Visa VAMP explained: key changes for merchants & payment businesses

In 2025, Visa launched the Visa Acquirer Monitoring Program (VAMP) – a unified global framework to tackle fraud, chargebacks, and enumeration attacks.

VAMP reshapes how performance is measured across the payments ecosystem. It directly impacts costs, compliance risk, and even acquirers' ability to maintain banking relationships.

Here’s what changed, why it matters, and how to stay compliant.

What is Visa VAMP?

The program is already driving real change in payments, reshaping expectations for VAMP payment processing across acquirers, merchants, and PSPs. The goal is clear: make acquirers accountable for managing fraud and dispute levels in their portfolios.

How does VAMP work?

A cornerstone of the Visa Acquirer Monitoring Program is its unified risk metric, the VAMP ratio, which combines fraud and dispute counts. This is a shift from prior programs that tracked fraud and chargebacks separately.

The VAMP ratio is calculated as:

Under VAMP, Visa reviews each acquirer's performance monthly. Those that cross certain thresholds are placed into one of two categories:

• Above standard (0.5%): indicates an upward trend in fraud or disputes relative to market norms. Acquirers must promptly investigate underlying causes and implement corrective measures to restore compliance.
• Excessive (0.7%): reflects persistently high fraud or dispute levels. Visa responds with intensive oversight, including direct reviews of high-risk merchants and the imposition of financial penalties and other enforcement actions.

Merchants are not directly enrolled in VAMP, but because their fraud and dispute activity is aggregated into their acquirer’s portfolio, it can push the acquirer over Visa’s thresholds, making the acquirer liable for fines and driving them to pressure, penalise, or even terminate high-risk merchants.

For merchants, being flagged as Excessive means crossing a 1.5% threshold.

Ready to start your success story?

See our platform in action, share your challenges, and find a solution you’ve been looking for.

Get started

Latest changes in Visa VAMP

The news about VAMP began spreading in early 2025, as Visa launched a phased rollout to give acquirers and merchants time to adjust before enforcement. For the first six months, the program operated in an advisory mode. As of October 1, 2025, Visa transitioned VAMP into full enforcement.

Here’s a look at the changes already live and the ones you should prepare for.

From October 1, 2025, Visa began enforcing penalties under VAMP. This marks the first time financial consequences are systematically applied across the network – a significant shift toward active risk governance.

Fines are calculated per incident:

• $5 for each card-not-present fraud or dispute logged by acquirers in the "Above Standard" category
• $10 for each incident involving acquirers flagged as "Excessive" or those with an "Excessive Merchant" in their portfolio

VAMP impact on acquirers, merchants, and processors

Visa’s Acquirer Monitoring Program reshapes responsibility across the payments ecosystem. Each stakeholder group is affected in distinct ways.

For acquirers

Acquirers now bear full responsibility for the fraud and dispute performance of their portfolios. With monthly monitoring based on the VAMP ratio, any breach of thresholds triggers mandatory investigation, remediation, and formal reporting within tight deadlines.

• Operational pressure. Acquirers must improve merchant oversight, enhance fraud controls, and implement proactive remediation protocols.
• Financial exposure. Fines of $5–$10 per incident accumulate rapidly in high-volume environments.
• Strategic risk. Repeated breaches can lead to reputational damage or network restrictions, including limits on onboarding new merchants.

Despite the pressure, consistent low ratios bring clear rewards: stronger issuer trust, reduced losses, and potentially better treatment within the network.

For merchants

Visa places liability on acquirers, but the effects cascade to merchants. Acquirers may introduce stricter requirements, increase costs, or exit high-risk relationships.

• Stricter oversight. Merchants in verticals like iGaming, forex, travel, and subscriptions face heightened compliance demands.
• Rising expectations. Acquirers increasingly require adoption of advanced tools like 3D Secure, AVS, machine learning risk engines, and dispute resolution platforms.
• Indirect consequences. Merchants with ratios above Visa’s 1.5% threshold often face higher reserves, tighter processing limits, or terminated contracts. Merchants with low chargeback rates, however, may benefit from better approval rates and looser reserve terms.

For processors and PSPs

Sitting between acquirers and merchants, processors and payment facilitators must take ownership of overall performance.

• Portfolio risk management. PSPs must actively track fraud and dispute ratios across their sub-merchants, with real-time dashboards and alerts before the 0.5% and 0.7% thresholds are crossed.
• Technical defences. they are expected to deploy anti-enumeration tools (e.g., bot detection, velocity checks) on behalf of merchants.
• Compliance support. many processors now provide remediation playbooks, APIs for fraud/dispute data, and training resources to help merchants stay within thresholds.

The impact of VAMP on payment processors is clear: tighter portfolio oversight, faster remediation cycles, and stronger prevention against VAMP enumeration attacks.

Key challenges and compliance requirements

• Unified metric, lower tolerance. VAMP’s single ratio blends fraud and dispute incidents, so issues that once lived in separate silos now compound. Portfolios near 0.5%/0.7% must tighten controls before enforcement escalates.
• Minimum volumes apply. Once you hit the monthly incident baseline, you’re fully in scope – averages won’t hide outliers. Segment by merchant, product, and corridor to catch spikes early.
• Excessive merchant exposure. VAMP in payments means shared accountability. One merchant over threshold can trigger fines across an otherwise compliant portfolio, amplifying risk for PSPs and aggregators.
• Enumeration at scale. Large-volume VAMP enumeration attacks (automated card testing) can breach criteria even without classic fraud. Deploy bot defenses, velocity limits, and issuer-level signals to suppress noise before it becomes incidents.
• Time-bound remediation. Visa expects swift action plans and measurable improvement; prolonged breaches invite higher scrutiny and fees – now a material cost driver for VAMP payment processing.

How to prevent being flagged?

Staying ahead of VAMP requires building proactive, data-driven defences. Here are five essential steps every acquirer, PSP, and merchant should take to avoid being flagged.

Track the VAMP ratio daily, not monthly

Build live dashboards at both the portfolio and merchant levels with alerts at 0.4%, 0.5%, and 0.7%. Real-time monitoring lets you investigate anomalies quickly, not after the billing cycle. This is especially critical as Visa VAMP changes lower tolerance for delays and inaction — a core element of VAMP compliance.

Cut card-not-present fraud with layered controls

Use device/risk scoring, velocity rules, BIN screening, and step-up authentication flows. Strong Customer Authentication (SCA) with 3D Secure helps reduce liability and exposure. Pair this with a payment fraud prevention strategy tailored to your business model to strengthen your VAMP compliance posture.

Stop enumeration before it pollutes your metrics

Visa is watching VAMP enumeration attacks closely. Add velocity limits, CAPTCHA/JS challenges, and bot detection to keep automated card testing out of your fraud totals. Preventing this activity can make the difference between compliance and “Excessive” status.

Resolve disputes early so they don’t count

Clear descriptors, transparent refund flows, and automated evidence handling help resolve disputes before they escalate. Early resolution reduces your VAMP ratio and shields you from fines. This is one of the most effective levers for maintaining VAMP compliance over time.

Govern merchant outliers like a product line

Segment merchants by risk profile, apply stricter thresholds to high-risk verticals, and set clear corrective Service Level Agreements (SLAs). A single outlier can still push an acquirer into violation, which is even more dangerous under Visa VAMP.

How Corefy can help

With VAMP enforcement now live, proactive monitoring and rapid response are the only safe strategy. Corefy's chargeback management service is designed with this in mind, helping businesses keep ratios under control and avoid costly penalties.

The difference between breaching VAMP and staying compliant often comes down to early dispute interception. That’s exactly where Corefy gives you leverage.

Alexandra Potapska

Head of Client Service at Corefy

The system facilitates immediate communication between merchants and card issuers, providing clear transaction details that reduce the chances of disputes escalating. Disputes intercepted and resolved at this stage don't count toward the VAMP ratio, which makes proactive management one of the most effective compliance levers.

The result is not just reduced financial exposure, but a stronger compliance posture that supports healthier banking relationships and higher approval rates.