Fraud monitoring programs

Card schemes (like Visa and Mastercard) monitor your reported fraud activity month by month, comparing it to your sales. If the instances of fraud exceed the levels deemed acceptable by the scheme, you may be placed in their monitoring program.

Once you’re on a program, the scheme can charge you monthly fines until you reduce the fraud activity back down to acceptable levels.

We will let you know if you’re at risk of being placed, or have been placed, on a program, and work with you to reduce fraudulent transactions.

If you fail to comply within a specified time period (this depends on the scheme), the scheme can refuse to continue processing your payments. This is rare, but it's best to take immediate action if you're enrolled on a program.

Learn about Visa’s and Mastercard’s fraud monitoring programs.

The Visa Fraud Monitoring Program (VFMP) is a merchant-level, fraud monitoring program used to:

• identify merchants with excessive fraud activity
• implement corrective plans to protect the integrity of the payment system

If you exceed both the VFMP and Visa Dispute Monitoring Program (VDMP) program thresholds in the same month, you will enter each program as separate identifications. Each case will continue in their respective program until they are remediated. However, if you are subject to assessments in both programs, the VDMP assessment will take precedence. Visa could still release 10.5 Dispute rights for the VFMP case.

To exit the VFMP, you need to perform below the Standard program thresholds for three consecutive months, no matter what timeline you're in. If you perform below the Standard program thresholds for less than the required three consecutive months:

• the program status continues from the previous identification
• the required three consecutive months restart the next month you're below Standard program thresholds

Visa may suspend or waive non-compliance assessments (fines), in whole or in part, to accommodate unique or extenuating circumstances. Through submission of a remediation plan, the acquirer can make requests for temporary suspension, or waiver of non-compliance assessments, on your behalf. This remediation plan should:

• state the root causes of the identification
• demonstrate actions taken to restore compliance
• outline milestones acceptable to Visa and dates for all corrective actions

Suspension of non-compliance assessments and program fees are:

• at Visa’s sole discretion
• for a set period of time If granted, the non-compliance assessment and program fees will continue to accrue during the suspension period. If you're unable to perform below program thresholds during the suspension period and are identified afterwards, the accrued non-compliance assessment may be levied.

This section covers all regions. See the VFMP-3DS section for information specific to VFMP-3DS (US only).

VFMP has four program timelines.

The VFMP uses fraud and sales transactions processed in the previous calendar month. The formula used for the Fraud-to-sales-amount ratio calculation is:
Fraud-to-sales-amount ratio = Total amount of fraud reported during the month / Total amount of sales during the month

Program monitoring includes domestic transactions and international transactions for the following acquirer regions:

• AP (Australia)
• Canada
• Europe (Germany, United Kingdom)
• LAC (Brazil)
• US

For all remaining regions, VFMP monitoring only includes international transactions:

• For the VDMP, only the first ten disputes, in a given calendar month, between you and a single account number are counted.
• VFMP excludes fraud type code 3 (fraud application).

This section covers VFMP-3DS, only available in the US.

The VFMP-3DS program has two timelines.

• The VFMP-3DS program uses US domestic 3DS (ECI 5 and 6) fraud and sales transactions processed in the previous calendar month.
• Only the first ten fraudulent transactions, in a given calendar month, between you and a single account number are included.
• VFMP-3DS program excludes fraud type code 3 (fraud application).
• You will be remediated out of the VFMP-3DS program when it appears below the Standard program thresholds for three consecutive months.

Mastercard's Acquirer Chargeback Monitoring Program (ACMP) consists of two programs, the Excessive Chargeback Program (ECP) and the Excessive Fraud Merchant (EFM) program.

The ECP program has two levels, Excessive Chargeback Merchant (ECM) and High Excessive Chargeback Merchant (HECM).

The EFM program monitors and identifies merchants with excessive fraud activity. The goal is to reduce fraud on e-commerce transactions and to create a more secure ecosystem.

You will be placed in the EFM program if, in the previous calendar month, you met all the following conditions:

• You processed 1,000 or more Mastercard sales transactions in the previous month.
• You were subject to at least €/$50,000 or more in Mastercard fraud-related chargebacks with reason codes 4837 (No Cardholder Authorization).
• Your fraud chargebacks-to-sales ratio is 0.50% or more.
• Your percentage of monthly clearing volume processed using 3DS (including Data Only transactions) or DSRP (Digital Secure Remote Payment) is less than 10% in non-regulated countries, or less than 50% in regulated countries.

• 3DS transactions identified in clearing in private data sub-element (PDS) 0052 (Security Level Indicators) with a value of 211, 212, 214, 216, or 217.
• Digital Secure Remote Payment transactions identified in clearing in PDS 0052 with a value of 242 (Issuer Fully Authenticated) or 246 (Merchant Risk Based Decisioning).
• Data Only refers to non-3DS transactions in which Mastercard performs risk scoring and inserts Digital Transaction Insights to the authorization request message.
• The term 'non-regulated' refers to those countries without a legal or regulatory requirement for strong cardholder authentication. The term 'regulated' refers to those countries with a legal or regulatory requirement for strong cardholder authentication.

Mastercard will remove you from the program if your dispute activity falls below the EFM thresholds for three consecutive months. Where an extension is in place, if you successfully comply with the program for three consecutive months before the extension period ends, assessments will not apply. However, if you receive approval for an extension request, compliance must be achieved by the end of the extension period. Otherwise, you will be retroactively billed for any assessments you would have accrued while the extension was in place. You will also be retroactively billed for any assessments you would have accrued while the extension was in place if you:

• leave before the end of the extension period, for example, if you process zero sales in a calendar month
• you do not successfully exit the program by having three consecutive months below the program thresholds

If you are identified as non-compliant for both EFM and ECM in the same month will only be subject to the applicable EFM assessments. If you have been identified in either the ECM or EFM for 12 months, the highest of the program assessments (whether ECM or EFM) will apply.

If you are unable to comply with the programs, you may contact Checkout.com to request an extension from Mastercard.

Usually, extensions should be requested if you can quickly address the causes of identification in the Acquirer Chargeback Monitoring Program. An extension will allow time for the remaining chargebacks to be processed, and for you to return to compliance with program thresholds.

Extensions are reviewed and granted on a case-by-case basis. Mastercard may request additional information, such as an action plan, to evaluate an extension request.

Once you're placed in the EFM program, you will be charged monthly violation assessment fines from the second month of non-compliance. These fines are on top of any existing fees applied for fraudulent transactions and fraud-related disputes.