Category Archives: industry news

credit card processing and merchant payment industry news including VISA & MasterCard association news, interchange rates, risk management and retailer security requirements

Visa Acquirer Monitoring Program (VAMP) Explained

Posted on by
Reply

Why does compliance with Visa’s new VAMP program matter and what do merchants need to do?Visa’s new VAMP program for online payments became effective April 1, 2025, consolidating five existing fraud and dispute programs into a single acquirer program. The payment gateway is a critical tool for merchant compliance. Do not assume your payment gateway will get you compliant.

Fraud problems are not just from real buyers but bots attacking web servers. A big mistake is thinking you won’t have a fraud problem with your B2B business. That’s because criminals are not necessarily looking for your business, but they are automatically seeking technical vulnerabilities. For example, card testers can blast a thousand attempted transactions in seconds. Without controls to prevent, you’ll be stuck with potentially thousands of dollars in authorization fees.

Fraud prevention and risk management are critical to maintaining the integrity of financial transactions. One of the ways Visa addresses these concerns is through the Visa Acquirer Monitoring Program (VAMP). This program aims to ensure that merchants and acquirers meet Visa’s security standards and mitigate fraud risks across the payment ecosystem. This article delves into what VAMP is, how it works, and how payment gateways contribute to compliance.

What is Visa VAMP?

The Visa Acquirer Monitoring Program (VAMP) is an initiative by Visa designed to monitor and enforce the compliance of acquirers and merchants with Visa’s security requirements. The program tracks merchant activities and identifies merchants who present an elevated risk for fraud, allowing Visa to take action before fraud risks escalate.

VAMP operates primarily by analyzing transaction data to detect patterns indicative of fraud. It uses a sophisticated risk algorithm that identifies outliers in a merchant’s transaction activity, such as unusual chargeback rates or instances of card-not-present fraud, both of which are major indicators of potential fraud.

If a merchant is flagged by the VAMP program, the acquirer is notified and required to investigate and take corrective actions. This can include additional monitoring or, in more severe cases, suspension of the merchant’s account. The goal is to protect cardholders and the broader Visa ecosystem from fraudulent activity.

Key Elements of the Visa Acquirer Monitoring Program

The Visa Acquirer Monitoring Program includes several important components that aim to maintain compliance and ensure the integrity of transactions:

  1. Risk Scoring and Monitoring: VAMP assigns risk scores to acquirers and merchants based on a variety of factors. Merchants with high chargeback rates, evidence of data breaches, or other signs of fraudulent behavior are placed under heightened scrutiny. Every month, Visa pulls data from your acquirer about:
    • How many of your online transactions were reported as fraud?
    • How many turned into disputes/chargebacks?
    • How many card-not-present transactions have you successfully processed?
    • Visa then plugs these numbers into one formula — the VAMP ratio — to see whether you (or your acquirer’s overall portfolio) are within acceptable limits.
  2. Risk Thresholds: The Visa VAMP ratio is calculated by Fraud Reports plus Disputes divided by the number of transactions.. For USA merchants, the excessive VAMP threshold ratio is 2.20% and a minimum of 1,500 transactions. Merchants who exceed these thresholds are flagged for further investigation. Fraud that turns into a chargeback gets double-counted. Effective April 1, 2026 the Excessive threshold drops to 1.50%, potentially flagging more merchants unless fraud and disputes are reduced.
  3. Corrective Actions and Penalties: Once a merchant is flagged, the acquirer is responsible for taking corrective actions. If corrective actions are not taken, Visa may impose penalties such as fines or even suspension of the merchant’s ability to accept Visa transactions. Acquirers then pass these costs along to merchants.
  4. Education and Resources: Visa provides acquirers with resources to help them better understand compliance and fraud prevention measures. This includes best practices, training, and guidance on preventing fraud and maintaining a secure payment environment.

Why VAMP Matters for Acquirers and Merchants

For acquirers, VAMP is a tool that ensures they are working with merchants who adhere to Visa’s standards for security and risk management. Acquirers are responsible for monitoring their merchants’ activities and reporting any fraudulent or non-compliant behavior to Visa. Failure to comply with VAMP can lead to increased fines, penalties, and even the termination of the ability to process Visa transactions.

For merchants, compliance with VAMP is essential for protecting the business from fraud-related losses. Non-compliance can result in financial penalties and loss of access to the Visa payment network, which can significantly impact the business’s ability to process payments.

How Payment Gateways Play a Role in VAMP Compliance

Payment gateways are a critical component of the payments infrastructure. Payment gateways play a key role in ensuring that merchants comply with proper authorization and Visa’s security protocols, including those outlined in VAMP. If you recall when EMV chips were launched, a lot of players in the payment ecosystem were not compliant, some of them took years to catch up and some never did.

  1. Fraud Detection and Prevention: Payment gateways incorporate various tools and technologies to detect and prevent fraudulent transactions. These tools include features such as Address Verification Service (AVS), CVV checks, velocity checks, 3-D Secure, other filters. By detecting and preventing fraud before it occurs, payment gateways help merchants stay within Visa’s risk thresholds. 3-D Secure can reduce merchant fees. Some gateways have more robust merchant manageable solutions than others.
  2. Security Features: Visa’s security standards require merchants to implement strong encryption and secure payment processes. Payment gateways are responsible for ensuring that all cardholder data is encrypted and stored securely. They also support features like tokenization, which replaces sensitive card data with unique identifiers, further reducing the risk of data breaches and fraud. All of the major payment gateways have robust security.
  3. Chargeback Management: A high chargeback ratio is a major red flag for the VAMP program. Payment gateways provide tools for merchants to manage and reduce chargebacks, such as implementing fraud prevention measures. The most effective solutions automate transaction management to mitigate risk of fraudulent attempts in the first place.
  4. PCI DSS Compliance: Payment gateways are required to comply with the Payment Card Industry Data Security Standard (PCI DSS), which mandates a set of security measures designed to protect cardholder data. PCI DSS compliance is directly linked to Visa’s security expectations and plays a critical role in VAMP compliance. All of the major payment gateways offer PCI compliant solutions.
  5. Reporting and Analytics: Payment gateways also provide merchants and acquirers with detailed transaction reports and analytics that can help identify trends, spot potential fraud, and ensure ongoing compliance with Visa’s monitoring criteria.
  6. Proper Authorization: This is one of the least talked about but critical component to mitigate chargebacks. Examples of challenging rules that many payment gateways don’t comply with are mismatched authorization and settlement, one dollar pre-authorizations, and expired authorizations.

Visa VAMP is a critical initiative for maintaining the security and integrity of the Visa payment ecosystem. It is a program that holds acquirers and merchants accountable for managing fraud risks and ensures that high-risk merchants are identified and monitored effectively. Payment gateways play a central role in compliance by offering essential fraud prevention tools, securing transactions, and supporting proper authorization compliance.

By staying proactive about security, monitoring transaction data, and implementing Visa’s recommended best practices, merchants and acquirers can ensure they remain compliant with Visa’s VAMP program, help protect themselves and their customers from fraud, and reduce fees.

For more detailed guidance on how to comply with Visa VAMP, visit Visa’s official Acquirer Monitoring Program page.

For a free consultation on compliant B2B payment gateways, contact 3D Merchant Services.

Visa Rules Update 2024 For Merchant Credit Card Processing

Posted on by
Reply

The summary of Visa Rules 2024 changes is nearly 20 pages! Translation: Merchants need for advanced payment processing technology to automate processing rules compliance. It’s critical avoid unwanted extra fees and issuer initiated chargebacks. Here’s a simple way to validate whether technology you have now is likely to support new and future changes:

  1. Reviewing your merchant statement, do you have any transactions with interchange rates of 2.95% or 3.15%, the most common “non-qualified” rates? 
  2. Have you had any issuer generated chargebacks?

If you answered yes, please call 954-942-0483 or use our contact form a FREE review.
Bookmark our handy reference list of card brand rules here.

Since 2007, 3D Merchant Services has offered exceptional services to automotive, manufacturing, distribution, and construction related industries.

Call Christine Speedy, For simple solutions to complex B2B payment transaction problems, 954-942-0483, 9-5 ET. With a focus on card not present and omnichannel technology, Christine has been a sought out payment technology resource for clients, consultants, panels/forums, and the media.

Credit card surcharge rules and laws 2023

Posted on by
Reply

Looking for a credit card surcharging solution to offset expenses? The rules vary across multiple card brands and terms of acceptance. Here’s an updated review of who can surcharge, what card types, and checklist of how to roll out credit card surcharge at your company. The answers are targeted for business to business merchants, my area of expertise. Historically if a merchant complies with Visa surcharge rules, they’d be compliant with other brands, so we often cite that as the standard.

What is a credit card surcharge?

Surcharge is any fee charged by a merchant for the use of a card.

What’s the difference between a surcharge and convenience fee? Convenience fees can only be charged for a bona fide convenience in the form of an alternative payment channel outside the Merchant’s customary payment channels and not charged solely for the acceptance of a Card. If a merchant only accepts credit cards, it’s prohibited. If a merchant is 100% card absent, merchant cannot charge a convenience fee.

Card brands agree on this for surcharging:

  1. Merchant Discount Rate is the fee, expressed as a percentage of the total transaction amount that a Merchant pays to its Acquirer or Service Provider for transacting on a Credit Card brand. In short, it’s typically all the fees on your merchant statement EXCEPT PCI compliance, terminal rental fees or any other special fee that is not paid via the mechanism of the per-transaction merchant discount fee. Per Visa, merchants must “Limit the amount to your merchant discount rate (MDR) for the applicable credit card or 3% whichever is lowest.” This is the reason merchants can get in trouble if their surcharge solution provider charges a flat amount for every card type.
  2. The Surcharge amount must be submitted separately (in the defined surcharge field) from the Transaction amount in the authorization and clearing message.
  3. The receipt must list the surcharge amount separately.
  4. If the original transaction has a partial or full refund, the surcharge amount must all be refunded proportionally.
  5. Surcharge on debit or prepaid cards is prohibited for all merchants.To ensure compliance use a payment gateway that can identify the card brand and type of card to allow surcharges only on eligible cards.
  6. The fee must be relative to their average cost of card acceptance.

How much can a merchant surcharge?

In short, surcharging is allowed to cover costs, not to make a profit. Let’s face it, based on the rules above, to simplify implementation, merchants will surcharge at the brand level because they lack the technology to discern between product types on a per transaction basis. Taking all that into account what can you surcharge?

  • Cannot exceed Maximum Surcharge Cap, which for Visa is currently 3%, effective April 15, 2023, and MasterCard remains at 4%.

Just because somebody offers it doesn’t make it right. Some companies are offering “free merchant accounts” by offsetting fees with surcharge of 3.5% or even 4%, both exceeding current rules. The average B2B company has much lower than 3.5% effective rate so that was always a violation of card acceptance rules, subject to penalty. The companies offering these services are making big money on the spread of actual fees vs what customers are paying. Again, these are card brand rules violations.

Surcharge checklist:

  1. Notify card brands (Visa etc) in writing at least 30 calendar days before assessing a US Credit Card Surcharge; must state whether will surcharge at the brand level or product level.
    1. https://www.visa.com/merchantsurcharging
    2. http://www.mastercard.us/merchants/support/surcharge-disclosure.html
    1. https://www.discoversurcharge.com
    2. Amex- none required
  2. For card not present orders, disclose verbally if telephone; for online orders minimum 10-point Arial font, but in any case no smaller or less prominent than surrounding text.
  3. Receipt must be delivered with the surcharge as a separate line item.
  4. The surcharge amount must be sent with the transaction for authorization.

 Which states prohibit merchants surcharging?

Per Visa, as of April 15, 2023, they are “Connecticut, Maine, Massachusetts, and Oklahoma. Note also that Merchants located in Colorado may not surcharge more than 2% as per State law.” However, due to federal and other court rulings, multiple states have backed away from the bans. The legislative intent in many of these states was to protect consumers, and not to restrict B2B surcharging, therefore, B2B companies may have exceptions.

What’s the penalty for non-compliance with surcharge rules? Acquirers face fines. Acquirers of any merchant identified as surcharging improperly may be assessed an immediate US $1,000 fine. This is just the beginning and is not all-inclusive. Visa is proactively enforcing surcharge rules from April 15, 2023.

  1. In 2015, the 11th U.S. Circuit Court of Appeals, a federal court, overturned Florida state law as being unconstitutional, allowing surcharges to legally continue in Florida and nine other states that had enacted bans against them. The case was a highly contentious 2-1 decision in which the court’s chief judge said the state surcharge bans (like Florida’s) were “being struck down by a federal court for no good reason.”
  2. In December 2019, Oklahoma attorney general official opinion declaring the state’s no-surcharging law unconstitutionally restricts free speech. 

Surcharge Laws Stories:

  • 2/2023 NJ Businesses Fined For Credit Card Surcharge Without Proper Notice https://lakewoodalerts.com/cracking-down-businesses-fined-for-credit-card-surcharge-without-proper-notice/
  • Texas Updated 2020 – https://faq.sll.texas.gov/questions/9631Senate Bill 560, which went into effect on September 1st, 2017, changed the laws relating to credit card surcharges. Previously, the Office of Consumer Credit Commissioner (OCCC) enforced the law on credit card surcharges, but that is no longer the case.
  • Florida update https://www.epgdlaw.com/are-credit-card-surcharges-legal-in-florida/
  • California update
    https://oag.ca.gov/consumers/general/credit-card-surcharges
  • January 10, 2019 NY Update
    https://www.natlawreview.com/article/parties-case-challenging-constitutionality-ny-no-credit-card-surcharge-law-jointly
  • NY Court of Appeals issues interpretation of no surcharge law  https://www.consumerfinancemonitor.com/2018/10/26/ny-court-of-appeals-issues-interpretation-of-ny-no-credit-card-surcharge-law/
  • 2018 Florida https://www.nbc-2.com/story/40273084/you-can-legally-be-charged-extra-for-using-a-credit-card
  • 2018 case in California http://delfinomadden.com/credit-card-surcharge-ban/
  • 2017 US Supreme Court & NY https://www.usatoday.com/story/news/politics/2017/01/10/supreme-court-new-york-credit-card-surcharge-price-speech/96391718/
  • http://fortune.com/2017/03/29/credit-card-charges-supreme-court-freedom-speech/
  • http://www.orlandosentinel.com/business/consumer/os-nsf-florida-credit-card-surcharges-20160706-story.html
  • https://www.ncsl.org/research/financial-services-and-commerce/credit-or-debit-card-surcharges-statutes.aspx

State statutes on surcharge laws

  • https://portal.ct.gov/DCP/Legal/Credit-Card-Surcharge
  • https://malegislature.gov/Laws/GeneralLaws/PartI/TitleXX/Chapter140d/Section28a Massachusetts statutes.

For more information, see Surcharge law resources under Merchant Alerts & Rules Links or contact your acquirer for accurate and current information specific to your situation. Neither Christine Speedy nor this web site provide legal advice. Consult an attorney for all your legal questions.

Does your company want to surcharge? Call Christine Speedy right now at 954-942-0483, 9-5 ET for a compliant solution. Please share your surcharge insights for others and ask any questions below. The information herein is based upon public information available at the time written and may change.

3D Merchant Services is rebranding as Greater Good Tech.

Microsoft Dynamics 365 Embedded Payments Solution Featured in Digital Transactions magazine

Posted on by

Embedded payments are exploding and U.S. Bank has embedded payment solutions within Microsoft Dynamics 365. “The Rise of Embedded Payments“, in DIGITAL TRANSACTIONS January 2023 issue, highlights U.S. Bank’s embedded payments solutions and benefits for both sellers and buyers. The U.S. Bank AP Optimizer® was announced last year. Additionally, Elavon Inc.’s payment gateway provides a secure and end-to-end accounts receivable payment solution for Dynamics 365 Finance. Elavon, a wholly owned subsidiary of U.S. Bank, has been a global leader in payment processing for more than 30 years.

Looking for Microsoft D365 secure payment processing solutions? Call Christine Speedy, 3D Merchant services founder, for simple solutions to B2B transaction problems. 954-942-0483, 9-5 ET.

FTC Orders an End to Illegal Mastercard Business Tactics and Requires it to Stop Blocking Competing Debit Card Payment Networks

Posted on by
Reply

Company violated the Durbin Amendment to the Dodd-Frank Act and Fed regulations, agency alleges

The Federal Trade Commission is ordering an end to illegal business tactics that Mastercard has been using to force merchants to route debit card payments through its payment network, and is requiring Mastercard to stop blocking the use of competing debit payment networks.

Under a proposed FTC order, Mastercard will have to start providing competing networks with customer account information they need to process debit payments, reversing a practice the company allegedly had been using to keep them out of the ecommerce debit payment business and, according to the FTC, that violated provisions of the 2010 Dodd-Frank Act known as the Durbin Amendment and its implementing rule, Regulation II.

“This is a victory for consumers and the merchants who rely on debit card payments to operate their businesses,” said Holly Vedova, Director of the FTC’s Bureau of Competition. “Congress directed the FTC to enforce this part of the Dodd-Frank Act and prevent precisely this kind of illegal behavior. We take this responsibility seriously, as demonstrated by our action today.”

Debit Card Payment Networks

With more than 80 percent of American adults carrying at least one debit card and over $4 trillion in debit card purchases made every year, debit cards occupy a significant place in the current payment landscape. The popularity of debit cards has been growing especially quickly for purchases consumers make using their personal devices equipped with ewallet applications such as Apple Pay, Google Pay, and Samsung Wallet.

Payment card networks play a critical role in those debit card transactions. When a customer presents their debit card to make a purchase, the network transmits the payment information to the card’s corresponding bank for approval, and then transfers the payment approval or denial back to the merchant. Payment card networks compete for the business of banks that issue cards and for the business of merchants that accept card payments.

Mastercard, along with Visa, is one of the two leading payment card networks in the United States. The processing fees charged by networks total billions of dollars every year, affecting every purchase made with a debit card, according to the FTC. Most of these fees are paid by the merchants to the card-issuing banks and the payment card networks.

To spur more competition among payment card networks, Congress enacted a provision of the 2010 Dodd-Frank Act known as the Durbin Amendment, which required banks to enable at least two unaffiliated networks on every debit card, thereby giving merchants a choice of which network to use for a given debit transaction. The Durbin Amendment—along with its implementing rule, Regulation II—also bars payment card networks from inhibiting merchants from using other networks.

Mastercard’s Illegal Tactics

With the post-Durbin rise of debit ecommerce and ewallet debit transactions, Mastercard was flouting the law by setting policies to block merchants from routing ecommerce transactions using Mastercard-branded debit cards saved in ewallets to alternative payment card networks, including networks that may charge lower fees than Mastercard, the FTC alleged.

Specifically, Mastercard used its control over a process called “tokenization” to block the use of competing payment card networks, the agency alleged. Transactions commonly are “tokenized” by replacing the cardholder’s primary account number with a different number to protect the account number during some stages of a debit transaction.

Tokens are stored in ewallets such as Apple Pay, Google Pay, and Samsung Wallet and serve as a substitute credential to provide additional protection for a cardholder’s account number.

When a debit cardholder makes a debit purchase using an ewallet, the merchant receives a token from the cardholder’s device and sends it to the merchant’s bank, which in turn sends the token to a payment card network for processing. For the transaction to proceed, however, the network must be able to convert the token to its associated account number.

Mastercard’s policy requires use of a token when a cardholder loads a Mastercard-branded debit card into an ewallet, while banks issuing Mastercard-branded debit cards nearly universally use Mastercard to generate the tokens and store the corresponding primary account numbers in its Mastercard “token vault,” the FTC alleged. Since competing networks do not have access to Mastercard’s token vault, merchants are dependent on Mastercard’s converting the token to process ewallet transactions using Mastercard-branded debit cards.

According to the FTC, Mastercard refuses to provide conversion services to competing networks for remote ewallet debit transactions (i.e., online and in-app transactions, as opposed to in-person transactions made by the customer in a store), thereby making it impossible for merchants to route their ewallet transactions on a network other than Mastercard.

Under the FTC consent order, when a competing network receives a token to process a debit card payment, Mastercard is required to provide them with the customer’s personal account number that corresponds to the token. The order also bans Mastercard from taking any action to prevent competitors from providing their own payment token service or offer tokens on Mastercard-branded debit cards and requires Mastercard to comply with provisions of Regulation II.

The Commission vote to issue the administrative complaint and to accept the consent agreement was 4-0. The FTC will publish a description of the consent agreement package in the Federal Register soon. The agreement will be subject to public comment, after which the Commission will decide whether to make the proposed consent order final. Instructions for filing comments appear in the published notice. Comments must be received 30 days after publication in the Federal Register. Once processed, comments will be posted on Regulations.gov.

NOTE: The Commission issues an administrative complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. When the Commission issues a consent order on a final basis, it carries the force of law with respect to future actions. Each violation of such an order may result in a civil penalty of up to $46,517.

The Federal Trade Commission works to promote competition, and protect and educate consumers.