept Visa payments at all. Understanding payment processing compliance now is far less painful than dealing with fines or account termination later.fraud
How Is the VAMP Ratio Calculated?
This is where a lot of merchants get tripped up, so let’s make it simple. Your VAMP ratio is calculated using this formula:
VAMP Ratio = (TC40 Fraud Reports + TC15 Disputes) ÷ Total Settled CNP Transactions
Here’s what each piece means in plain English:
TC40 — A fraud report filed by the cardholder’s issuing bank. This happens when a cardholder tells their bank that a transaction was fraudulent, even before a formal chargeback is filed
TC15 — Every dispute or chargeback filed against your account, whether it’s fraud-related or not (wrong item, canceled subscription, etc.)
Total Settled CNP Transactions — All your card-not-present transactions that successfully settled in that calendar month
The part that surprises most merchants: one transaction can generate both a TC40 AND a TC15, and both count against your ratio. So if a cardholder claims fraud and also files a chargeback, that single sale counts twice against your VAMP ratio. Visa does apply a deduplication process, but friendly fraud, where a cardholder disputes a legitimate purchase, can still meaningfully inflate your numbers in ways that feel impossible to control without the right systems in place. The good news for smaller merchants: if your combined monthly fraud reports and disputes total fewer than 1,500 events, Visa won’t formally place you in VAMP monitoring, even if your ratio exceeds the threshold. That said, your acquirer, the bank or processor holding your merchant account, may still impose their own internal limits well below the official threshold.
What Changed on April 1, 2026?
The April 2026 update is the most significant enforcement change since VAMP launched. Here’s a clean breakdown of where things stood and where they are now:
VAMP Timeline (2025 Rollout & Enforcement Phases)
| Phase | Date | What Happens |
|---|---|---|
| Program Launch | April 1, 2025 | Visa introduces the Visa Acquirer Monitoring Program (VAMP) and begins advisory period |
| Metrics Effective | June 1, 2025 | Official thresholds and measurement criteria begin applying to acquirers and merchants |
| Advisory Period Ends | September 30, 2025 | Final day of no-penalty monitoring period |
| Enforcement Begins | October 1, 2025 | Financial penalties and compliance actions start |
What This Means for Merchants
Although VAMP launched in April 2025, enforcement didn’t begin immediately. Visa provided a six-month advisory window to help merchants and acquirers adjust before penalties took effect. However, performance metrics began counting as of June 1, meaning activity during this period could still impact future compliance status.
The Enumeration Ratio — the second threshold you need to know:
VAMP also tracks a separate metric, the Enumeration Ratio, which monitors card-testing fraud when bad actors run hundreds or thousands of small test transactions to identify valid card numbers. The formula is: Count of Enumerated Authorization Transactions ÷ Count of Total Authorization Transactions. The threshold is 20% (2,000 basis points). Merchants with fewer than 300,000 enumerated transactions are excluded from this threshold, but if your e-commerce site is being targeted by bot traffic, this number can spike fast and without warning.
The best defense is implementing CAPTCHA on your payment forms, rate-limiting authorization attempts, and working with your payment processor to enable Visa’s Account Attack Intelligence (VAAI) system, which Visa claims reduces false positives from enumeration detection by 85%.
VAMP Penalties and Fees (What We Know)
Visa does not publicly disclose its exact per-transaction penalty structure for VAMP in official documentation. However, based on industry data and acquirer experience, merchants can expect fees to be assessed per dispute or fraud event once thresholds are exceeded.
Most estimates place these fees at approximately $8 per transaction, though some sources suggest a possible range of $8–$10 depending on the acquirer relationship and enforcement conditions.
Because these figures are not formally published by Visa, merchants should treat them as directional estimates rather than fixed pricing. Actual costs may vary depending on your acquiring bank, processing setup, and risk profile.
Why This Matters
Even at the lower end of the estimate, these per-transaction penalties can scale quickly for high-volume merchants—making proactive fraud and dispute management critical under VAMP
Advisory Period vs. “Grace Period” Explained
Visa’s official documentation defines a six-month advisory period from April 1 through September 30, 2025, during which no financial penalties are applied.
While some secondary sources and acquirers reference shorter “grace periods” for first-time threshold breaches, these are not formally detailed in Visa’s public fact sheets. In practice, any additional flexibility is typically managed at the acquirer level rather than as a standardized Visa policy.
For merchants, the key takeaway is that true penalty enforcement begins October 1, 2025, regardless of informal grace period interpretations.
How to Stay Below the 1.5% Threshold Right Now
The good news: most VAMP violations are preventable. The merchants who get caught are usually the ones who weren’t monitoring their ratio proactively. Here’s what you should be doing right now:
1. Calculate your VAMP ratio weekly, not monthly
Don’t wait for your processor’s monthly statement to find out you have a problem. Pull your TC40 and TC15 counts from your reporting dashboard weekly and run the formula yourself. Set your own internal alert threshold at 0.75% .well below the 1.5% limit — so you have time to investigate and course-correct before a bad trend becomes a violation.
2. Implement pre-dispute alert tools
Services like Verifi CDRN (Consumer Dispute Resolution Network) and Ethoca Alerts notify you when a cardholder contacts their bank about a transaction — before it escalates into a formal dispute. Disputes resolved through these systems are excluded from your VAMP ratio calculation. Intercepting even 20–30% of potential disputes through these alerts can meaningfully improve your ratio. The cost per alert ($10–$15) is significantly lower than an $8-per-transaction VAMP fine plus the operational cost of managing a full chargeback.
3. Enable Compelling Evidence 3.0 (CE3.0)
CE3.0 is a Visa rule that allows merchants to fight first-party misuse claims — what the industry calls “friendly fraud” — by providing prior undisputed transaction evidence. Successfully defending a dispute under CE3.0 removes it from your VAMP ratio entirely. If your business has recurring customers, subscriptions, or repeat buyers, this is one of the most powerful tools available to you right now.
4. Harden your checkout against card testing
Bot-driven enumeration attacks can spike your Enumeration Ratio seemingly overnight. Protect your payment forms with CAPTCHA, set authorization rate limits, require CVV on all CNP transactions, and enable 3D Secure (Visa Secure) wherever your checkout flow allows. These aren’t just compliance moves — they protect your real customers from having their card data tested through your site.
5. Diversify your payment mix
One underappreciated VAMP compliance strategy: ACH and debit transactions don’t count toward your VAMP ratio at all. If a meaningful portion of your recurring billing or B2B transactions can move to ACH, you can reduce both your CNP transaction denominator risk and your exposure to card-not-present fraud. Businesses using IntelliPay’s ACH payment processing have already found this to be one of the most cost-effective ways to manage compliance exposure while also reducing interchange costs.
6. Audit your subscription and trial billing flows
Subscription merchants are disproportionately represented in VAMP violations because unclear billing descriptors, complex cancellation processes, and trial-to-paid conversions all generate disputes that appear fraudulent to issuing banks. Make sure your billing descriptor exactly matches your business name, send reminder emails before trial periods end, and make cancellation genuinely easy. Reducing dispute volume here protects both your VAMP ratio and your customer relationships.
What ISVs and Payment Facilitators Need to Know
If you’re an ISV, software platform VAMP compliance isn’t just your merchants’ problem; it’s yours. Visa holds acquirers accountable for the aggregate VAMP ratio across their entire merchant portfolio, meaning that one or two high-dispute merchants on your platform can push your acquirer’s ratio above the “Above Standard” 0.5% threshold, putting pressure on your entire portfolio. The practical implication: your acquiring bank may start enforcing tighter individual merchant-level thresholds on your sub-merchants, or require you to implement fraud monitoring as a condition of your processing agreement.
If you’re building payment functionality into software for clients in industries with historically higher dispute rates — healthcare, subscriptions, digital goods, government billing — make sure your platform includes real-time dispute monitoring and pre-dispute alert integrations from day one. IntelliPay’s payment solutions for ISVs and software platforms are built with these compliance requirements in mind. Talk to our team about how we structure merchant onboarding and ongoing monitoring to protect both you and your clients.
Frequently Asked Questions About VAMP
What is VAMP, and when did it take effect?
VAMP stands for Visa Acquirer Monitoring Program. It replaced Visa’s separate fraud and dispute monitoring programs (VFMP and VDMP) on April 1, 2025. Enforcement penalties began on October 1, 2025, and the merchant “Excessive” threshold tightened from 2.2% to 1.5% on April 1, 2026.
What is the VAMP ratio threshold as of April 2026?
In the U.S., Canada, the EU, and APAC, the merchant’s excessive threshold is now 1.5% (150 basis points). There is no warning tier for merchants — you’re either below 1.5% and compliant, or you’re above it and subject to $8-per-violation fines immediately.
Does VAMP apply to all merchants?
No. For a merchant to be formally placed in VAMP monitoring, they must exceed both the ratio threshold AND have at least 1,500 combined fraud reports and disputes per month. Smaller merchants processing below that volume won’t be formally enrolled, though your acquirer may still apply their own internal thresholds.
How is the VAMP ratio different from a chargeback rate?
A traditional chargeback rate only counts chargebacks. Your VAMP ratio counts both TC40 fraud reports AND TC15 disputes — which means a single transaction can count twice if both a fraud report and a chargeback are filed. This is why merchants often find their VAMP ratio higher than their chargeback rate and don’t understand why.
What is the VAMP Enumeration Ratio?
The Enumeration Ratio tracks card-testing fraud — automated bot attacks that test stolen card numbers during checkout. The threshold is 20% of total authorization attempts. Merchants with fewer than 300,000 enumerated transactions per month are excluded. Enabling CAPTCHA and rate-limiting on your payment forms is the primary defense.
What happens if I exceed the VAMP threshold?
You’re fined $8 for every violating transaction in any month you’re over the threshold. First-time offenders with 12 consecutive clean months prior get a three-month grace period. Repeat violations can lead to acquirer-imposed reserves, processing restrictions, or account termination.
Can I get my VAMP violations removed from my ratio?
Yes — partially. Disputes resolved through Verifi CDRN, Ethoca Alerts, Verifi RDR, or successfully defended using Compelling Evidence 3.0 are excluded from your VAMP ratio calculation. This is why pre-dispute alert tools are worth every dollar.
How does VAMP affect my payment processor relationship?
Your acquirer is held accountable for the aggregate VAMP ratio across all their merchants. Many processors have set internal thresholds at 1.0–1.2% to protect themselves. If your ratio trends upward, expect your processor to contact you proactively — or to impose higher processing reserves.
Does IntelliPay help merchants with VAMP compliance?
Yes. IntelliPay’s payment processing solutions include tools and guidance to help merchants monitor fraud ratios, implement ACH as a dispute-reduction strategy, and structure billing flows that minimize chargeback exposure. Contact our team to talk through your specific situation.
Further Reading
If you found this guide helpful, these IntelliPay resources cover related compliance topics and payment strategies worth bookmarking:
What Every Merchant Needs to Know About VAMP Before April 2026 — Our original VAMP explainer covering the program launch, early thresholds, and what to expect going into enforcement. The best companion piece to this article.
Small Business Guide to Merchant Services — A comprehensive breakdown of how to evaluate payment processing, manage fraud detection tools, and choose the right merchant services setup for your business.
Payment Processing Questions: Complete Answers for Merchants — Covers common merchant questions about chargebacks, declined transactions, billing descriptors, and chargeback prevention in plain language.
Chargebacks: What Agencies Need to Know — A deep dive into how chargebacks work from the government and agency perspective, including what documentation you need to fight them.
White-Label Payments for Banks: Secure Revenue, No PCI Risk — If you’re an ISV or financial institution, this covers how IntelliPay’s architecture keeps cardholder data out of your systems entirely — a key VAMP risk-reduction strategy.
Stop Overpaying for Payment Processing — VAMP compliance and cost optimization go hand in hand. This guide shows how merchants can reduce processing costs by 20% or more while tightening their compliance posture.
Credit Card Habits Shift as Economic Pressures Mount — Understanding why your customers are shifting from credit to debit and ACH is directly relevant to VAMP — fewer CNP credit transactions means lower fraud exposure.
About IntelliPay: IntelliPay helps businesses of all sizes manage payment processing compliance, reduce costs, and accept payments the way their customers want to pay. From service fee programs to ACH processing to fraud monitoring support, we’re built for the way payments work today. Call us at 855-877-6632 or email Sales@intellipay.com.
Disclaimer: This article is intended for informational purposes only and does not constitute legal, financial, or compliance advice. VAMP program rules, thresholds, and enforcement timelines are established by Visa and are subject to change. All figures reflect publicly available information as of April 2026. Merchants should consult directly with their acquiring bank or a qualified compliance professional for guidance specific to their account.
