What Is Visa VAMP?
The Visa Acquirer Monitoring Program (VAMP) is Visa's compliance enforcement framework for identifying acquirers and their merchants whose combined fraud and dispute activity exceeds defined thresholds. VAMP measures the sum of a merchant's fraud transactions and non-fraud disputes against the merchant's total settled volume each month, expressed as a single combined ratio. When that ratio crosses a tier threshold, the acquirer is required to escalate monitoring, request a remediation plan, and — if the breach persists — apply per-dispute assessments and other enforcement measures.
For subscription mobile apps and SaaS businesses, VAMP matters disproportionately. Subscription billing produces a steady stream of low-value recurring transactions that, when paired with even a moderate friendly-fraud rate, can push a merchant above the VAMP combined threshold faster than the same merchant ever crossed the legacy VDMP or VFMP thresholds individually. Many founders who comfortably operated under the prior split-program regime have found themselves placed under VAMP monitoring for the first time.
How VAMP Replaced VDMP and VFMP
Before April 1, 2025, Visa ran two separate compliance programs. The Visa Dispute Monitoring Program (VDMP) tracked merchants by their non-fraud chargeback ratio. The Visa Fraud Monitoring Program (VFMP) tracked merchants by their fraud ratio. A merchant could be in one program, both, or neither. Each had its own thresholds, its own remediation expectations, and its own fee schedules.
VAMP consolidated both programs into a single framework with a single combined ratio. The structural argument from Visa was that the legacy split-program regime under-monitored merchants whose risk straddled the two categories — a subscription app with a moderate fraud rate and a moderate dispute rate could pass each program individually while presenting meaningful aggregate risk. The combined ratio closes that gap.
Key takeaway: VAMP is not a stricter version of VDMP or VFMP. It is a different measurement. A merchant's VAMP ratio can be above the threshold even when both legacy fraud and legacy dispute ratios were comfortably below their old individual thresholds.
The VAMP Ratio Formula in Plain Language
VAMP uses one ratio. The numerator is the sum of two transaction types reported to Visa during the calendar month: fraud transactions reported via TC40 messages and non-fraud disputes reported via TC15 messages (the standard chargeback transaction code). The denominator is the merchant's total settled transactions for the same month.
Stated simply: (fraud transactions + chargebacks) ÷ total settled transactions, expressed as a percentage. A merchant with 500 fraud reports plus 1,200 chargebacks against 600,000 settled transactions in a given month produces a VAMP ratio of (500 + 1,200) ÷ 600,000 = 0.283%, just under the Above-Standard threshold.
Two implementation details matter for accurate self-measurement. First, fraud reports (TC40) are typically filed by issuing banks 1 to 30 days after the cardholder reports the fraud, so the fraud number for a given month continues to grow for several weeks after the month closes — a current-month VAMP ratio is always a moving estimate. Second, chargebacks (TC15) include all dispute reason codes (fraud-flagged disputes are counted in the numerator separately from the chargeback line), so do not double-count a fraud-flagged dispute that has progressed into a chargeback unless Visa's own monthly report shows it counted twice.
Key takeaway: Track the VAMP ratio internally as a 30-day rolling estimate. Both numerator components keep growing for weeks after the month closes, so reading the ratio at month-end almost always understates the final value.
Acquirer Threshold (0.30%) vs Merchant Threshold (0.90%)
VAMP defines two merchant tiers, each with a distinct threshold and distinct enforcement consequences.
Above-Standard tier — 0.30% combined ratio
The Above-Standard threshold is a combined VAMP ratio of 0.30%. Crossing it places the merchant under acquirer-level monitoring. The acquirer is required to investigate the underlying drivers, document a remediation plan, and report progress monthly. The merchant typically does not yet face per-dispute assessments at this tier, but the acquirer may impose tighter funding holds, increased reserves, or additional chargeback-cost assessments depending on the contract. The Above-Standard tier is the first official warning.
Excessive tier — 0.90% combined ratio
The Excessive threshold is a combined VAMP ratio of 0.90%. Crossing it triggers materially stronger enforcement: per-dispute assessments levied on every chargeback above the threshold, mandatory remediation programs, and the acquirer's heightened risk of being held responsible by Visa for the merchant's continued non-compliance. Merchants in the Excessive tier are at real risk of acquirer offboarding if the ratio does not return below 0.90% within the program's exit window.
Exit criteria for either tier
Exit from VAMP — at either tier — requires the combined ratio to fall below the relevant threshold for three consecutive calendar months. A merchant briefly dipping below the threshold in a single month and then bouncing back above does not exit the program. The exit clock resets on each breach.
How VAMP Differs from Mastercard ECM
VAMP and Mastercard's Excessive Chargeback Merchant (ECM) program both monitor merchant payment risk, but they measure different things and have different enforcement profiles. The two are not redundant; a subscription business in trouble on Visa is often in trouble on Mastercard too, and the playbooks for exit overlap but are not identical.
| Attribute | Visa VAMP | Mastercard ECM |
|---|---|---|
| Measurement | Combined fraud + dispute ratio | Chargeback ratio only |
| Lower tier | Above-Standard: 0.30% combined | ECP: 100 CBs + 1.0% ratio |
| Upper tier | Excessive: 0.90% combined | ECM: 100 CBs + 1.5% ratio |
| Volume floor | None — ratio applies regardless of volume | Requires 100+ chargebacks in a month |
| Exit criteria | Below threshold for 3 consecutive months | Below thresholds for 3 consecutive months |
| Effective | April 1, 2025 (replaced VDMP and VFMP) | Long-standing program |
| Nuclear outcome | Acquirer offboarding; VAMP disqualification | MATCH list (5-year ban) |
The most important practical difference is the absence of a volume floor in VAMP. Mastercard ECM requires both a percentage breach and 100 absolute chargebacks in a month, which gives smaller subscription apps natural protection against early enforcement. VAMP applies regardless of volume — a small merchant with 5,000 transactions and 16 combined fraud-plus-disputes is at 0.32% and already above the Above-Standard threshold.
If you want the full ECM playbook, the complete guide to exiting Mastercard's ECM program covers thresholds, escalation timeline, the 90-day exit playbook, and the five most common chargeback root causes for subscription apps.
Common Ways Subscription Apps Trigger VAMP
The structural reasons subscription apps disproportionately end up under VAMP fall into four categories. Each is fixable; each is also commonly missed because the failure mode looks like normal operating noise until the combined ratio crosses 0.30%.
1. Card testing on low-cost trials
Subscription apps that offer $0.99 or $4.99 weekly trials are attractive testing targets for stolen-card fraudsters. A single card-testing session can produce 50 to 200 successful sign-ups before fraud filters react. Even when those transactions are flagged and refunded, they often appear in TC40 fraud reports filed by issuers when the legitimate cardholder later reports the unrecognised charge. Each TC40 lands in the VAMP numerator regardless of whether the merchant already refunded the transaction.
2. Friendly fraud on subscription renewals
Friendly fraud — where the cardholder authorised the original transaction but later disputes it as unrecognised — is the dominant failure mode for subscription billing. Common patterns include subscription amnesia (the user forgot they signed up), shared-card disputes (a family member subscribed and the primary cardholder did not recognise it), and trial-to-paid surprise (the user did not realise the trial would convert). Each of these produces TC15 disputes that count in the VAMP numerator.
3. Aggressive paywall changes without communication
Mid-trial price changes, removal of grandfathered tiers, or shortened trial windows reliably produce a chargeback cluster within days of the change. The cluster is concentrated, so it shows up in a single month's VAMP ratio and can push a previously-stable merchant across the Above-Standard threshold in one cycle.
4. Stripe Link and other one-tap flows bypassing CVC/AVS
Convenience-focused checkout features — Stripe Link, Apple Pay autofill in some configurations, browser-stored card profiles — can bypass CVC and AVS verification for the sake of conversion rate. The conversion gain is real; the cost is a higher rate of card-testing success and friendly fraud, both of which feed the VAMP numerator. Subscription merchants on Stripe should explicitly review which of their flows skip CVC/AVS and ensure that bypass is intentional, not a default.
Exiting VAMP — the Structural Moves That Work
Exiting VAMP requires three consecutive months below the relevant threshold. The structural moves below are the same playbook that drives a successful exit from Mastercard ECM, with VAMP-specific notes where the combined ratio changes the priority order.
1. Tighten fraud filters and 3DS gating
Stripe Radar (or the equivalent on other processors) typically ships with conservative defaults that under-block subscription-app fraud vectors. The first move is a Radar rule rebuild — adding velocity checks, IP and BIN blocklists for known testing patterns, and dynamic 3DS gating on high-risk regions and card BINs. 3DS shifts liability for fraud disputes back to the issuer, which removes them from the merchant's TC40 count and improves the VAMP ratio directly.
2. Integrate Ethoca and Verifi for dispute interception
Ethoca (Mastercard-owned) and Verifi/CDRN (Visa-owned) are dispute interception networks. When an issuer alerts that a cardholder has initiated a dispute, the merchant receives the alert before the chargeback formally posts. The merchant can issue a proactive refund, which prevents the dispute from progressing into a TC15 chargeback and removes it from the VAMP numerator entirely. For subscription apps with a meaningful friendly-fraud rate, dispute interception can lower the VAMP ratio by a structural 10 to 30% within a single month.
3. Redesign the cancellation flow
The single most under-used VAMP exit lever is the cancellation flow. Subscription apps that make cancellation harder than sign-up convert a meaningful share of cancellation intent into chargebacks instead. The fix is a self-serve cancellation flow that completes in two clicks, prompts for a refund of the most recent charge if the user is within a defined window, and acknowledges the cancellation in writing. Implemented well, this single change can reduce friendly-fraud disputes by 20 to 40% over 60 days.
4. Submit compliance documentation to the acquirer
Acquirers operating under VAMP are required to document their merchant remediation; merchants are required to participate. Submit a structured remediation plan to the acquirer covering the fraud-filter changes, the dispute interception integrations, the cancellation-flow redesign, and the timeline for ratio recovery. Acquirers move faster on merchants who arrive with a written plan than on merchants the acquirer has to chase.
Key takeaway: The VAMP exit playbook is the same structural work as the ECM exit playbook — fraud filters, dispute interception, cancellation flow, compliance documentation — but the combined-ratio framework means dispute interception (which lowers TC15 counts) and 3DS gating (which lowers TC40 counts) both contribute to ratio recovery, so prioritise both rather than choosing.
When to Escalate vs When DIY Is Enough
VAMP is recoverable in-house in some scenarios and demands outside help in others. The honest assessment depends on which tier you are in, the trajectory of the ratio, and what cross-functional moves the team can land in time.
| Situation | DIY-suitable | Escalate |
|---|---|---|
| VAMP tier | Above-Standard (0.30%–0.89%) | Excessive (≥ 0.90%) |
| Trajectory | Ratio falling month over month | Ratio flat or rising for 2+ months |
| Root cause | Single, identifiable trigger (e.g. a recent paywall change) | Multi-cause: fraud + friendly fraud + cancellation friction |
| Acquirer relationship | Acquirer is responsive and constructive | Acquirer is escalating, threatening offboarding, or non-responsive |
| Internal capacity | Engineering and ops can land Radar + cancellation changes inside 30 days | Cross-functional coordination is the bottleneck; multiple teams can't align |
| Other compliance pressure | Only on Visa | Also on Mastercard (ECM/ECP) or Stripe Radar review |
The pattern across engagements is consistent: merchants in the Above-Standard tier with a clear single-cause trigger and responsive internal teams handle VAMP recovery in-house most of the time. Merchants in the Excessive tier, with rising trajectory, multiple root causes, or strained acquirer relationships benefit substantially from outside help — both because the diagnosis is harder and because the cost of being wrong (acquirer offboarding) is no longer recoverable.
Frequently Asked Questions
VAMP is the Visa Acquirer Monitoring Program — Visa's compliance enforcement framework for tracking acquirers and merchants whose combined fraud and dispute activity exceeds defined thresholds. Effective April 1, 2025, VAMP consolidated and replaced VDMP (Visa Dispute Monitoring Program) and VFMP (Visa Fraud Monitoring Program), measuring fraud and disputes against settled transactions using a single combined ratio rather than two separate ones.
VAMP became effective April 1, 2025, replacing VDMP and VFMP. Visa announced the consolidation in 2024 and gave acquirers a transition window before the April 2025 cutover. Legacy VDMP and VFMP placements transitioned into the equivalent VAMP tiers based on the new combined-ratio measurement.
The VAMP ratio is the sum of a merchant's fraud transactions (TC40) plus non-fraud disputes (TC15 chargebacks) over a calendar month, divided by the merchant's total settled transactions in that month. Unlike legacy VDMP and VFMP, which tracked fraud and disputes separately, VAMP aggregates both into one combined ratio compared against the program thresholds.
Two tiers: Above-Standard at a combined ratio of 0.30%, which triggers acquirer-level monitoring; and Excessive at 0.90%, which triggers stronger enforcement including per-dispute assessments and remediation requirements. Either tier requires three consecutive months below threshold to exit.
Exit requires the combined VAMP ratio to fall below the relevant threshold for three consecutive calendar months. The structural moves: tighten fraud filters and add 3DS gating on high-risk BINs and regions, integrate dispute interception via Ethoca and Verifi, redesign the cancellation flow to prevent friendly-fraud disputes, and submit formal compliance documentation to the acquirer.
VAMP and Mastercard ECM measure different things. ECM requires 100 chargebacks plus a 1.5% chargeback ratio in a single month. VAMP's Above-Standard threshold is 0.30% combined fraud-and-dispute ratio with no volume floor. Many subscription apps comfortably under VDMP and VFMP individually find themselves above the new combined VAMP threshold. Neither is "worse"; they monitor different things, and a merchant in trouble on one is often in trouble on both.
