Scheme monitoring programs
Last updated: August 27, 2025
Card schemes monitor your reported fraud activity month by month and compare it against your sales. If your fraud activity exceeds a scheme's thresholds, it may place you in their monitoring program.
When you're in a program, the scheme can charge you monthly fines until you reduce your fraud activity to comply with the thresholds. If you fail to do so within the scheme's specified timeline, the scheme can refuse to continue processing your payments.
Checkout.com notifies you if you're placed in a program or at risk of being placed in a program, and works with you to reduce your fraud activity.
Information
To learn how to reduce fraud-related disputes, see Preventing fraudulent disputes.
Information
The Visa Acquirer Monitoring Program (VAMP) came into effect in April 2025. It consolidates and replaces the Visa Fraud Monitoring Program (VFMP) and Visa Disputes Monitoring Program (VDMP).
The Visa Acquirer Monitoring Program assesses merchants and acquirers based on their performance in two areas:
- Transaction disputes
- Fraud prevention
Visa uses ratio metrics to assess and monitor performance on a monthly basis. It expresses ratios as basis points (bps) to define thresholds. Merchants and acquirers who exceed the thresholds may be fined.
The VAMP ratio measures fraud and dispute activity and uses the data to represent the rate of processed payments that result in the following transaction codes:
| Transaction code | Includes | Excludes |
|---|---|---|
| Fraudulent and non-fraud chargebacks with dispute code condition codes 10, 11, 12, 13 | Disputes resolved within the same month through:
|
| Issuer-reported fraud, excluding confirmed Visa Compelling Evidence 3.0 transactions | Disputes resolved within the same month through:
|
Visa calculates the VAMP ratio when merchants process a minimum of 1,500 combined TC15 non-fraud and TC40 fraud reports per month, using the following formula:
(TC15 total + TC40 total, minus exceptions) / Total settled transactions
The enumeration ratio measures card-testing attacks and represents the rate of authorized payments that are identified as enumerated transactions.
Card-testing attacks occur when fraudsters use automated systems to test numerous card-not-present (CNP) payments to try to validate stolen card information or discover new valid card details.
Visa calculates the enumeration ratio when merchants process a minimum of 300,000 payments that are identified as enumerated transactions per month, using the following formula:
Enumerated authorized transactions / Total authorized transactions
Visa assesses the VAMP ratio and enumeration ratio against the following thresholds for both Checkout.com and your merchant account.
Note
The VAMP applies stricter thresholds than VFMP and VDMP for 2026 and later.
| Date of effect | Excessive VAMP ratio | Excessive enumeration ratio |
|---|---|---|
1 June 2025 | Equal or above 150 bps – Latin America and the Caribbean (LAC) Equal or above 220 bps for:
| Equal to or above 2000 bps – Global |
1 April 2026 | Equal or above 150 bps for:
Equal or above 220 bps – Central Europe, the Middle East, and Africa |
Exceeding these thresholds may result in a fine. If VAMP flags your merchant account, Checkout.com contacts you with relevant details.
The Visa Fraud Monitoring Program – 3D Secure (VFMP-3DS) is only available in the US.
- The VFMP-3DS uses US domestic 3DS (ECI 5 and 6) fraud and sales payments processed in the previous calendar month.
- Only the first 10 fraudulent payments, in a given calendar month, between you and a single account number are included.
- The VFMP-3DS excludes fraud type code 3 (fraud application).
- You are remediated out of the VFMP-3DS program when your fraud activity falls below the Standard thresholds for three consecutive months.
VFMP-3DS has the following two timelines:
This timeline applies if you meet or exceed both Standard fraud amount thresholds.
| US domestic 3DS reported fraud | US domestic 3DS fraud-to-sales amount ratio |
|---|---|
75,000 USD | 0.9% |
The VFMP-3DS Standard timeline does not have a Workout period, only Enforcement. You may be subject to Dispute Condition 10.5 from the first month in the program, and any subsequent months, until you are remediated out of the program.
Enforcement:
- No fines
- 10.5 Dispute Liability
- Eligible for disqualification
Information
10.5 Dispute Liability means an issuer may initiate a dispute, under Dispute Condition 10.5, within 120 calendar days from the date of the report. You may continue to be subject to Dispute Condition 10.5 for trailing fraud activity that occurs up to 90 calendar days after you stop processing.
Within 30 days of Visa notifying you that you're placed in the VFMP-3DS program, you must reclassify all Visa 3DS transactions (ECI 5: Authentication Successful and ECI 6: Authentication Attempted) to ECI 7 (Non-Authenticated Security Transaction).
Mastercard's Acquirer Chargeback Monitoring Program (ACMP) consists of two programs: the Excessive Chargeback Program (ECP) and the Excessive Fraud Merchant (EFM) program.
The ECP program has two levels: Excessive Chargeback Merchant (ECM) and High Excessive Chargeback Merchant (HECM).
The EFM program identifies and monitors merchants with excessive fraud activity. The goal is to reduce fraud on ecommerce transactions and create a more secure payment system.
Information
The ACMP does not apply in the following locations: Ascension and Tristan Da Cunha, Germany, India, Liechtenstein, St. Helena, or Switzerland.
You are placed in the EFM program if, in the previous calendar month, you met all the following conditions:
- You processed 1,000 or more Mastercard sales payments.
- You were subject to at least 50,000 USD or EUR or more in Mastercard fraud-related chargebacks with reason code
4837 (No Cardholder Authorization). - Your fraud chargebacks-to-sales ratio is 0.5% or more.
- Your percentage of monthly clearing volume processed using 3DS (including Data Only transactions) or DSRP (Digital Secure Remote Payment) is less than 10% in non-regulated countries, or less than 50% in regulated countries.
Mastercard calculates EFM thresholds as follows:
- 3DS transactions identified in clearing in private data sub-element (PDS)
0052 (Security Level Indicators)with a value of 211, 212, 214, 216, or 217. - DSRP transactions identified in clearing in PDS 0052 with a value of
242 (Issuer Fully Authenticated)or246 (Merchant Risk Based Decisioning). - Data Only refers to non-3DS payments where Mastercard performs risk scoring and inserts Digital Transaction Insights to the authorization request message.
Information
Non-regulated countries do not have a legal or regulatory requirement for strong cardholder authentication. Regulated countries do have such a requirement.
Mastercard removes you from the program if your dispute activity complies with the EFM thresholds for three consecutive months.
If you have received an extension and successfully comply with the program for three consecutive months before the extension period ends, assessments do not apply. However, you must achieve compliance by the end of the extension period. Otherwise, you are retroactively charged for any assessments you would have accrued during the extension. You are also retroactively charged for any assessments you would have accrued during the extension if:
- You exit before the end of the extension period. For example, if you process zero sales in a calendar month.
- You do not successfully exit the program by complying with the program thresholds for three consecutive months.
If you're placed in both EFM and ECM in the same month, you are only subject to the applicable EFM assessments. If you're identified in either the ECM or EFM for 12 months, the highest of the program assessments (whether ECM or EFM) applies.
If you are unable to comply with the programs, you can contact Checkout.com to request an extension from Mastercard.
You can request an extension if you can quickly address the causes of being placed in the programs. The extension allows time for your remaining chargebacks to be processed, and for you to return to compliance with program thresholds.
Mastercard grants extensions on a case-by-case basis. It may request additional information, such as an action plan, to assess an extension request.
Once you're placed in EFM, you are charged monthly violation assessment fines from the second month of non-compliance. These fines are on top of any existing fees charged for fraudulent payments and fraud-related disputes.
| Number of months exceeding EFM thresholds | Violation assessment fines |
|---|---|
1 | 0 USD or EUR |
2 | 500 USD or EUR |
3 | 1,000 USD or EUR |
4–6 | 5,000 USD or EUR |
7–11 | 25,000 USD or EUR |
12–18 | 50,000 USD or EUR |
19+ | 100,000 USD or EUR |
The Cartes Bancaires fraud monitoring program is intended to encourage you to reduce excessive fraud activity to acceptable levels.
You are automatically placed in the program if you exceed both of the following thresholds for four consecutive months:
- 0.50% of fraud-to-sales ratio
- Total amount of fraudulent payments that equals or exceeds 20,000 EUR
When placed in the program, Cartes Bancaires monitors you for six consecutive months. You must develop a remediation plan to comply with the thresholds, including a target date. Submit the plan to Cartes Bancaires within two calendar months of being placed in the program. Cartes Bancaires must validate the plan after submission.
| Fine criteria | Fine calculation | Maximum fine | Assessment timeline |
|---|---|---|---|
Failure to submit a remediation plan within two calendar months | 50 x fraud amount ratio x fraud amount | 50,000 EUR | From the month you implemented the remediation plan for a period of three months of processing activity |
Remediation plan fails to achieve compliance | 50 x fraud amount ratio x fraud amount x multiplier The multiplier coefficient is set after further consultation between Cartes Bancaires and Checkout.com. | 50,000 EUR | From the month after the remediation plan's target end date |
You exit the program if you meet any of the following criteria:
- You achieve compliance in line with your remediation plan.
- Your fraud-to-sales ratio remains below 0.50% for six consecutive months.
The Cartes Bancaires Dispute Monitoring Program is intended to encourage merchants with an abnormally high dispute rate to restore these to acceptable levels.
You will automatically be entered into the disputes program if you exceed both of the following thresholds for four consecutive months:
- 2% dispute-to-sales count ratio
- 200 disputes count
When you've been entered into the disputes program, Cartes Bancaires will monitor you for six consecutive months.
Information
Cartes Bancaires monitors disputes at the transaction date, not the dispute issue date.
If you're entered into the program, you must develop a remediation plan to bring your dispute rate to acceptable levels. The plan must:
- Set out a target date for remediation.
- Be submitted to Cartes Bancaires within two calendar months of being placed on the program.
- Be validated by Cartes Bancaires after submission.
If you fail to reduce your dispute rates below the specified thresholds, you will incur a 50 EUR fine for each dispute raised during the months that the thresholds were breached.
35 EUR from each fine will be paid to the issuer.
Cartes Bancaires will remove you from the dispute program if you fall below either of the following threshold for six consecutive months:
- Perform below 1% dispute-to-sales count ratio.
- The disputes count is below 100.