Skip to content

Fraud monitoring programs

Last updated: 6th July 2022

Card schemes (like Visa and Mastercard) monitor your reported fraud activity month by month, comparing it to your sales. If the instances of fraud exceed the levels deemed acceptable by the scheme, you may be placed on their monitoring program.

Once you’re on a program, the scheme can charge you monthly fines until you reduce the fraud activity back down to acceptable levels.

We will let you know if you’re at risk of being placed, or have been placed, on a program, and work with you to reduce fraudulent transactions.

To learn how to defend against fraud-related dispute cases, read our guide on preventing fraudulent disputes.

If you fail to comply within a specified time period (this depends on the scheme), the scheme can refuse to continue processing your payments. This is rare, but it's best to take immediate action if you're enrolled on a program.

Learn about Visa’s and Mastercard’s fraud monitoring programs below.

Visa's fraud monitoring program

The Visa Fraud Monitoring Program (VFMP) has three levels: Standard, High-Risk, and Excessive. The total amount of your reported fraud (across all regions) in the previous calendar month, your fraud-to-sales ratio for that month, and whether or not your business is categorised as high-risk decide which level you'll be placed on.

If you're at risk of being enrolled on the VFMP, you may be sent an early warning notification.


Thresholds, timelines, and fines

    Early warning notifications are given monthly, and only if you exceeded the thresholds detailed below in the previous calendar month.

    There are no fines or additional fees associated with being provided with an early warning, but we will work with you to reduce your fraud activity.


    Thresholds

    Reported fraudFraud-to-sales ratio

    $50,000

    0.65%

    Visa can choose to suspend or waive some or all of the non-compliance assessment fees to accommodate unique or extenuating circumstances. However, you shouldn't rely on this; focus on reducing your reported fraud to acceptable levels.


    How does Visa calculate the fraud-to-sales ratio?

    Visa calculates the fraud-to-sales ratio as follows: the total amount of reported fraud during the month divided by the total value of sales you processed during that same month, multiplied by one hundred.

    For example, if your reported fraud in January amounted to $85,000, and you processed $2.5 million in payments in January, you would have a fraud-to-sales ratio of 3.40% (85000 / 2500000 x 100).

    This would place you on either the Standard level of the VFMP, or the High-Risk level (if you were in a high-risk merchant category).


    Why am I getting dispute cases with the reason code 10.5?

    The VFMP has a specific dispute reason code, 10.5, which Visa applies to any dispute it confirms is fraudulent, including 3DS authenticated transactions, disputes that were raised under a different reason code, and dispute cases that you've already won.


    How to exit the VFMP

    Visa will remove you from the program if your fraud activity falls below the thresholds for three consecutive months.

    Mastercard's fraud monitoring program

    Mastercard's Excessive Fraud Merchant (EFM) program monitors your fraud-related dispute activity, placing you on the program if it exceeds the program thresholds.


    Thresholds

    You will be placed on the EFM program if, in the previous calendar month, you met all of the following conditions:

    • You processed 1,000 or more Mastercard transactions.
    • You were subject to at least €/$50,000 worth of fraud-related disputes, with reason codes 4837 (No Cardholder Authorization) or 4863 (Cardholder Does Not Recognize - Potential Fraud).
    • Your fraud dispute-to-sales ratio is 0.50% or more.
    • You're in a non-regulated country and less than 10% of your Mastercard transactions were authenticated with 3D Secure (3DS), or you're in a regulated country and less than 50% of your Mastercard transactions were authenticated with 3DS.

    Non-regulated countries are those with no requirement for Strong Customer Authentication (SCA) (for example, the US, Canada, and some European countries). Regulated countries are those with a requirement for SCA (for example, the UK, some European countries, and some APAC countries).


    Timeline and fines

    Once you're placed on the EFM program, you will be charged monthly violation assessment fines from the second month of non-compliance. These fines are on top of any existing fees applied for fraudulent transactions and fraud-related disputes.

    Number of months above EFM thresholdsViolation assessment fines

    1

    n/a

    2

    €/$500

    3

    €/$1,000

    4–6

    €/$5,000

    7–11

    €/$25,000

    12–18

    €/$50,000

    19+

    €/$100,000


    How to exit the EFM

    Mastercard will remove you from the program if your fraud-related dispute activity falls below the thresholds for three consecutive months.