VAMP Remediation Checklist: Steps to Exit Visa Acquirer Monitoring

Entering Visa VAMP monitoring — Above Standard (≥0.50%) or Excessive (≥0.70%) at the acquirer portfolio level — is a time-sensitive compliance situation. The VAMP programme replaced VDMP and VFMP in April 2025. The ratio it measures is: TC40 fraud plus TC15 disputes divided by TC05 settled transactions. A merchant can breach VAMP thresholds through elevated fraud, elevated disputes, or both simultaneously.

This is an operational checklist for payments, fraud, risk, and chargeback operations teams. It is not legal or network advice. Exact programme handling, exclusion timing for RDR and CE 3.0 resolved items, and current thresholds should be verified with your acquirer and Visa representative. Acquirers manage their own portfolios against the Above Standard and Excessive thresholds and often set internal merchant ceilings below those levels; your acquirer's internal targets may differ from the published scheme thresholds.

First 48 Hours: Confirm the Numbers

Before changing any controls, confirm exactly what you are dealing with.

Request the full monitoring data from your acquirer. Specifically:

• The monitoring month and exact ratio reported
• Whether the breach is at the acquirer-portfolio level, the merchant-entity level, or both
• Which MIDs are in scope
• The TC40 count and TC15 count separately — not combined
• The TC05 settled transaction denominator used in the calculation
• Whether this is your first notification or a programme escalation

Reconcile the numerator. TC40 and TC15 are not always available in standard PSP dashboards. If your acquirer provides monthly TC40 data, verify that your internal fraud count aligns with the TC40 figure they are using in the ratio. Discrepancies here are common and affect your ability to model a remediation trajectory. If your acquirer cannot provide TC40 data broken out by MID and month, that is a significant visibility gap that needs to be addressed immediately.

Identify the dominant driver. Once you have the TC40 and TC15 counts separately, calculate each as a share of TC05. A ratio where 70% of the exposure comes from TC40 fraud requires a different remediation track than one driven primarily by TC15 disputes. Most VAMP situations have a dominant driver; address that workstream first while running the other in parallel.

Confirm RDR and CE 3.0 exclusion timing. Pre-disputes resolved via Verifi CDRN (Rapid Dispute Resolution) and CE 3.0-resolved TC40 disputes are excluded from the VAMP ratio, but the timing of when those exclusions take effect is acquirer- and implementation-dependent. Do not assume exclusions are working until your acquirer confirms the exact reporting methodology. If you are not enrolled in RDR or CDRN, see the dispute remediation workstream section.

Separate enumeration from the core ratio. Card-testing and account enumeration are tracked under Visa's enumeration ratio — a separate programme with its own threshold — not inside the core VAMP ratio. Confirm with your acquirer whether you are in both VAMP monitoring and enumeration monitoring simultaneously. If so, the remediation plans are parallel but distinct.

Week 1: Stop the Ratio From Worsening

Once the data is confirmed, the immediate priority is preventing further deterioration before durable fixes are in place. All controls deployed in Week 1 should be reversible — you are buying time for the fraud and dispute workstreams, not making permanent policy changes under pressure.

Identify the highest-risk cohorts first. Segment your transaction volume by:

• BIN country and issuer
• Payment method (card-present, CNP, wallet)
• Product or SKU — digital goods typically carry higher fraud and dispute rates than physical fulfilment
• Traffic source (organic, paid, affiliate, reseller, marketplace)
• Account age at transaction time
• Merchant entity and MID if operating multiple

The true cost of a chargeback — fees, ratio impact, and acquirer portfolio pressure — makes targeted early action significantly cheaper than broad controls deployed too late.

Week 1 control decision guide. Match the pattern the segmentation reveals to the response:

| If the Week 1 analysis shows… | Do this first | Why | |---|---|---| | One traffic source, affiliate, reseller, or market is materially above the MID average | Pause, cap, or route that cohort through stricter review | Prevents the ratio from worsening while preserving clean traffic volume | | TC40 is concentrated in specific BIN countries, issuers, new accounts, or products | Apply targeted 3DS2 step-up or velocity rules to those cohorts only | Reduces fraud without blanket approval-rate damage across clean traffic | | TC15 is concentrated in cancellation, descriptor, or fulfilment reason codes | Fix support, refund, descriptor, and cancellation flows before changing fraud rules | These disputes are not solved by fraud controls | | Pre-dispute alert response is slow or incomplete | Fix CDRN / Ethoca / RDR workflow ownership and SLA before adding new tooling | Missed alerts become avoidable TC15 | | 3DS step-up is reducing TC40 but appears to increase TC15 | Narrow the 3DS cohort and monitor the TC40-to-TC15 trade-off weekly | Avoids substituting issuer-absorbed fraud for filed chargebacks |

Do not apply controls outside the scope identified by segmentation. A rule applied to your entire volume suppresses approval rate for clean traffic while only partially addressing the elevated cohort. If the cohort analysis does not clearly identify a driver, proceed directly to the fraud and dispute workstream sections — the Week 1 controls are supplementary to those workstreams, not a substitute.

Review refund-before-dispute execution. The fastest way to reduce TC15 in the near term is intercepting disputes before they file. If you are enrolled in Verifi CDRN or Ethoca, confirm alert coverage and response time. If your team is not responding to alerts within the required window, that is a process failure, not a tool problem. Response time compliance should be checked immediately.

Review billing descriptor clarity. Unrecognised-charge disputes (Visa reason codes 10.4, 13.7) are preventable. If your statement descriptor does not match what the customer sees on the checkout page, the dispute was created by your own infrastructure. Confirm that every MID's descriptor is recognisable and includes a customer support contact number or URL. This is a low-effort fix that prevents an entire category of TC15.

Freeze high-risk external channels if needed. If a specific reseller, affiliate partner, or marketplace channel accounts for a disproportionate share of dispute or fraud volume, a temporary pause is warranted while you investigate. Reactivation requires evidence that the channel's quality has changed, not just that time has passed.

Fraud Remediation Workstream

This workstream targets TC40 reduction. It runs in parallel with the dispute workstream, not after it.

Understand the fraud mix before changing rules. TC40 covers multiple fraud types: unauthorised card use, account takeover, synthetic identity, and card testing. Each requires different controls. Applying velocity rules to an ATO problem, or 3DS2 to a synthetic-identity problem, will have limited impact. Before tuning rules, confirm which fraud types dominate your TC40 exposure by examining the underlying transactions.

Account takeover. If ATO is a material TC40 driver, the intervention is at the authentication layer — login, credential change, session initiation — not at the payment authorisation layer. A fraud system that only evaluates payment transactions will miss ATO entirely. ATO-specific signals include: device fingerprint anomalies on login, unusual session geography relative to account history, credential-stuffing velocity, and account-change events (email, password, shipping address) in the hours preceding a fraudulent transaction.

Enumeration containment. Card-testing enumeration contributes to the separate enumeration ratio, not directly to the core VAMP ratio. However, the fraudulent charges that follow successful card tests do generate TC40 reports. Enumeration defence — rate limiting on failed authorisations, CAPTCHA on high-risk input fields, velocity rules on new card credentials per device or IP — reduces both enumeration exposure and downstream TC40 from successful tests. For the full attack anatomy, see Card Testing and Enumeration Attacks.

Signal layering. Effective TC40 reduction in a monitoring situation typically requires layering multiple signals rather than applying one broad rule. Consider:

• Device fingerprint: same device seen across multiple card credentials
• IP reputation: known fraud IP ranges, VPN/proxy/TOR exit nodes
• Email domain: disposable email domains at registration
• BIN risk: BIN corridors with historically elevated TC40 rates on your platform
• Behavioural signals: session speed, field completion patterns, checkout abandonment anomalies
• Account-level signals: new account age, first transaction on account, no prior purchase history

3DS2 deployment. Broad 3DS2 deployment shifts fraud liability to the issuer. For TC40, this means issuers that were previously absorbing fraud may start filing chargebacks instead — temporarily increasing TC15 while TC40 decreases. For merchants with a high TC40-to-TC15 ratio, this trade may be net-positive over 60–90 days, but short-term TC15 movement should be modelled before deployment. Targeted 3DS2 step-up for the highest-risk cohorts identified in Week 1 is more ratio-efficient than blanket deployment. For a full fraud operations scorecard with KPI targets and escalation thresholds, see Fraud Operations KPIs.

False-positive monitoring. Every fraud rule tightening has a corresponding approval-rate impact. Track approval rate by cohort alongside TC40 rate. If you are blocking 4% more transactions to reduce TC40 by 0.5 percentage points, the revenue cost may exceed the compliance benefit. Maintain a false-positive log and review it weekly.

Dispute Remediation Workstream

This workstream targets TC15 reduction. Run it in parallel with the fraud workstream.

Cluster by reason code. Not all TC15 disputes have the same remediation path. Pull your dispute volume by Visa reason code for the monitoring month. The dominant categories for most merchants in VAMP situations are:

• 10.4 (Fraudulent transaction — card absent): Unauthorised use. Remediation is fraud controls and 3DS2 deployment.
• 13.1 (Merchandise not received) and 13.3 (Not as described): Fulfilment or customer expectation failures. Remediation is fulfilment evidence, customer support SLA, and refund policy execution.
• 13.7 (Cancelled merchandise or services): Subscription and cancellation disputes. Remediation is cancellation flow clarity and confirmation.
• 10.1/10.2 (EMV/card absent environment): Lost/stolen card fraud. Remediation is 3DS2 and fraud controls.

For reason-code reference and merchant defence requirements, see Scheme Chargeback Rules 2026: Visa VCR, Mastercard, and Reason Codes.

Refund leakage vs chargeback prevention. For non-fraud disputes (delivery, not-as-described, subscription cancellation), the correct intervention is usually a proactive refund before the chargeback files, not representment after it does. Set a refund-before-dispute threshold for your team: any inbound dispute inquiry for a transaction under a defined amount, or from a first-time disputer on a non-fraud code, should be resolved with a refund rather than escalated to representment.

Customer support SLA. Many TC15 disputes represent customer service failures, not fraud. If a customer could not reach support to resolve a problem, the chargeback was the only alternative. Measure time-to-first-response and resolution time for support tickets, and identify whether there is a correlation between slow resolution and subsequent chargebacks. This is a frequently overlooked TC15 driver.

Subscription and cancellation flows. Visa reason code 13.7 and its equivalents are most common among subscription merchants with unclear cancellation flows. A merchant that requires users to call to cancel will generate significantly more 13.7 disputes than one with a self-service cancellation option and a clear confirmation email. Audit your cancellation flow and confirm that cancellation confirmations are sent and match the billing period.

Representment evidence quality. For disputes that are worth contesting — see Chargeback Representment: Why Merchants Lose Money They Could Recover for the contest-or-accept calculus — evidence quality matters more than volume. A single delivery-confirmation screenshot with a matching address, date, and tracking number is stronger than five unrelated order detail screenshots. Match the evidence directly to the claim stated in the reason code.

Pre-dispute deflection programmes. Verifi CDRN and Ethoca surface issuer inquiries before they become chargebacks, creating a window to refund the cardholder and prevent TC15 from filing. Verifi is Visa-owned infrastructure; its CDRN alerts are particularly relevant for VAMP since resolved items affect the Visa ratio directly. RDR (Rapid Dispute Resolution) automates the refund decision based on rules you configure. Both tools reduce TC15 counts and can reduce VAMP ratio exposure when implemented correctly. For a structured comparison of deflection and representment platform options, see Chargeback Management Platforms: Alerts, Representment, and Recovery. RDR and CE 3.0 exclusion effects are timing-dependent; confirm the exact reporting impact with your acquirer.

Acquirer Communication Checklist

Acquirers need to see that you are actively remediating, not waiting. An undocumented remediation is functionally invisible and does not influence enforcement decisions. Send a weekly remediation pack to your acquirer contact throughout the monitoring period.

Weekly remediation pack contents:

1. Current ratio estimate — your internal estimate of the VAMP ratio for the current month based on available TC40 and TC15 data, with TC40 and TC15 broken out separately
2. Root-cause narrative — a brief explanation of which segments, products, or traffic sources are driving the elevation and what the investigation found
3. Controls implemented — a table of every fraud or dispute control change, the date it went live, and the expected or observed impact on TC40/TC15 volume
4. Weekly ratio trend — a 4–6 week trailing table showing ratio movement since controls were deployed, with a projected trajectory to the target threshold
5. Action owner list — named individuals responsible for each open action, with expected completion dates
6. Escalation flag — if any action has been delayed or has not achieved the expected impact, flag it explicitly with the revised plan

The tone should be factual and operational. Acquirers are managing their own VAMP portfolio exposure. A merchant that provides clear data and documented actions reduces the acquirer's enforcement risk. A merchant that provides nothing compels the acquirer to assume the worst.

Weekly Operating Dashboard

Track these metrics weekly throughout the monitoring period. One table, owned by a named team member, reviewed in a standing meeting.

| Metric | Notes | |---|---| | TC40 fraud count | Request from acquirer; may have reporting lag | | TC15 dispute count | From PSP dashboard or acquirer report | | TC05 settled transaction count | Denominator for VAMP ratio | | VAMP ratio estimate | (TC40 + TC15) ÷ TC05 × 100 | | Enumeration ratio | Separate programme; confirm acquirer reporting availability | | TC40 rate by fraud type | Split by ATO, CNP fraud, card testing if available | | Dispute rate by reason code | Minimum: codes 10.4, 13.1, 13.3, 13.7 | | Refund-before-dispute conversion rate | Refunds on pre-dispute alerts ÷ total alerts received | | RDR / CDRN alert coverage | Alerts received vs transactions in scope | | Approval rate by cohort | Watch for false-positive collateral from rule changes | | Blocked-revenue estimate | Revenue blocked by new fraud rules vs TC40 reduction achieved |

This table is the source of truth for the acquirer weekly pack. Do not send qualitative updates without supporting data.

For a full chargeback operations scorecard with compliance KPI targets and escalation logic, see Chargeback Operations KPIs: Metrics, Targets, and Escalation Triggers.

30 / 60 / 90 Day Remediation Plan

| Phase | Days | Objectives | |---|---|---| | Confirm and contain | 0–2 | Data confirmation, entity/MID scope, RDR exclusion status, emergency reversible controls | | Root-cause segmentation | 3–7 | Identify dominant cohorts, targeted fraud and dispute controls, freeze high-risk channels | | Parallel workstreams | 8–30 | Sustained fraud tuning (TC40), dispute prevention and evidence quality (TC15), weekly acquirer communication | | Stabilise and prove trend | 31–60 | Ratio shows consistent weekly decline; demonstrate trend with 4-week data; adjust controls based on false-positive data | | Governance and recurrence prevention | 61–90 | Permanent controls replace temporary ones; internal VAMP ratio targets set below 0.50%; escalation logic documented; monitoring cadence established |

Exit from VAMP monitoring requires demonstrating a ratio below threshold for a sustained period. The exact exit criteria and handling timeline should be confirmed with your acquirer. Visa's published 3-month grace period for first-time offenders (rolling 12-month window) is the stated baseline; acquirer-specific handling and exit criteria may differ.

Common Mistakes

Treating VAMP as only a chargeback problem. The TC40 component — issuer-absorbed fraud — is invisible in most PSP dashboards and is not the same as your chargeback rate. Merchants who managed to VDMP/VFMP chargeback thresholds often have no visibility into their TC40 exposure until they breach VAMP.

Ignoring TC40 data entirely. Some operators, on receiving a VAMP notification, focus exclusively on dispute (TC15) reduction. If TC40 accounts for 40–50% of the ratio, that approach will not return the ratio to threshold. Request TC40 data from your acquirer immediately and make it a standing monthly report.

Confusing enumeration with the core VAMP ratio. Enumeration is a separate Visa monitoring programme with its own threshold. Remediating enumeration (card-testing defence) does not directly improve the core VAMP ratio — though it may reduce downstream TC40 from successful card tests. Do not conflate the two.

Over-tightening fraud rules without measuring revenue impact. Blocking all high-risk BIN corridors, flagging all first-time purchases, or applying broad velocity rules can reduce TC40 while significantly reducing approval rate and revenue. In a 90-day monitoring window, lost revenue may exceed the cost of the VAMP fees. Measure the false-positive impact of every rule change weekly.

Waiting for the acquirer to lead the remediation. Acquirers have compliance obligations to Visa and will enforce them regardless of whether the merchant has a plan. The merchant's role is to provide active, documented remediation that reduces the acquirer's risk. A passive posture delays resolution and signals low urgency to the acquirer.

Fixing global rules when the issue is localised. If 80% of TC40 exposure comes from one BIN corridor, one product type, or one reseller channel, a global rule change suppresses approval rate across your entire volume while only partially addressing the actual problem. Segment first, then apply the minimum scope of control necessary to address the elevated cohort.

Fixing the ratio without fixing the underlying problem. Aggressive refunding, broad 3DS2 blanket deployment, or bulk transaction blocking can move the ratio number in the short term while leaving the root cause in place. The goal is not to survive the monitoring period — it is to build permanent controls that prevent re-entry.