Merchants around the world are worrying about VAMP (Visa Acquirer Monitoring Program), even if they don’t know much about it. While Visa is still keeping exact details under wraps, you can think of it as their umbrella system for monitoring payment fraud and disputes.
With the latest version released in June 2025, VAMP is more than just Visa’s newest way to monitor merchants. It’s a combination of different programs they’ve used over the years, with all of them now under the umbrella of VAMP.
But if you think their latest fraud-fighting release is meant to protect merchants, you’re wrong; it protects Visa.
Why Visa Created VAMP
If a business gets labeled as high-risk, it means its payments and transactions are risky for processors and payment networks. So, when Visa notices a business is getting too many chargebacks or is regularly exposed to fraud, it’s placed in VAMP.
That’s not exactly increased protection for that business so much as increased scrutiny on its transactions. Financials get monitored, they get stricter terms and penalties, and their reputation takes a hit with Visa.
Not only that, but the longer that business is in the program, the worse it gets. It’s not a death sentence, but it does mean that business is on probation.
Without improvements, they might just fall down Visa’s “escalation ladder.”
The Programs That Make Up VAMP
Visa used to have a bevy of different programs to monitor merchant behavior. Now they’re all rolled into one definitive VAMP program, with some of them being “retired” in the process.
Those were:
- VDMP (Visa Dispute Monitoring Program): Now discontinued. Focused on minimizing disputes to maintain consumer trust.
- VFMP (Visa Fraud Monitoring Program): Now discontinued. Tracked fraudulent transaction rates.
- 3DS Monitoring: Ensured fraud stayed low even with 3D Secure in play.
- DGMFM (Digital Goods Merchant Fraud Monitoring Program): Targeted fraud in digital goods transactions.
VAMP brings all these oversight measures under one roof, with stricter thresholds and wider reach. It makes the process simpler, but it doesn’t make it any easier.
The History of Visa’s Monitoring Programs
VAMP is relatively new, but Visa has been monitoring merchants for decades.
While their latest release is a combination of several programs, they all evolved from Visa’s CISP (Cardholder Information Security Program), released in 1999. Designed to address transaction risk and fraud attempts, CISP was one of many payment security innovations that emerged with the World Wide Web. As CNP and CP transactions evolved, so did the tech and software that monitored them.
The problem? CISP wasn’t the only monitoring program created by a card brand, and merchants got tired of having to comply with all of them at once. So in 2006, Visa joined other card companies to create PCI DSS (Payment Card Industry Data Security Standard).
PCI DSS covers the broad strokes, but Visa still wanted to create specific programs to monitor payment security. That led to the creation of VDMP, VFMP, 3DS Monitoring, and DGMFM – which are all now part of VAMP.
Why Merchants Get Flagged and Placed in VAMP
When fraud or disputes cross key thresholds, Visa will then place a merchant or acquirer into VAMP.
It won’t be because of one bad transaction or a single expensive chargeback; it happens because of repeat behavior that Visa’s system detects. Behavior like:
- Exceeding Visa’s chargeback limits
- Spiking transaction volumes that magnify disputes
- Continuous compliance violations
- Fraudulent activity or excessive refunds
- Enumeration attacks where bots test stolen card data
Once flagged, merchants face what’s called an escalation ladder. The more issues a merchant has, the higher they go on that escalation ladder. That leads to increased fees, strict terms, an impacted reputation, and a revenue stream that now has to pay extra penalties to the biggest name in payment technology.
The Math Behind the VAMP Ratio
Visa doesn’t monitor merchants with vague guessing and estimates. Just like a chargeback ratio, there’s a VAMP ratio, and that ratio determines whether a business gets removed from the program or gets stricter terms and monitoring. The calculation isn’t complex, but it’s not that simple either.
Visa takes the number of transactions that are suspected of fraud, or could include it, and then divides it by the number of settled transactions.
Here’s a breakdown:
- TC40: Transactions Visa flags as potential fraud
- TC15: Includes both fraudulent and non-fraudulent disputes
- Settled Transactions: All processed payments
VAMP Ratio = (TC40 + TC15) ÷ Settled Card Not Present (CNP) Transactions
Even if a merchant’s score is relatively low, it could still trigger Visa’s alerts.
A ratio above 0.50% is “concerning”, while hitting 0.70% or higher is “excessive” and will probably send a business further up the escalation ladder. For merchants, that means even a small number of disputes can push them into that red zone, especially if transaction volumes are high.
How VAMP Changes the Game for Merchants
Being monitored under VAMP isn’t just about penalties. It also shapes how merchants need to operate, and if they don’t, they’ll start to feel the effects.
Some of the effects include:
- Stricter Compliance: Visa expects merchants to take corrective action quickly.
- Increased Fraud Prevention: Businesses often need to add layers of fraud detection, such as enhanced identity verification.
- Faster Dispute Handling: Programs like Rapid Dispute Resolution and Prevention Alerts are encouraged to stop chargebacks before they escalate.
In other words, VAMP forces businesses to tighten their systems whether they want to or not.
It seems strict, and it is, but it can also be a wake-up call to businesses that genuinely want to improve. Securing transactions and avoiding chargebacks doesn’t just take you off Visa’s monitoring; it improves operations.
The Hidden Threat of Enumeration Attacks
Enumeration fraud, sometimes called card testing, is one of the major fraud types that VAMP monitors. Here’s how it works:
- Scammers acquire stolen card numbers.
- They run small test transactions to check which card numbers are valid.
- Successful authorizations mean those card numbers get stored for future, larger purchases.
This affects small businesses, nonprofits, and digital goods platforms the most. Low-value transactions make it easy for scammers to slip under the radar, and that makes it easier to commit enumeration attacks.
If they don’t pay attention or make improvements, enumeration can balloon ratios and land merchants in VAMP.
How Merchants Can Stay Ahead of VAMP Oversight
The good news is that merchants aren’t powerless, but getting out of VAMP is a battle in and of itself. Avoiding or escaping VAMP comes down to proactive fraud and dispute management.
How can a merchant do that? With a few simple and important practices, like:
- Monitor ratios regularly to catch rising chargebacks before Visa does.
- Use fraud detection tools that can spot enumeration attacks early.
- Adopt dispute resolution tools to handle customer complaints fast.
- Train staff on compliance best practices to avoid repeat violations.
Getting ahead of VAMP means staying ahead of scammers, not just hoping and praying that your ratio will improve.
Smarter Risk Management for Modern Merchants
Visa’s VAMP program is a reminder that in payments, the rules are stacked against merchants. Monitoring like VAMP isn’t meant to protect you, your business, or your transactions. It protects companies like Visa.
Even if fraud isn’t the merchant’s fault, it’s going to be the merchant and the business who pay for it. Luqra can change that. Our tech can spot fraud patterns (including enumeration) before they impact your ratios. We don’t just flag issues or spam alerts; we work with our merchants to reduce disputes, fight chargebacks, and protect revenue streams.
Don’t wait for Visa to throw you in VAMP when Luqra can help you build the defenses that keep your transactions secure.
