Contents
Small Business Guide to Visa VAMP (2026 Update)
Quick Answer: Do I need to worry?
If you have fewer than 1,500 combined fraud reports and disputes per month, you will not be officially flagged by Visa’s VAMP program. However, because your payment processor has much stricter limits, they may still freeze your funds or raise your fees if your ratio exceeds 1.0%.
FAQ for Small Businesses
Q. What is the VAMP Ratio?
A. It’s a single score that combines Fraud Reports (TC40) and Disputes (TC15).Formula: (Fraud Reports + Chargebacks) ÷ Total Monthly Visa Sales = VAMP %
Q. What happens on April 1, 2026?
A. Visa is lowering the “Excessive” limit from 2.2% to 1.5%. If you cross this and have over 1,500 incidents, you face an $8 fine per dispute and potential account closure.
Q. Why is my processor being so strict if I’m under the limit?
A. Visa holds processors to a tiny 0.5% limit across all their clients combined. To protect themselves, processors often penalize individual small businesses long before they hit the official Visa 1.5% “Excessive” mark.
Q. What is an “Enumeration” penalty?
A. It’s a penalty for bot attacks. If bots try to test thousands of stolen cards on your checkout page, you can be flagged even if you don’t lose any money.
VAMP Thresholds: The “Safety Zones”
| Status | Threshold (April 2026) | Minimum Count |
| Safe Zone | Under 1.0% | N/A |
| Processor Watchlist | 1.0% – 1.4% | Varies by Processor |
| Visa “Excessive” | 1.5% or higher | 1,500+ events/mo |
Strategic Recommendations for 2026
1. Look Beyond “Chargebacks”
Most small business owners only see chargebacks. But under VAMP, TC40 Fraud Reports (where a bank reports fraud but the customer hasn’t disputed it yet) count just as much.
2. Stop the “Double Count”
If a transaction is reported as fraud (TC40) and then the customer disputes it (TC15), it counts twice against your ratio. If you resolve a dispute before it becomes a formal chargeback, it is removed from the VAMP calculation.
3. Lock Down Your Checkout
To avoid the Enumeration Ratio penalty (which hits if 20% of your traffic is bot-testing), ensure you have:
CAPTCHA on your payment page.
Velocity Checks (limiting how many times one IP can try to pay in a minute).
4. Maintain a 0.9% Target
Even if you aren’t a high-volume merchant, aiming for 0.9% keeps you invisible to your processor’s risk department. This ensures you avoid “rolling reserves” (where they hold a percentage of your daily sales for 30–90 days).
Disclaimer
This guide is for informational purposes for US, Canada, and EU-based merchants. Small business thresholds and “minimum counts” can vary by region (e.g., Latin America and CEMEA have lower minimums). Always check with your specific Merchant Service Provider (MSP) for your exact risk standing.