Fraud monitoring programs

Last updated: March 26, 2025

Card schemes (like Visa and Mastercard) monitor your reported fraud activity month by month, comparing it to your sales. If the instances of fraud exceed the levels deemed acceptable by the scheme, you may be placed in their monitoring program.

Once you're on a program, the scheme can charge you monthly fines until you reduce the fraud activity back down to acceptable levels.

We will let you know if you're at risk of being placed, or have been placed, on a program, and work with you to reduce fraudulent transactions.

Information

To learn how to defend against fraud-related dispute cases, read our guide on preventing fraudulent disputes.

If you fail to comply within a specified time period (this depends on the scheme), the scheme can refuse to continue processing your payments. This is rare, but it's best to take immediate action if you're enrolled on a program.

Learn about Visa's and Mastercard's fraud monitoring programs.

Information

The Visa Acquirer Monitoring Program (VAMP) consolidates and replaces the Visa Fraud Monitoring Program (VFMP) and Visa Disputes Monitoring Program (VDMP).

The Visa Acquirer Monitoring Program assesses merchants and acquirers based on their performance in two areas:

Transaction disputes
Fraud prevention

Visa uses ratio metrics to evaluate and monitor performance on a monthly basis.

Visa expresses ratios as basis points (bps) to define thresholds. If the merchant or acquirer exceeds the thresholds, they may incur a fine.

The VAMP ratio measures fraud and dispute activity and uses the data to represent the rate of processed transactions that result in the following transaction codes:

TC15 – Non-fraud disputes received, under Dispute Condition Codes 11, 12 and 13
TC40 – Issuer-reported fraud, excluding confirmed Visa Compelling Evidence 3.0 transactions

The ratio is calculated using the following formula:

(TC15 total + TC40 total, minus exceptions) / Total processed transactions

Visa calculates the VAMP ratio for merchants that process a minimum of 1000 combined TC15 non-fraud and TC40 fraud reports each month.

The enumeration ratio measures card testing attacks and represents the rate of authorized transactions that are identified as enumerated transactions.

These transactions typically result from card testing attacks, where fraudsters use automated systems to test numerous card-not-present (CNP) transactions in an attempt to validate stolen card information or discover new valid card details.

Visa calculates the enumeration ratio using the following formula:

Enumerated authorized transactions / Total authorized transactions

Visa calculates this ratio when merchants process a minimum of 300,000 transactions that are identified as enumerated transactions each month.

Through VAMP, Visa assesses the ratios against the following thresholds for both Checkout.com and your merchant account.

The Visa Acquirer Monitoring Program becomes effective on April 2025, with stricter thresholds for 2026 and later:

Effective date	Excessive VAMP ratio	Excessive enumeration ratio
1 April 2025	Equal or above 90bps for: Latin America and the Caribbean (LAC) Equal to or above 150bps for: North America (NA) Europe (EU) Asia Pacific (AP) Central Europe, the Middle East, and Africa (CEMEA)	Global: Equal to or above 2000 bps
1 January 2026	Equal to or above 90bps for: North America (NA) Europe (EU) Asia Pacific (AP) Latin America and the Caribbean (LAC) Equal or above 150bps for: Central Europe, the Middle East, and Africa (CEMEA)

Effective date

Excessive VAMP ratio

Excessive enumeration ratio

1 April 2025

Equal or above 90bps for:

Latin America and the Caribbean (LAC)

Equal to or above 150bps for:

North America (NA)
Europe (EU)
Asia Pacific (AP)
Central Europe, the Middle East, and Africa (CEMEA)

Global:

Equal to or above 2000 bps

1 January 2026

Equal to or above 90bps for:

North America (NA)
Europe (EU)
Asia Pacific (AP)
Latin America and the Caribbean (LAC)

Equal or above 150bps for:

Central Europe, the Middle East, and Africa (CEMEA)

Effective date	Above standard VAMP ratio	Excessive VAMP ratio
1 April 2025	N/A	Equal to or above 50bps
1 January 2026	Equal to or above 30bps and below 50bps	Equal to or above 50bps

Exceeding these thresholds may incur a fine. Checkout.com will contact you with relevant details if your merchant account is flagged by VAMP.

Information

Effective April 2025, the Visa Acquirer Monitoring Program (VAMP) consolidates and replaces the Visa Fraud Monitoring Program (VFMP) and Visa Disputes Monitoring Program (VDMP).

The Visa Fraud Monitoring Program (VFMP) is a merchant-level, fraud monitoring program used to:

Identify merchants with excessive fraud activity.
Implement corrective plans to protect the integrity of the payment system.

If you exceed both the VFMP and Visa Dispute Monitoring Program (VDMP) program thresholds in the same month, you will enter each program as separate identifications. Each case will continue in their respective program until they are remediated. However, if you are subject to assessments in both programs, the VDMP assessment will take precedence. Visa could still release 10.5 Dispute rights for the VFMP case.

To exit the VFMP, you need to perform below the Standard program thresholds for three consecutive months, no matter what timeline you're in. If you perform below the Standard program thresholds for less than the required three consecutive months:

The program status continues from the previous identification.
The required three consecutive months restart the next month you're below Standard program thresholds.

Visa may suspend or waive non-compliance assessments (fines), in whole or in part, to accommodate unique or extenuating circumstances. Through submission of a remediation plan, the acquirer can make requests for temporary suspension, or waiver of non-compliance assessments, on your behalf. This remediation plan should:

State the root causes of the identification.
Demonstrate actions taken to restore compliance.
Outline milestones acceptable to Visa and dates for all corrective actions.

Suspension of non-compliance assessments and program fees are:

At Visa's sole discretion
For a set period of time

If granted, the non-compliance assessment and program fees will continue to accrue during the suspension period. If you're unable to perform below program thresholds during the suspension period and are identified afterwards, the accrued non-compliance assessment may be levied.

This section covers all regions. See the VFMP-3DS section for information specific to VFMP-3DS (US only).

VFMP has four program timelines.

Applies if you are a non-High Risk Merchant Category Code (MCC) and meet or exceed both Standard fraud amount thresholds.

Reported fraud	Fraud-to-sales amount ratio
$75,000	0.90%

Month 1	Months 2-4	Months 5-6	Months 7-9	Months 10-11	Months 12+
Notification: No fines	Workout: No fines	Enforcement: $25,000 and 10.5 Dispute Liability	Enforcement: $50,000 and 10.5 Dispute Liability	Enforcement: $75,000 and 10.5 Dispute Liability	Enforcement: $75,000 and 10.5 Dispute Liability Eligible to be disqualified

Month 1

Months 2-4

Months 5-6

Months 7-9

Months 10-11

Months 12+

Notification:
No fines

Workout:
No fines

Enforcement:
$25,000 and 10.5 Dispute Liability

Enforcement:
$50,000 and 10.5 Dispute Liability

Enforcement:
$75,000 and 10.5 Dispute Liability

Enforcement:

$75,000 and 10.5 Dispute Liability
Eligible to be disqualified

Applies if you meet or exceed both the Excessive fraud amount thresholds.

Note

If in the Excessive timeline, you will remain in the timeline until you fully remediate out of the program. You will not be moved to the Standard timeline even if your performance drops below the monthly Excessive program thresholds.

Reported fraud	Fraud-to-sales amount ratio
$250,000	1.80%

Months 1-3	Months 4-6	Months 7-9	Months 10-11	Months 12+
Enforcement: $10,000 and 10.5 Dispute Liability	Enforcement: $25,000 and 10.5 Dispute Liability	Enforcement: $50,000 and 10.5 Dispute Liability	Enforcement: $75,000 and 10.5 Dispute Liability	Enforcement: $75,000 and 10.5 Dispute Liability Eligible to be disqualified

Months 1-3

Months 4-6

Months 7-9

Months 10-11

Months 12+

Enforcement:
$10,000 and 10.5 Dispute Liability

Enforcement:
$25,000 and 10.5 Dispute Liability

Enforcement:
$50,000 and 10.5 Dispute Liability

Enforcement:
$75,000 and 10.5 Dispute Liability

Enforcement:

$75,000 and 10.5 Dispute Liability
Eligible to be disqualified

Applies if you are:

categorized by a High Risk MCC as defined in the Visa Rules
moved from the Standard timeline to the High Risk timeline, based on Visa's determination that you harm the goodwill of the Visa Payment System

For all Card-Absent transactions using the following MCCs:

5962 (Direct Marketing — Travel-Related Arrangement Services)
5966 (Direct Marketing — Outbound Telemarketing Merchants)
5967 (Direct Marketing — Inbound Telemarketing Merchants)
7273 (Dating and Escort Services)
7995 (Betting, including Lottery Tickets, Casino Gaming Chips, Off-Track Betting, and Wagers at Race Tracks)
5122 (Drugs, Drug Proprietaries, Druggist Sundries)
5912 (Drug Stores, Pharmacies)
5993 (Cigar Stores and Stands)

For certain Card-Absent transactions using the following MCCs:

4816 (Computer Network/Information Services) — Sale of access to cyberlockers or remote digital file-sharing services
5816 (Digital Goods — Games) — Skilled game wagering such as daily fantasy sports
6051 (Non-Financial Institutions) — Sale of cryptocurrencies, funding of crypto wallets, or initial coin offerings

Information

In the AP Region, Canada Region, CEMEA Region, Europe Region, and LAC Region - 5122, 5912, and 5993 only apply if you conduct transactions other than domestic transactions.

Months 1-3	Months 4-6	Months 7-9	Months 10-11	Months 12+
Enforcement: $10,000 and 10.5 Dispute Liability	Enforcement: $25,000 and 10.5 Dispute Liability	Enforcement: $50,000 and 10.5 Dispute Liability	Enforcement: $75,000 and 10.5 Dispute Liability	Enforcement: $75,000 and 10.5 Dispute Liability Eligible to be disqualified

Months 1-3

Months 4-6

Months 7-9

Months 10-11

Months 12+

Enforcement:
$10,000 and 10.5 Dispute Liability

Enforcement:
$25,000 and 10.5 Dispute Liability

Enforcement:
$50,000 and 10.5 Dispute Liability

Enforcement:
$75,000 and 10.5 Dispute Liability

Enforcement:

$75,000 and 10.5 Dispute Liability
Eligible to be disqualified

Applies if you have not breached the VFMP Standard thresholds, but have exceeded both of the Early Warning thresholds.

Information

Early Warning notifications provide you with an opportunity to reduce fraud levels before identification in the VFMP. They do not count towards the program timeline or have any non-compliance assessments.

Reported fraud	Fraud-to-sales ratio
$50,000	0.65%

There are no fines or additional fees for receiving an early warning.

Information

Where enforcement includes 10.5 Dispute Liability, this means an issuer may initiate a dispute, under Dispute Condition 10.5, within 120 calendar days from the date of the report. You may continue to be subject to Dispute Condition 10.5 for trailing fraud activity that occurs up to 90 calendar days after you have stopped processing.

The VFMP uses fraud and sales transactions processed in the previous calendar month. The formula used for the Fraud-to-sales-amount ratio calculation is:
Fraud-to-sales-amount ratio = Total amount of fraud reported during the month / Total amount of sales during the month

Total amount of Visa transactions reported as fraud in May 2022	$85,000
Total amount of Visa sales in May 2022	$2,500,000
Fraud-to-sales amount ratio for May 2022	3.40%
Result	( 85000 / 2500000 ) 10000 = 3.40%* Breaching the standard thresholds of the VFMP

Program monitoring includes domestic transactions and international transactions for the following acquirer regions:

AP (Australia)
Canada
Europe (France, Germany, United Kingdom)
LAC (Brazil)
US

For all remaining regions, VFMP monitoring only includes international transactions:

For the VDMP, only the first ten disputes, in a given calendar month, between you and a single account number are counted.
VFMP excludes fraud type code 3 (fraud application).

Information

Domestic transaction: A transaction where the issuer of the card used is located in the transaction Country (the country where you are).
International transaction: A transaction where the issuer of the card used is not located in the transaction Country (the country where you are).

This section covers VFMP-3DS, only available in the US.

The VFMP-3DS program has two timelines.

Applies if you meet or exceed both Standard fraud amount thresholds.

US domestic 3DS reported fraud	US domestic 3DS fraud-to-sales amount ratio
$75,000	0.9%

The VFMP-3DS Standard timeline does not have a Workout period, only Enforcement. You may be subject to Dispute Condition 10.5 from the first month in the program, and any subsequent months, until you are remediated out of the program.

	Months 1-12+
US Region	Enforcement: No fines 10.5 Dispute Liability Eligible to be disqualified

Months 1-12+

US Region

Enforcement:

No fines
10.5 Dispute Liability
Eligible to be disqualified

Information

10.5 Dispute Liability means an issuer may initiate a dispute, under Dispute Condition 10.5, within 120 calendar days from the date of the report. You may continue to be subject to Dispute Condition 10.5 for trailing fraud activity that occurs up to 90 calendar days after you have stopped processing.

Within 30 days of notification from Visa that you are identified in the VFMP-3DS program, you are required to reclassify all Visa 3DS transactions (ECI 5: Authentication Successful and ECI 6: Authentication Attempted) to ECI 7 (Non-Authenticated Security Transaction).

Applies if you have not breached the VFMP-3DS Standard thresholds, but have exceeded both of the Early Warning thresholds.

Information

Early Warning notifications provide you with an opportunity to reduce fraud levels before identification in the VFMP-3DS program. They do not count towards the program timeline.

US domestic 3DS reported fraud	US domestic 3DS fraud-to-sales amount ratio
$50,000	0.65%

There are no fines or additional fees for receiving an early warning.

The VFMP-3DS program uses US domestic 3DS (ECI 5 and 6) fraud and sales transactions processed in the previous calendar month.
Only the first ten fraudulent transactions, in a given calendar month, between you and a single account number are included.
VFMP-3DS program excludes fraud type code 3 (fraud application).
You will be remediated out of the VFMP-3DS program when it appears below the Standard program thresholds for three consecutive months.

Mastercard's Acquirer Chargeback Monitoring Program (ACMP) consists of two programs, the Excessive Chargeback Program (ECP) and the Excessive Fraud Merchant (EFM) program.

The ECP program has two levels, Excessive Chargeback Merchant (ECM) and High Excessive Chargeback Merchant (HECM).

The EFM program monitors and identifies merchants with excessive fraud activity. The goal is to reduce fraud on ecommerce transactions and to create a more secure ecosystem.

Information

This program does not apply if you are in St. Helena, Ascension and Tristan Da Cunha, Germany, India, Liechtenstein, or Switzerland.

You will be placed in the EFM program if, in the previous calendar month, you met all the following conditions:

You processed 1,000 or more Mastercard sales transactions in the previous month.
You were subject to at least 50,000 USD or EUR or more in Mastercard fraud-related chargebacks with reason codes 4837 (No Cardholder Authorization).
Your fraud chargebacks-to-sales ratio is 0.5% or more.
Your percentage of monthly clearing volume processed using 3DS (including Data Only transactions) or DSRP (Digital Secure Remote Payment) is less than 10% in non-regulated countries, or less than 50% in regulated countries.

3DS transactions identified in clearing in private data sub-element (PDS) 0052 (Security Level Indicators) with a value of 211, 212, 214, 216, or 217.
Digital Secure Remote Payment transactions identified in clearing in PDS 0052 with a value of 242 (Issuer Fully Authenticated) or 246 (Merchant Risk Based Decisioning).
Data Only refers to non-3DS transactions in which Mastercard performs risk scoring and inserts Digital Transaction Insights to the authorization request message.
The term 'non-regulated' refers to those countries without a legal or regulatory requirement for strong cardholder authentication. The term 'regulated' refers to those countries with a legal or regulatory requirement for strong cardholder authentication.

Mastercard will remove you from the program if your dispute activity falls below the EFM thresholds for three consecutive months. Where an extension is in place, if you successfully comply with the program for three consecutive months before the extension period ends, assessments will not apply. However, if you receive approval for an extension request, compliance must be achieved by the end of the extension period. Otherwise, you will be retroactively billed for any assessments you would have accrued while the extension was in place. You will also be retroactively billed for any assessments you would have accrued while the extension was in place if:

You leave before the end of the extension period, for example, if you process zero sales in a calendar month.
You do not successfully exit the program by having three consecutive months below the program thresholds.

If you are identified as non-compliant for both EFM and ECM in the same month will only be subject to the applicable EFM assessments. If you have been identified in either the ECM or EFM for 12 months, the highest of the program assessments (whether ECM or EFM) will apply.

If you are unable to comply with the programs, you may contact Checkout.com to request an extension from Mastercard.

Usually, extensions should be requested if you can quickly address the causes of identification in the Acquirer Chargeback Monitoring Program. An extension will allow time for the remaining chargebacks to be processed, and for you to return to compliance with program thresholds.

Extensions are reviewed and granted on a case-by-case basis. Mastercard may request additional information, such as an action plan, to evaluate an extension request.

Once you're placed in the EFM program, you will be charged monthly violation assessment fines from the second month of non-compliance. These fines are on top of any existing fees applied for fraudulent transactions and fraud-related disputes.

Number of months above EFM thresholds	Violation assessment fines
1	0 USD or EUR
2	500 USD or EUR
3	1,000 USD or EUR
4–6	5,000 USD or EUR
7–11	25,000 USD or EUR
12–18	50,000 USD or EUR
19+	100,000 USD or EUR

The Cartes Bancaires fraud monitoring program is intended to encourage merchants to restore their abnormally high fraud rates to acceptable levels.

You will automatically be entered into the fraud program if you exceed both of the following thresholds for four consecutive months:

0.50% of fraud-to-sales ratio
Your total amount of fraud transactions is equal to or exceeds 20,000 EUR.

When you've been entered into the fraud program, Cartes Bancaires will monitor you for six consecutive months.

If you're entered into the program, you must develop a remediation plan to bring your fraud rate to acceptable levels:

The plan must set a target date for remediation.
Submit it to Cartes Bancaires within two calendar months of being placed on the program.
Cartes Bancaires must validate the plan after submission.

Fine criteria	Fine calculation	Maximum fine	Assessment timeline
Failure to submit an action plan within two calendar months.	50 x Fraud Amount Ratio x Fraud Amount	50,000 EUR	As from the implementation month of the action plan for a period of three months of processing activity.
Action plan fails to mitigate fraud.	50 x Fraud Amount Ratio x Fraud Amount x Multiplier The multiplier coefficient is set after further discussion between Cartes Bancaires and Checkout.com.	50,000 EUR	As from the month following the target end date of the action plan.

Fine criteria

Fine calculation

Maximum fine

Assessment timeline

Failure to submit an action plan within two calendar months.

50 x Fraud Amount Ratio x Fraud Amount

50,000 EUR

As from the implementation month of the action plan for a period of three months of processing activity.

Action plan fails to mitigate fraud.

50 x Fraud Amount Ratio x Fraud Amount x Multiplier

The multiplier coefficient is set after further discussion between Cartes Bancaires and Checkout.com.

50,000 EUR

As from the month following the target end date of the action plan.

You will exit the fraud program if you meet any of the following criteria:

You achieve the measures included in your action plan.
Your fraud-to-sales ratio is below 0.50% for six consecutive months.

Information

Visa's Acquirer Monitoring Program

Information

VAMP ratio

VAMP enumeration ratio

Thresholds

Visa's Fraud Monitoring Program

Information

Breaching both the VFMP and VDMP in the same month

Program Exit Criteria

Suspension of non-compliance assessments

VFMP

Thresholds, timelines, and fines

Thresholds

Timeline, fines, and fees - above the VFMP Standard thresholds

Information

Example: Visa violation month May 2022 (Computations made in June 2022)

Additional information for the VFMP program

Information

VFMP-3DS

Thresholds, timelines, and fines

Thresholds

Timeline, fines, and fees - above the VFMP-3DS Standard thresholds

Information

Additional information for the VFMP-3DS program

Mastercard's Acquirer Chargeback Monitoring Program

Information

Thresholds

Notes for calculating EFM thresholds

How to exit the EFM

Non-compliance for both EFM and ECM in the same month

Extension requests

Timeline and fines

Cartes Bancaires Fraud Monitoring Program

Cartes Bancaires fraud program fines

How to exit Cartes Bancaires fraud program