What was the Visa Fraud Monitoring Program (VFMP) & What Rules Now Govern Merchant Fraud Compliance?
Looking for info about the Visa Fraud Monitoring Program? Here’s the most important thing you need to know: the VFMP no longer exists.
Visa discontinued the program in April 2025 as part of a broader restructuring of how the network monitors fraud and disputes. This doesn’t mean Visa stopped caring about fraud; quite the opposite. The card network replaced VFMP with a more comprehensive program that changes how monitoring works, who bears primary responsibility, and what metrics matter.
Understanding this transition is essential for any merchant who remembers the old system or is trying to make sense of references to VFMP in older documentation. Below, I’ll run down what the VFMP was, and what ruleset replaced it.
Recommended reading
- Chargeback Thresholds: How Many is Too Many Chargebacks?
- What is a High-Risk Business? Crucial Tips to Reduce Risk
- Which Industries & Verticals are “High-Risk Businesses”?
- Strategies to Reduce Merchant Risk & Lower Processing Costs
- Chargeback MATCH List | How it Works & How to Avoid Blackist
- What are Merchant Monitoring Programs? Why Do They Exist?
What is the Visa Fraud Monitoring Program?
- Visa Fraud Monitoring Program
The Visa Fraud Monitoring Program, or VFMP, was a merchant monitoring initiative administered by Visa. The program aimed to help merchants manage their criminal fraud risk and, in turn, protect the larger payments ecosystem.
[noun]/vēzə • frôd • män • ə • dər • iNG • prō • ɡram/
The Visa Fraud Monitoring Program was one of two merchant-level monitoring programs that were operated for years by Visa (the other being the Visa Dispute Monitoring Program, or VDMP). The VFMP specifically tracked fraud-related Visa disputes, meaning chargebacks filed under reason codes indicating unauthorized transactions or other fraud claims.
Under this program, Visa calculated each merchant’s fraud-to-sales ratio by comparing the dollar value of fraud losses to total transaction volume. Merchants exceeding specified thresholds were enrolled in the program at either the Standard or Excessive level, depending on their performance. Once enrolled, merchants faced escalating non-compliance assessments that could reach $75,000 per month after extended periods of threshold violations.
The program operated on a 12-month enforcement timeline. Merchants received a four-month window in which to develop and implement remediation plans before fines began. Those who failed to bring their fraud rates under control faced the ultimate consequence: disqualification from the Visa network entirely.
VFMP also included a specialized track called VFMP-3DS. This was for merchants using 3D Secure authentication who still experienced elevated fraud on authenticated transactions. This track had its own thresholds and could result in merchants losing the liability protection normally associated with 3D Secure.
Calculating Your VFMP Merchant Threshold
VFMP eligibility was determined by a combination of two factors: your percentage of monthly transactions that resulted in a “fraud” chargeback, and the volume of money lost to fraud in the same month.
So, how did Visa determine whether a merchant should be subject to the Visa Fraud Monitoring Program?
Program eligibility at the three different program levels — Early Warning, Standard, and Excessive — was determined by a combination of two factors. First, there was the percentage of transactions that later resulted in a dispute filed with a “fraud” -related reason code in a given month. Second, the volume of money lost as a result of these disputed transactions in that same month.
Visa only counts the first ten fraudulent transactions or ten chargebacks from a single cardholder. So, if a fraudster uses one card to run dozens of fraudulent attacks on you in a given month, only ten of those transactions would count.
Visa also excluded fraud type code 3 (fraudulent application), and only counted transactions conducted in the US, Australia, Canada, Europe (Germany and the UK), and Brazil.
Other VFMP Factors to Consider
When you were in the Visa Fraud Monitoring Program, there were restrictions on your activity, as well as other conditions that may apply.
Use of 3-D Secure
3D Secure technology had an effect on US-based merchants with regard to VFMP. If you used 3D Secure antifraud software in this market, but exceed fraud limits on 3DS transactions, you’d be relegated to the VFMP-3DS silo. This program was dedicated to fraud tracking practices specific to 3DS technology.
The VFMP-3DS thresholds were as follows:
Early Warning
A fraud rate of 0.5% and at least $5,000 in total fraud from 3D Secure transactions.
Standard
A fraud rate of 0.75% and at least $7,500 in total fraud from 3D Secure transactions.
When enrolled in VFMP-3DS, you did not enjoy the fraud liability protection typically associated with 3D Secure. If you breached a threshold higher than the standard level, Visa would automatically assign you liability for fraud-related disputes (Visa chargeback reason code 10.5 under Visa Claims Resolution).
How VFMP Timelines Affect Fines and Fees
On the standard timeline, Visa provided merchants and their acquiring banks a 12-month window to accomplish certain benchmarks. However, for the first month in either program (the notification period), acquirers had to inform merchants if they had exceeded their chargeback threshold.
After the first program month, you had to work with your acquirer to develop a fraud remediation plan. Months 2-4 were considered the “implementation period” for this plan. Then, months 5-12 were the enforcement period, in which acquirers were required to make corrections and adjustments to bring fraud thresholds below program levels.
| Months in Program | Monthly NCA (Europe) | Monthly NCA (Rest of World) |
| Months 1-4 | Not Applicable | Not Applicable |
| Months 5-6 | €21,750 | $25,000 |
| Months 7-9 | €43,500 | $50,000 |
| Months 10-12 | €62,250 | $75,000 |
Non-Compliance Asessments for VFMP (High-Risk/Excessive) Timeline
| Months in Program | Monthly NCA (Europe) | Monthly NCA (Rest of World) |
| Months 1-3 | €8,750 | $10,000 |
| Months 4-6 | €21,750 | $25,000 |
| Months 7-9 | €43,500 | $50,000 |
| Months 10-12 | €62,250 | $75,000 |
Stop Fraud Chargebacks Today.
Keep your buyers — and your business — safe from fraud and chargebacks.
Request a Demo
Something else worth pointing out: even though you could move from a standard monitoring program to an excessive-risk one, the opposite was not true. Visa didn’t move merchants from the excessive monitoring program to the standard monitoring program, regardless of performance.
Why Did Visa Sunset the VFMP?
Phasing out VFMP allowed for simplified and more flexible enforcement, and also gave Visa greater leverage over financial institutions while establishing better fraud detection capabilities.
Visa’s decision to discontinue VFMP in April 2025 reflected several strategic objectives the card network had been working toward.
Consolidating two programs into one simplified enforcement for everyone involved. Rather than tracking fraud and disputes separately through VFMP and VDMP, the new Visa Acquirer Monitoring Program, or VAMP, combines both into a single ratio. This acknowledges what merchants have always known: fraud and disputes are deeply interconnected, and managing one without the other misses the bigger picture.
Before they were replaced with VAMP, merchants could be subject to the Visa Fraud Monitoring Program and the Visa Dispute Monitoring Program simultaneously. They were independent of one another, and exiting one didn’t mean you’d exited both.
Shifting accountability to acquirers gives Visa more leverage over the institutions best positioned to manage portfolio-wide risk. Under the old system, Visa monitored thousands of individual merchants directly. Under VAMP, Visa monitors acquirers, who then manage their merchant portfolios according to their own risk appetite (within the boundaries Visa establishes, of course).
Acquirers who can’t control portfolio performance face consequences. Obviously, acquirers will want to offset their risk and minimize exposure, which naturally means consequences devolve down to the merchants that are really causing the problems.
The new framework also incorporates better fraud detection capabilities. VAMP integrates the Visa Account Attack Intelligence (VAAI) Score system to identify enumeration attacks, or systematic attempts to validate stolen card data by submitting test transactions. This threat vector wasn’t adequately addressed under the legacy programs.
Finally, VAMP introduces risk-based enforcement, rather than the rigid assessment schedules used under VFMP. This gives acquirers more flexibility while still maintaining clear consequences for excessive fraud and dispute activity.
How VFMP Compared to VAMP
For merchants who understood the old system, here’s how the key elements have changed:
| VFMP | VAMP | |
| Monitoring level | Tracked individual merchants directly | Monitors acquirers at the portfolio level, though Visa does still track merchant-level performance for acquirers in the Excessive program tier. |
| What gets counted? | Only counted disputes filed with a “fraud” reason code | Counts both fraud (TC40) and non-fraud disputes (TC15) in a single combined ratio, calculated against total transaction count rather than dollar value |
| Threshold structure | Based on fraud dollar amounts and fraud-to-sales percentages | Uses basis points combining fraud and dispute counts relative to total transactions |
| Enforcement approach | Assessed escalating monthly fines on a fixed schedule | Provides a three-month grace period for first-time violations, then assesses per-incident fees |
| Pre-dispute resolution credit | Fraud reports counted against you regardless of how the dispute was resolved | Disputes resolved through Rapid Dispute Resolution (RDR), Verifi CDRN, or Compelling Evidence 3.0 are excluded from ratio calculations |
For complete details on current VAMP thresholds, enforcement timelines, and compliance requirements, see our comprehensive guide to the Visa Acquirer Monitoring Program.
Under VAMP, any disputes resolved through Rapid Dispute Resolution (RDR), Verifi CDRN, or Compelling Evidence 3.0 are excluded from ratio calculations entirely. This makes pre-dispute tools far more valuable than they were under the old system.
What Happened to Merchants in VFMP When it Ended?
Merchants in the VFMP didn’t carry their status into the new VAMP program. But, the same factors that led to VFMP eligibility in the first place could still render a merchant eligible for VAMP.
Merchants who were enrolled in VFMP as of April 2025 didn’t carry that status forward into the new system. VAMP enrollment is determined by acquirer-level performance, not historical merchant-level program status.
However, this doesn’t mean past problems disappeared. The underlying fraud issues that triggered VFMP enrollment would still affect an acquirer’s VAMP metrics if those issues weren’t resolved. Any acquirers paying close attention to their fraud and dispute exposure — as they all should — likely put in place greater oversight or restrictions on merchants who historically struggled with fraud.
In practice, merchants with fraud problems before April 2025 probably faced one of a few outcomes. Their acquirer likely took one of the following actions:
- required specific remediation measures
- imposed additional monitoring to allow for greater oversight
- adjusted processing terms and/or fees
- terminated the relationship entirely to protect their VAMP standing
The transition also meant that merchants who were close to VFMP thresholds, but who hadn’t yet been enrolled, got a fresh start under the new calculation methodology. Whether that’s good or bad depends on your specific situation; the combined fraud-and-dispute metric under VAMP may be more or less favorable than your previous fraud-only ratio.
What Merchants Need to Know Now
If you’re reading this article because you’re concerned about Visa fraud monitoring, here’s what matters today:
The path forward is clear: understand how VAMP works, invest in pre-dispute resolution tools, and maintain the kind of performance that keeps your acquirer comfortable with your relationship.
Have questions about navigating the transition from legacy monitoring to VAMP? Need help implementing the prevention strategies that keep your ratios in check? Chargebacks911 can help — our solutions integrate directly with the tools Visa credits under VAMP.
FAQs
Is VFMP still active?
No. Visa discontinued the Visa Fraud Monitoring Program in April 2025. It has been replaced by the Visa Acquirer Monitoring Program (VAMP), which monitors acquirers rather than individual merchants and uses a combined fraud-and-dispute ratio.
What replaced VFMP?
The Visa Acquirer Monitoring Program (VAMP) replaced both VFMP and VDMP. VAMP consolidates fraud and dispute monitoring into a single program that holds acquirers accountable for their merchant portfolios.
Do the old VFMP thresholds still apply?
No. VAMP uses different thresholds and a different calculation methodology than VFMP did. The metrics are now based on transaction counts rather than dollar values, and fraud and disputes are combined rather than tracked separately. See our dedicated article on the topic for current thresholds.
What if I was in VFMP when it ended?
Your VFMP enrollment status didn’t carry forward as a penalty, but the underlying performance issues that triggered enrollment would still affect your acquirer’s VAMP metrics if unresolved. Address the root causes of your fraud exposure regardless of historical program status.
Does 3D Secure still protect against fraud liability?
Yes, 3D Secure still provides liability shift for authenticated transactions in most circumstances. However, the separate VFMP-3DS track no longer exists. Fraud on 3DS transactions is now incorporated into overall VAMP metrics.
Where can I learn about current Visa monitoring requirements?
Our comprehensive guide to the Visa Acquirer Monitoring Program covers everything merchants need to know about the current system, including thresholds, enforcement timelines, and compliance strategies.
