Scheme Chargeback Rules in 2026: Visa VCR, Mastercard Mastercom, and the Reason Code Map

Both scheme rulebooks have changed more in the past eighteen months than in the preceding five years. Visa retired its two dispute monitoring programs and replaced them with a single, stricter framework. Compelling Evidence 3.0 went from a manual filing process to automatic qualification. Mastercard tightened arbitration rules and consolidated its reason code structure. Most operators are still running playbooks written against the old Visa VDMP/VFMP model — a model that no longer exists.

This article covers both schemes as of mid-2026: dispute workflows, reason codes, monitoring program thresholds, pre-dispute tools, and the changes that actually matter operationally. If you want the merchant-side defense playbook, see Chargeback Representment: The Merchant Playbook. If you want the AI automation layer on top of this, see AI-Powered Chargeback Representment.

Visa Claims Resolution: the two workflows that matter

Visa launched VCR in April 2018, replacing 22 legacy chargeback codes with a four-category structure and introducing a critical operational distinction: two different workflows depending on dispute type.

Allocation workflow applies to Fraud (10.x) and Authorization (11.x) disputes. Visa uses its internal network data to assign liability automatically — to the issuer or to the merchant — without requiring a full evidence exchange between parties. The maximum resolution timeline is 70 days (reduced from 150 under the old process). Merchants have 30 days to respond (down from 45).

Collaboration workflow applies to Processing Errors (12.x) and Consumer Disputes (13.x). These require back-and-forth exchange between issuer, acquirer, and merchant. Maximum timeline is 100 days (down from 150). The 30-day initial response deadline applies here too.

The workflow your dispute falls into determines your defense strategy. Allocation disputes are faster and more binary — Visa is already assigning liability when you receive the notification. Collaboration disputes give you more room to negotiate and provide documentation, but they also require active engagement rather than automated response.

Visa reason codes: the complete map

Visa’s four categories contain the following active codes as of mid-2026:

Fraud (10.x) — Allocation workflow

• 10.1: EMV Liability Shift – Counterfeit. Counterfeit card used at a non-EMV terminal. Liability typically shifts to the acquirer/merchant.
• 10.2: EMV Liability Shift – Non-Counterfeit. Legitimate card used fraudulently at a non-EMV terminal.
• 10.3: Other Fraud – Card-Present. Unauthorized in-person transaction.
• 10.4: Other Fraud – Card-Absent. The primary card-not-present fraud code. The only code eligible for CE 3.0 defense. Highest volume fraud code for e-commerce merchants.
• 10.5: Visa Fraud Monitoring Program. Disputes initiated via the former VFMP — this code is now rolled into VAMP.

Authorization (11.x) — Allocation workflow

• 11.1: Card Recovery Bulletin. Transaction flagged via CRB.
• 11.2: Declined Authorization. Transaction processed despite a declined authorization.
• 11.3: No Authorization. As of April 2024 this is a consolidated code — formerly separate codes 71 through 74 — covering transactions where no authorization was requested, authorization was expired, or transaction amount exceeded authorization. Late Presentment (formerly 12.1) was merged into this code in April 2024.

Processing Errors (12.x) — Collaboration workflow

• 12.2: Incorrect Transaction Code.
• 12.3: Incorrect Currency.

Note: code 12.1 (Late Presentment) was moved into the Authorization category and consolidated under 11.3 as of April 2024. If you see legacy documentation referencing 12.1 as active, it is out of date.

Consumer Disputes (13.x) — Collaboration workflow

• 13.1: Item Not Received. Cardholder claims goods or services were not delivered or arrived late. High volume for marketplaces, digital goods, and logistics-heavy merchants.
• 13.2: Cancelled Recurring. Transaction charged after cancellation. High volume for SaaS and subscription operators.
• 13.3: Not as Described or Defective. Merchandise was defective or materially different from what was represented.
• 13.4: Counterfeit Merchandise. Cardholder claims goods are counterfeit.
• 13.5: Misrepresentation. False advertising or misrepresented transaction terms.

For SaaS and subscription businesses, 10.4 and 13.2 dominate the dispute mix. For e-commerce, 10.4 and 13.1 are the primary exposure. Defense strategies should be built around your actual code distribution, not the scheme’s full code list.

CE 3.0: automatic dispute deflection changed in October 2025

Compelling Evidence 3.0 is Visa’s mechanism for contesting 10.4 disputes using historical transaction evidence. It launched April 2023. What changed on October 17, 2025 is more significant than the original launch.

What CE 3.0 requires: To qualify, merchants must provide two prior transactions from the same cardholder that are 120 to 365 days older than the disputed transaction, and that were not previously reported as fraud. This proves an established purchasing relationship — the cardholder has transacted with you before, without dispute, which undermines a claim of unauthorized use.

The evidence submitted via Verifi Order Insight can include login details, IP addresses, device IDs, and delivery confirmations that tie the cardholder to those historical transactions.

Two defense paths:

• Pre-dispute path: Evidence shared via Order Insight before the issuer files the chargeback. If validated by the issuer, the dispute never becomes a chargeback at all. Critically, this means it does not affect your VAMP ratio.
• Post-dispute path: After a chargeback is filed, two historical transactions submitted via Visa Resolve Online. If validated, the chargeback is reversed.

What changed October 17, 2025: Prior to this date, CE 3.0 was a manual process — merchants had to identify eligible disputes and file the evidence themselves. From October 17, 2025, merchants enrolled in Visa Secure or Visa Data Only receive automatic qualification for eligible 10.4 disputes without any manual action. Visa’s systems identify the historical transaction evidence and execute the CE 3.0 defense automatically.

The practical implication: if you are already on Visa Secure (3DS authentication), you are getting CE 3.0 automation for free on eligible disputes. If you are not on Visa Secure, you are leaving defense coverage on the table on your highest-volume fraud code. A new fee structure for successful CE 3.0 qualifications was introduced April 17, 2026 — confirm the fee schedule with your acquirer.

VAMP: the new monitoring stakes

Visa retired the VDMP (Dispute Monitoring Program) and VFMP (Fraud Monitoring Program) on March 31, 2025, consolidating them into the Visa Acquirer Monitoring Program (VAMP), effective April 1, 2025.

The VAMP formula: (Total disputes [all TC40 fraud + all TC15 fraud and non-fraud]) / (Total sales). The numerator is broader than either predecessor program — it captures both fraud-coded and non-fraud-coded disputes in a single metric.

Thresholds (as of June 2025, minimum 1,500 transactions):

Level	Merchant Threshold	Acquirer Threshold
Above Standard	—	0.50%
Excessive	2.2% (drops to 1.5% April 1, 2026 for NA/EU/APAC)	0.70%

Enforcement fees (began October 1, 2025):

• Above Standard: $4 per disputed or fraudulent transaction
• Excessive: $8 per disputed or fraudulent transaction
• Grace period: 3 months for first-time offenders (rolling 12-month window)

Enumeration fraud has a separate threshold: 20% of submitted transactions (minimum 300,000 enumerated transactions to qualify for monitoring).

The critical exclusion: RDR-resolved pre-disputes are excluded from the VAMP ratio. CE 3.0-resolved TC40 disputes are also excluded. This changes the ROI calculation on both tools significantly — they reduce your VAMP exposure, not just your chargeback volume.

The threshold drop from 2.2% to 1.5% in April 2026 is the single most important upcoming compliance date for high-dispute-rate merchants. If your current ratio is between 1.5% and 2.2%, you have roughly ten months to reduce it before you enter Excessive territory.

Mastercard Mastercom: dispute categories and timelines

Mastercard’s dispute management runs through Mastercom, an end-to-end dispute management platform where acquirers are now mandatory participants — either through direct integration, a third-party vendor, or a certified platform. The 2024 consolidation reduced Mastercard’s reason code fragmentation significantly. Most disputes now route through four umbrella codes.

Authorization — Code 4808

Sub-conditions: Required authorization not obtained, Expired protection period, Multiple authorization requests. Cardholder filing deadline: 90 days. Merchant response window: 45 days.

Point-of-Interaction Error — Code 4834

Sub-conditions: Duplicate processing, Paid by other means, Amount differs from authorized amount, Late presentment, ATM processing issues. Same 90-day / 45-day timeline as 4808.

Fraud — Codes 4837 and 4870

• 4837: No Cardholder Authorization (formerly 4755/4757 under pre-consolidation coding). The primary fraud code. Cardholder filing deadline: 120 days (up to 540 days in select cases). Merchant response: 45 days.
• 4870: Chip Liability Shift. Fraudulent transaction at a terminal that failed to process a chip card as chip. Same timelines as 4837.

Cardholder Disputes — Codes 4841, 4853, 4855

• 4841: Cancelled Recurring Transaction or Digital Goods. Transaction charged after cancellation of a recurring arrangement.
• 4853: General Cardholder Dispute (umbrella).
• 4855: Goods or Services Not Provided.

All three carry a 120-day cardholder filing deadline and 45-day merchant response window.

The 45-day merchant response window across all Mastercard categories is materially longer than Visa’s 30-day window — operationally useful, but it should not create complacency. Evidence collection begins the moment you receive the notification, not when the deadline approaches.

A new authorization rule effective June 17, 2025: authorization types must be explicitly identified as pre-authorization or final. The previous “undefined” authorization type is no longer accepted by Mastercard processing systems.

Mastercard ECP and HECM: the monitoring thresholds

Mastercard’s monitoring programs have two tiers, with no major threshold changes announced for 2025–2026.

Excessive Chargeback Merchant (ECM): Triggers when a merchant has at least 100 chargebacks in a calendar month AND a chargeback ratio of 1.5%–2.99%. Monthly fines up to $1,000 during months 1–3; escalate beyond month 3.

High Excessive Chargeback Merchant (HECM): Triggers at 300+ chargebacks AND a ratio at or above 3.00%. Fines double the ECM rate; maximum $200,000 per month.

The formula: chargebacks in month X divided by sales in month X–1 (one month lag). Both conditions — volume threshold AND ratio threshold — must be met simultaneously. A merchant with 300 chargebacks but a 1.4% ratio does not trigger HECM.

Unlike VAMP, Mastercard has not announced a threshold reduction for 2026. The monitoring structure has been stable since 2023.

Pre-dispute tools: RDR, CDRN, and Ethoca

Three tools can stop chargeback representment before it starts by resolving disputes at the pre-chargeback stage. Understanding which applies to which network — and what exclusions they carry — is essential for VAMP management.

Visa RDR (Rapid Dispute Resolution) — launched April 2021, available through Verifi (a Visa company). When a cardholder contacts their issuer about a transaction, Visa sends a notification to the merchant’s RDR rules engine. The merchant’s pre-set rules evaluate whether to accept the dispute. If accepted within 72 hours, Visa issues a real-time refund and no chargeback is filed. The resolution is excluded from the VAMP ratio — this is the primary operational reason to use RDR beyond simple dispute reduction.

Verifi CDRN (Cardholder Dispute Resolution Network) — Verifi’s proprietary alert network, separate from RDR. Covers approximately 95% of US Visa transactions; limited Mastercard coverage (approximately 32% reduction in Mastercard disputes claimed). Cost: $15–$40 per alert received. Gives merchants a 72-hour window to resolve before the chargeback is filed. CDRN is a subscription-based alerting service; RDR is Visa’s official automated pre-dispute system. They are not the same thing.

Ethoca Alerts (Mastercard) — Mastercard’s equivalent pre-dispute alert service. Covers approximately 95% of Mastercard transactions. Provides approximately 24 hours before the chargeback is formally filed, giving merchants the window to issue a refund and prevent escalation. In 2024, Mastercard integrated Ethoca data into its Financial Services Cloud for enhanced issuer visibility.

The 2024–2025 changes that matter most

Date	Change	Operational impact
April 2024	Visa code 12.1 merged into 11.3	Late Presentment is now an Authorization dispute (Allocation workflow)
June 2024	Mastercard TLID (22-character Transaction Linkage ID) introduced	Required across auth, clearing, and single message systems to link original and related transactions
March 31, 2025	Visa VDMP + VFMP retired	All dispute monitoring now under VAMP formula
April 1, 2025	VAMP launched	New threshold structure; broader numerator than predecessors
October 2024	Mastercard arbitration change	Acquirers can no longer reject or ignore arbitration case filings within a 10-day window
October 1, 2025	VAMP enforcement begins (Excessive level)	$8/transaction fees for merchants above 2.2%
October 17, 2025	CE 3.0 auto-qualification via Visa Secure	Eligible 10.4 disputes automatically defended without merchant action
January 1, 2026	VAMP enforcement extended (Above Standard, acquirers)	$4/transaction fees begin for acquirers above 0.50%
April 1, 2026	VAMP merchant threshold drops to 1.5% (NA/EU/APAC)	Merchants between 1.5%–2.2% enter Excessive territory

Fraud vs compliance chargebacks: a terminology note

Neither Visa nor Mastercard formally uses the term “compliance chargeback” in their reason code structure. The term is industry shorthand for disputes filed in violation of scheme rules — disputes that should not have been filed procedurally, independently of whether the underlying transaction was fraudulent.

Fraud chargeback: the cardholder makes a false claim about a legitimate transaction (true friendly fraud) or the transaction was genuinely unauthorized.

Compliance chargeback: the dispute itself violates scheme rules — incorrect filing window, wrong reason code applied, missing required documentation, re-filed after a prior ruling. The merchant can challenge these on procedural grounds even without transaction-level evidence.

The operational distinction matters because your defense strategy differs. For a fraud chargeback you need transaction evidence; for a compliance chargeback you need scheme rule documentation showing the dispute was improperly filed. Your payment operations team needs to know the difference before building response templates.

For authorization rate optimization strategies that reduce upstream dispute risk, see Authorization Optimization: Lifting Card Acceptance.