Scheme Chargeback Rules 2026: Visa VCR, Mastercard, and Reason Codes
Visa: VDMP/VFMP retired March 2025, CE 3.0 live October 2025. Mastercard: tightened arbitration, consolidated reason codes. Full dispute map for both schemes.
VDMP + VFMP retired March 2025; VAMP live April 2025 (2.2% → 1.5% April 2026). CE 3.0 auto-qualification October 2025. Mastercard TLID June 2024; arbitration 10-day decline window removed October 2024. RDR resolutions excluded from VAMP ratio.
Visa uses the VCR (Visa Claims Resolution) framework launched April 2018: four categories (Fraud, Authorization, Processing Errors, Consumer Disputes) across two workflows (Allocation — Visa assigns liability; Collaboration — issuer/acquirer/merchant exchange). Response deadline is 30 days. Mastercard's dispute management runs through Mastercom: four umbrella categories with codes 4808 (Authorization), 4834 (Point-of-Interaction Error), 4837 (Fraud), and 4841/4853/4855 (Cardholder Disputes). Merchant response window is 45 days. The two biggest 2025 changes: Visa retired VDMP and VFMP into a single VAMP program (April 2025, enforcement October 2025), and CE 3.0 auto-qualification via Visa Secure went live October 17, 2025 — eligible merchants no longer manually file CE 3.0 for 10.4 disputes.
Both scheme rulebooks have changed more in the past eighteen months than in the preceding five years. Visa retired its two dispute monitoring programs and replaced them with a single, stricter framework. Compelling Evidence 3.0 went from a manual filing process to automatic qualification. Mastercard tightened arbitration rules and consolidated its reason code structure. Most operators are still running playbooks written against the old Visa VDMP/VFMP model — a model that no longer exists.
This article covers both schemes as of mid-2026: dispute workflows, reason codes, monitoring program thresholds, pre-dispute tools, and the changes that actually matter operationally. If you want the merchant-side defense playbook, see Chargeback Representment: The Merchant Playbook. If you want the AI automation layer on top of this, see AI-Powered Chargeback Representment.
Sources: Compiled from operator and industry documentation — Chargebacks911, Ravelin, Checkout.com, Chargeblast, Chargeflow, Justt.ai, NMI, and Verifi guides (full citations in structured source record). Visa and Mastercard primary rulebooks are behind sign-in access; secondary operator sources used where primary docs require login. Verify thresholds, enforcement fees, and monitoring program rules with your acquirer before operational use.
Visa vs Mastercard at a glance
Operators running both networks cannot use a single dispute playbook. The two schemes differ in framework, workflow model, evidence mechanics, pre-dispute tooling, and monitoring structure — and the asymmetries have direct consequences for how you staff, template, and automate. Neither network is inherently better or harder; the operational impact depends on your dispute mix, region, issuer and acquirer handling, and evidence quality.
Operator note: This table is a structural, evergreen reference. Network rules, response windows, eligibility criteria, and monitoring thresholds vary by program, region, acquirer, and update cycle. Verify current details with your acquirer or the relevant network documentation before building or changing operational procedures.
| Dimension | Visa (VCR) | Mastercard (Mastercom) | Operator implication |
|---|---|---|---|
| Dispute framework / platform | Visa Claims Resolution (VCR), managed through Visa Resolve Online (VROL) | Mastercom — mandatory for all acquirers; acquirers connect directly or via a certified platform | Different platforms, APIs, and acquirer integrations; tooling and evidence-submission paths are not interchangeable |
| Workflow model | Two workflows: Allocation (Fraud/Authorization — Visa auto-assigns liability using network data; limited merchant defense surface) and Collaboration (Processing Errors/Consumer Disputes — back-and-forth evidence exchange) | Category-driven dispute model via Mastercom; no equivalent Allocation/Collaboration split — all dispute categories proceed through an evidence-exchange and response process | On Visa, the workflow type determines your defense surface before you act; Allocation disputes offer less room to argue than Collaboration. On Mastercard, all categories require active evidence response |
| Reason-code structure | 4 categories, ~14 active codes — see the Visa Reason Codes Reference | 4 categories, 7 active codes — see the Mastercard Mastercom Reference | Different code maps require separate response templates, evidence libraries, and routing logic — a blended template performs poorly on both |
| Primary CNP fraud reason code | 10.4 — Other Fraud: Card-Absent Environment; the highest-volume e-commerce fraud code and the only code eligible for CE 3.0 | 4837 — No Cardholder Authorization (functional analogue to Visa 10.4; verify against Mastercard Chargeback Guide for exact scope) | Both are high-volume CNP fraud codes; evidence requirements and defense paths differ materially (see CE 3.0 row) |
| Historical-evidence deflection | Compelling Evidence 3.0 (CE 3.0) — available for 10.4 disputes; auto-qualified from October 2025 for Visa Secure merchants; CE 3.0-resolved disputes excluded from VAMP ratio | No publicly documented prior-transaction auto-qualification equivalent found in this pass; verify against Mastercard Chargeback Guide and Mastercom documentation | The same CNP fraud dispute is defended differently on each network. On Visa, historical-transaction evidence can deflect or resolve the dispute automatically; on Mastercard, 4837 defence relies on transaction-level evidence submitted case by case |
| Pre-dispute / alert tools | Verifi (a Visa company): RDR (automated rule-based pre-dispute resolution), CDRN (alert network), Order Insight (enriched receipt data for issuers and cardholders); RDR resolutions excluded from VAMP ratio | Ethoca (a Mastercard company): Ethoca Alerts (collaborative merchant-issuer-acquirer tool to stop fulfilment and refund pre-chargeback); Consumer Clarity | Both networks have pre-dispute infrastructure, but ownership, coverage, access model, and ratio-exclusion treatment differ; using both does not eliminate the need for separate network-side integrations |
| Merchant response window | 30 days across all VCR reason codes (reduced from 45 under the pre-VCR process) | Verify with your acquirer and the Mastercard Chargeback Guide; window varies by dispute category and region and was not re-confirmed against primary Mastercard documentation in this pass | Confirm exact response deadlines for each reason code you regularly receive with your acquirer — do not assume a universal window; set internal submission targets well inside the outer deadline |
| Monitoring program | VAMP (Visa Acquirer Monitoring Program) — consolidated ratio of TC40 fraud + TC15 disputes over settled transactions, with enumeration tracked separately; see the VAMP guide | ECP (Excessive Chargeback Program) and HECM (High Excessive Chargeback Merchant) — dual volume-and-ratio test; both the volume threshold and ratio threshold must be met simultaneously to trigger; see the Mastercard reference | A merchant can breach Visa VAMP without breaching Mastercard ECP, and vice versa; the formulas, inputs, and thresholds differ — track and report the two programs separately; a blended chargeback ratio does not substitute for either |
For the full reason-code maps, cardholder filing windows, and monitoring thresholds, see the Visa Reason Codes Reference and Mastercard Mastercom Dispute Categories Reference. For the operating-model decision — which platform layer handles alerts, representment, and managed recovery on each network — see Chargeback Management Compared: Alerts, Representment, and Recovery Models.
Visa Claims Resolution: the two workflows that matter
Visa launched VCR in April 2018, replacing 22 legacy chargeback codes with a four-category structure and introducing a critical operational distinction: two different workflows depending on dispute type.
Allocation workflow applies to Fraud (10.x) and Authorization (11.x) disputes. Visa uses its internal network data to assign liability automatically — to the issuer or to the merchant — without requiring a full evidence exchange between parties. The maximum resolution timeline is 70 days (reduced from 150 under the old process). Merchants have 30 days to respond (down from 45).
Collaboration workflow applies to Processing Errors (12.x) and Consumer Disputes (13.x). These require back-and-forth exchange between issuer, acquirer, and merchant. Maximum timeline is 100 days (down from 150). The 30-day initial response deadline applies here too.
The workflow your dispute falls into determines your defense strategy. Allocation disputes are faster and more binary — Visa is already assigning liability when you receive the notification. Collaboration disputes give you more room to negotiate and provide documentation, but they also require active engagement rather than automated response.
Visa reason codes: the complete map
Visa's four categories contain ~14 active codes as of mid-2026. The shape of your defense surface depends on which category each dispute falls under:
- Fraud (10.x) — Allocation workflow. Code 10.4 (Other Fraud, Card-Absent) dominates e-commerce exposure and is the only code eligible for CE 3.0 defense (see below).
- Authorization (11.x) — Allocation workflow. Code 11.3 was significantly consolidated in April 2024, absorbing the former codes 71–74 and Late Presentment (12.1).
- Processing Errors (12.x) — Collaboration workflow. Thinner category after the 2024 consolidation moved Late Presentment to 11.3.
- Consumer Disputes (13.x) — Collaboration workflow. For SaaS and subscription businesses, 13.2 (Cancelled Recurring) is a primary exposure alongside 10.4. For e-commerce with physical fulfillment, 13.1 (Item Not Received) is the dominant non-fraud code.
For the full code-by-code map — every active VCR code with workflow, trigger, defense notes, and 2024–2026 consolidation history — see Visa Reason Codes: The Complete VCR Map.
CE 3.0: automatic dispute deflection changed in October 2025
Compelling Evidence 3.0 is Visa's mechanism for contesting 10.4 disputes using historical transaction evidence. It launched April 2023. What changed on October 17, 2025 is more significant than the original launch.
What CE 3.0 requires: To qualify, merchants must provide two prior transactions from the same cardholder that are 120 to 365 days older than the disputed transaction, and that were not previously reported as fraud. This proves an established purchasing relationship — the cardholder has transacted with you before, without dispute, which undermines a claim of unauthorized use.
The evidence submitted via Verifi Order Insight can include login details, IP addresses, device IDs, and delivery confirmations that tie the cardholder to those historical transactions.
Two defense paths:
- Pre-dispute path: Evidence shared via Order Insight before the issuer files the chargeback. If validated by the issuer, the dispute never becomes a chargeback at all. Critically, this means it does not affect your VAMP ratio.
- Post-dispute path: After a chargeback is filed, two historical transactions submitted via Visa Resolve Online. If validated, the chargeback is reversed.
What changed October 17, 2025: Prior to this date, CE 3.0 was a manual process — merchants had to identify eligible disputes and file the evidence themselves. From October 17, 2025, merchants enrolled in Visa Secure or Visa Data Only receive automatic qualification for eligible 10.4 disputes without any manual action. Visa's systems identify the historical transaction evidence and execute the CE 3.0 defense automatically.
The practical implication: if you are already on Visa Secure (3DS authentication), you are getting CE 3.0 automation for free on eligible disputes. If you are not on Visa Secure, you are leaving defense coverage on the table on your highest-volume fraud code. A new fee structure for successful CE 3.0 qualifications was introduced April 17, 2026 — confirm the fee schedule with your acquirer.
VAMP: the new monitoring stakes
Visa retired the VDMP (Dispute Monitoring Program) and VFMP (Fraud Monitoring Program) on March 31, 2025, consolidating them into the Visa Acquirer Monitoring Program (VAMP), effective April 1, 2025.
The VAMP formula: (Total disputes [all TC40 fraud + all TC15 fraud and non-fraud]) / (Total sales). The numerator is broader than either predecessor program — it captures both fraud-coded and non-fraud-coded disputes in a single metric.
Thresholds (as of June 2025, minimum 1,500 transactions):
| Level | Merchant Threshold | Acquirer Threshold |
|---|---|---|
| Above Standard | — | 0.50% |
| Excessive | 1.5% for NA/EU/APAC (dropped from 2.2% on 1 April 2026; CEMEA remains 2.2%) | 0.70% |
Enforcement fees (began October 1, 2025):
- Above Standard: $4 per disputed or fraudulent transaction
- Excessive: $8 per disputed or fraudulent transaction
- Grace period: 3 months for first-time offenders (rolling 12-month window)
Enumeration fraud has a separate threshold: 20% of submitted transactions (minimum 300,000 enumerated transactions to qualify for monitoring).
The critical exclusion: RDR-resolved pre-disputes are excluded from the VAMP ratio. CE 3.0-resolved TC40 disputes are also excluded. This changes the ROI calculation on both tools significantly — they reduce your VAMP exposure, not just your chargeback volume.
The merchant threshold is now 1.5% for North America, Europe, and Asia-Pacific — it dropped from 2.2% on 1 April 2026 (CEMEA remains 2.2%). Merchants now operate under the 1.5% threshold: if your current ratio is between 1.5% and 2.2%, you are already in Excessive territory and need to reduce it. For the full VAMP mechanics, fee structure, and remediation playbook, see the VAMP operator guide. For a step-by-step remediation checklist, see VAMP Remediation Checklist.
Mastercard Mastercom: dispute categories and timelines
Mastercard's dispute management runs through Mastercom, an end-to-end dispute management platform where acquirers are now mandatory participants — either through direct integration, a third-party vendor, or a certified platform. The 2024 consolidation reduced Mastercard's reason code fragmentation significantly. Most disputes now route through four umbrella codes. For the full code-by-code reference — cardholder filing windows, merchant response deadlines, defence notes, ECP/HECM thresholds, and 2024–2026 changes in table format — see Mastercard Mastercom Dispute Categories Reference.
Authorization — Code 4808
Sub-conditions: Required authorization not obtained, Expired protection period, Multiple authorization requests. Cardholder filing deadline: 90 days. Merchant response window: 45 days.
Point-of-Interaction Error — Code 4834
Sub-conditions: Duplicate processing, Paid by other means, Amount differs from authorized amount, Late presentment, ATM processing issues. Same 90-day / 45-day timeline as 4808.
Fraud — Codes 4837 and 4870
- 4837: No Cardholder Authorization (formerly 4755/4757 under pre-consolidation coding). The primary fraud code. Cardholder filing deadline: 120 days (up to 540 days in select cases). Merchant response: 45 days.
- 4870: Chip Liability Shift. Fraudulent transaction at a terminal that failed to process a chip card as chip. Same timelines as 4837.
Cardholder Disputes — Codes 4841, 4853, 4855
- 4841: Cancelled Recurring Transaction or Digital Goods. Transaction charged after cancellation of a recurring arrangement.
- 4853: General Cardholder Dispute (umbrella).
- 4855: Goods or Services Not Provided.
All three carry a 120-day cardholder filing deadline and 45-day merchant response window.
The 45-day merchant response window across all Mastercard categories is materially longer than Visa's 30-day window — operationally useful, but it should not create complacency. Evidence collection begins the moment you receive the notification, not when the deadline approaches.
A new authorization rule effective June 17, 2025: authorization types must be explicitly identified as pre-authorization or final. The previous "undefined" authorization type is no longer accepted by Mastercard processing systems.
Mastercard ECP and HECM: the monitoring thresholds
Mastercard's monitoring programs have two tiers, with no major threshold changes announced for 2025–2026.
Excessive Chargeback Merchant (ECM): Triggers when a merchant has at least 100 chargebacks in a calendar month AND a chargeback ratio of 1.5%–2.99%. Monthly fines up to $1,000 during months 1–3; escalate beyond month 3.
High Excessive Chargeback Merchant (HECM): Triggers at 300+ chargebacks AND a ratio at or above 3.00%. Fines double the ECM rate; maximum $200,000 per month.
The formula: chargebacks in month X divided by sales in month X–1 (one month lag). Both conditions — volume threshold AND ratio threshold — must be met simultaneously. A merchant with 300 chargebacks but a 1.4% ratio does not trigger HECM.
Unlike VAMP, Mastercard has not announced a threshold reduction for 2026. The monitoring structure has been stable since 2023.
Pre-dispute tools: RDR, CDRN, and Ethoca
Three tools can stop chargeback representment before it starts by resolving disputes at the pre-chargeback stage. Understanding which applies to which network — and what exclusions they carry — is essential for VAMP management.
Visa RDR (Rapid Dispute Resolution) — launched April 2021, available through Verifi (a Visa company). When a cardholder contacts their issuer about a transaction, Visa sends a notification to the merchant's RDR rules engine. The merchant's pre-set rules evaluate whether to accept the dispute. If accepted within 72 hours, Visa issues a real-time refund and no chargeback is filed. The resolution is excluded from the VAMP ratio — this is the primary operational reason to use RDR beyond simple dispute reduction.
Verifi CDRN (Cardholder Dispute Resolution Network) — Verifi's proprietary alert network, separate from RDR. Covers approximately 95% of US Visa transactions; limited Mastercard coverage (approximately 32% reduction in Mastercard disputes claimed). Cost: $15–$40 per alert received. Gives merchants a 72-hour window to resolve before the chargeback is filed. CDRN is a subscription-based alerting service; RDR is Visa's official automated pre-dispute system. They are not the same thing.
Ethoca Alerts (Mastercard) — Mastercard's equivalent pre-dispute alert service. Covers approximately 95% of Mastercard transactions. Provides approximately 24 hours before the chargeback is formally filed, giving merchants the window to issue a refund and prevent escalation. In 2024, Mastercard integrated Ethoca data into its Financial Services Cloud for enhanced issuer visibility.
The 2024–2025 changes that matter most
| Date | Change | Operational impact |
|---|---|---|
| April 2024 | Visa code 12.1 merged into 11.3 | Late Presentment is now an Authorization dispute (Allocation workflow) |
| June 2024 | Mastercard TLID (22-character Transaction Linkage ID) introduced | Required across auth, clearing, and single message systems to link original and related transactions |
| March 31, 2025 | Visa VDMP + VFMP retired | All dispute monitoring now under VAMP formula |
| April 1, 2025 | VAMP launched | New threshold structure; broader numerator than predecessors |
| October 2024 | Mastercard arbitration change | Acquirers can no longer reject or ignore arbitration case filings within a 10-day window |
| October 1, 2025 | VAMP enforcement begins (Excessive level) | $8/transaction fees for merchants above 2.2% |
| October 17, 2025 | CE 3.0 auto-qualification via Visa Secure | Eligible 10.4 disputes automatically defended without merchant action |
| January 1, 2026 | VAMP enforcement extended (Above Standard, acquirers) | $4/transaction fees begin for acquirers above 0.50% |
| April 1, 2026 | VAMP merchant threshold dropped to 1.5% (NA/EU/APAC; CEMEA remains 2.2%) | Merchants between 1.5%–2.2% now in Excessive territory |
Fraud vs compliance chargebacks: a terminology note
Neither Visa nor Mastercard formally uses the term "compliance chargeback" in their reason code structure. The term is industry shorthand for disputes filed in violation of scheme rules — disputes that should not have been filed procedurally, independently of whether the underlying transaction was fraudulent.
Fraud chargeback: the cardholder makes a false claim about a legitimate transaction (true friendly fraud) or the transaction was genuinely unauthorized. For the full mechanics of how friendly fraud and first-party fraud patterns work and how to detect them, see first-party fraud and friendly fraud chargebacks.
Compliance chargeback: the dispute itself violates scheme rules — incorrect filing window, wrong reason code applied, missing required documentation, re-filed after a prior ruling. The merchant can challenge these on procedural grounds even without transaction-level evidence.
The operational distinction matters because your defense strategy differs. For a fraud chargeback you need transaction evidence; for a compliance chargeback you need scheme rule documentation showing the dispute was improperly filed. Your payment operations team needs to know the difference before building response templates.
For authorization rate optimization strategies that reduce upstream dispute risk, see Authorization Optimization: Lifting Card Acceptance.
Sources & methodology (8)
Visa Claims Resolution (VCR) launched April 2018, replacing 22 legacy dispute codes with 4-category, 2-workflow structure
Checked:
VCR reduced Allocation workflow maximum timeline from 150 days to 70 days; initial merchant response deadline reduced to 30 days
Checked:
Visa CE 3.0 launched April 2023; automatic qualification via Visa Secure and Visa Data Only effective October 17, 2025
Checked:
VDMP and VFMP retired March 31, 2025; VAMP launched April 1, 2025; enforcement began October 1, 2025 at $8/Excessive and $4/Above Standard per transaction
Checked:
Mastercard TLID (Transaction Linkage ID, 22 characters) introduced June 11, 2024 to link original and related transactions
Checked:
Mastercard arbitration change October 2024: removed 10-calendar-day window for acquirers to reject arbitration filings
Checked:
Mastercard ECP: Excessive Chargeback Merchant at 100 chargebacks/month + 1.5–2.99% ratio; HECM at 300 chargebacks + ≥3.00%
Checked:
Verifi RDR launched April 2021; RDR-resolved pre-disputes excluded from VAMP ratio; CDRN covers ~95% of US Visa transactions at $15–$40 per alert
Checked:
Source types explained in our Methodology.