Why does compliance with Visa’s new VAMP program matter and what do merchants need to do?Visa’s new VAMP program for online payments became effective April 1, 2025, consolidating five existing fraud and dispute programs into a single acquirer program. The payment gateway is a critical tool for merchant compliance. Do not assume your payment gateway will get you compliant.

Fraud problems are not just from real buyers but bots attacking web servers. A big mistake is thinking you won’t have a fraud problem with your B2B business. That’s because criminals are not necessarily looking for your business, but they are automatically seeking technical vulnerabilities. For example, card testers can blast a thousand attempted transactions in seconds. Without controls to prevent, you’ll be stuck with potentially thousands of dollars in authorization fees.

Fraud prevention and risk management are critical to maintaining the integrity of financial transactions. One of the ways Visa addresses these concerns is through the Visa Acquirer Monitoring Program (VAMP). This program aims to ensure that merchants and acquirers meet Visa’s security standards and mitigate fraud risks across the payment ecosystem. This article delves into what VAMP is, how it works, and how payment gateways contribute to compliance.

What is Visa VAMP?

The Visa Acquirer Monitoring Program (VAMP) is an initiative by Visa designed to monitor and enforce the compliance of acquirers and merchants with Visa’s security requirements. The program tracks merchant activities and identifies merchants who present an elevated risk for fraud, allowing Visa to take action before fraud risks escalate.

VAMP operates primarily by analyzing transaction data to detect patterns indicative of fraud. It uses a sophisticated risk algorithm that identifies outliers in a merchant’s transaction activity, such as unusual chargeback rates or instances of card-not-present fraud, both of which are major indicators of potential fraud.

If a merchant is flagged by the VAMP program, the acquirer is notified and required to investigate and take corrective actions. This can include additional monitoring or, in more severe cases, suspension of the merchant’s account. The goal is to protect cardholders and the broader Visa ecosystem from fraudulent activity.

Key Elements of the Visa Acquirer Monitoring Program

The Visa Acquirer Monitoring Program includes several important components that aim to maintain compliance and ensure the integrity of transactions:

1. Risk Scoring and Monitoring: VAMP assigns risk scores to acquirers and merchants based on a variety of factors. Merchants with high chargeback rates, evidence of data breaches, or other signs of fraudulent behavior are placed under heightened scrutiny. Every month, Visa pulls data from your acquirer about:
   • How many of your online transactions were reported as fraud?
   • How many turned into disputes/chargebacks?
   • How many card-not-present transactions have you successfully processed?
   • Visa then plugs these numbers into one formula — the VAMP ratio — to see whether you (or your acquirer’s overall portfolio) are within acceptable limits.
2. Risk Thresholds: The Visa VAMP ratio is calculated by Fraud Reports plus Disputes divided by the number of transactions.. For USA merchants, the excessive VAMP threshold ratio is 2.20% and a minimum of 1,500 transactions. Merchants who exceed these thresholds are flagged for further investigation. Fraud that turns into a chargeback gets double-counted. Effective April 1, 2026 the Excessive threshold drops to 1.50%, potentially flagging more merchants unless fraud and disputes are reduced.
3. Corrective Actions and Penalties: Once a merchant is flagged, the acquirer is responsible for taking corrective actions. If corrective actions are not taken, Visa may impose penalties such as fines or even suspension of the merchant’s ability to accept Visa transactions. Acquirers then pass these costs along to merchants.
4. Education and Resources: Visa provides acquirers with resources to help them better understand compliance and fraud prevention measures. This includes best practices, training, and guidance on preventing fraud and maintaining a secure payment environment.

Why VAMP Matters for Acquirers and Merchants

For acquirers, VAMP is a tool that ensures they are working with merchants who adhere to Visa’s standards for security and risk management. Acquirers are responsible for monitoring their merchants’ activities and reporting any fraudulent or non-compliant behavior to Visa. Failure to comply with VAMP can lead to increased fines, penalties, and even the termination of the ability to process Visa transactions.

For merchants, compliance with VAMP is essential for protecting the business from fraud-related losses. Non-compliance can result in financial penalties and loss of access to the Visa payment network, which can significantly impact the business’s ability to process payments.

How Payment Gateways Play a Role in VAMP Compliance

Payment gateways are a critical component of the payments infrastructure. Payment gateways play a key role in ensuring that merchants comply with proper authorization and Visa’s security protocols, including those outlined in VAMP. If you recall when EMV chips were launched, a lot of players in the payment ecosystem were not compliant, some of them took years to catch up and some never did.

1. Fraud Detection and Prevention: Payment gateways incorporate various tools and technologies to detect and prevent fraudulent transactions. These tools include features such as Address Verification Service (AVS), CVV checks, velocity checks, 3-D Secure, other filters. By detecting and preventing fraud before it occurs, payment gateways help merchants stay within Visa’s risk thresholds. 3-D Secure can reduce merchant fees. Some gateways have more robust merchant manageable solutions than others.
2. Security Features: Visa’s security standards require merchants to implement strong encryption and secure payment processes. Payment gateways are responsible for ensuring that all cardholder data is encrypted and stored securely. They also support features like tokenization, which replaces sensitive card data with unique identifiers, further reducing the risk of data breaches and fraud. All of the major payment gateways have robust security.
3. Chargeback Management: A high chargeback ratio is a major red flag for the VAMP program. Payment gateways provide tools for merchants to manage and reduce chargebacks, such as implementing fraud prevention measures. The most effective solutions automate transaction management to mitigate risk of fraudulent attempts in the first place.
4. PCI DSS Compliance: Payment gateways are required to comply with the Payment Card Industry Data Security Standard (PCI DSS), which mandates a set of security measures designed to protect cardholder data. PCI DSS compliance is directly linked to Visa’s security expectations and plays a critical role in VAMP compliance. All of the major payment gateways offer PCI compliant solutions.
5. Reporting and Analytics: Payment gateways also provide merchants and acquirers with detailed transaction reports and analytics that can help identify trends, spot potential fraud, and ensure ongoing compliance with Visa’s monitoring criteria.
6. Proper Authorization: This is one of the least talked about but critical component to mitigate chargebacks. Examples of challenging rules that many payment gateways don’t comply with are mismatched authorization and settlement, one dollar pre-authorizations, and expired authorizations.

Visa VAMP is a critical initiative for maintaining the security and integrity of the Visa payment ecosystem. It is a program that holds acquirers and merchants accountable for managing fraud risks and ensures that high-risk merchants are identified and monitored effectively. Payment gateways play a central role in compliance by offering essential fraud prevention tools, securing transactions, and supporting proper authorization compliance.

By staying proactive about security, monitoring transaction data, and implementing Visa’s recommended best practices, merchants and acquirers can ensure they remain compliant with Visa’s VAMP program, help protect themselves and their customers from fraud, and reduce fees.

For more detailed guidance on how to comply with Visa VAMP, visit Visa’s official Acquirer Monitoring Program page.

For a free consultation on compliant B2B payment gateways, contact 3D Merchant Services.