Tag Archives: payment gateway

Visa Acquirer Monitoring Program (VAMP) Explained

Posted on by
Reply

Why does compliance with Visa’s new VAMP program matter and what do merchants need to do?Visa’s new VAMP program for online payments became effective April 1, 2025, consolidating five existing fraud and dispute programs into a single acquirer program. The payment gateway is a critical tool for merchant compliance. Do not assume your payment gateway will get you compliant.

Fraud problems are not just from real buyers but bots attacking web servers. A big mistake is thinking you won’t have a fraud problem with your B2B business. That’s because criminals are not necessarily looking for your business, but they are automatically seeking technical vulnerabilities. For example, card testers can blast a thousand attempted transactions in seconds. Without controls to prevent, you’ll be stuck with potentially thousands of dollars in authorization fees.

Fraud prevention and risk management are critical to maintaining the integrity of financial transactions. One of the ways Visa addresses these concerns is through the Visa Acquirer Monitoring Program (VAMP). This program aims to ensure that merchants and acquirers meet Visa’s security standards and mitigate fraud risks across the payment ecosystem. This article delves into what VAMP is, how it works, and how payment gateways contribute to compliance.

What is Visa VAMP?

The Visa Acquirer Monitoring Program (VAMP) is an initiative by Visa designed to monitor and enforce the compliance of acquirers and merchants with Visa’s security requirements. The program tracks merchant activities and identifies merchants who present an elevated risk for fraud, allowing Visa to take action before fraud risks escalate.

VAMP operates primarily by analyzing transaction data to detect patterns indicative of fraud. It uses a sophisticated risk algorithm that identifies outliers in a merchant’s transaction activity, such as unusual chargeback rates or instances of card-not-present fraud, both of which are major indicators of potential fraud.

If a merchant is flagged by the VAMP program, the acquirer is notified and required to investigate and take corrective actions. This can include additional monitoring or, in more severe cases, suspension of the merchant’s account. The goal is to protect cardholders and the broader Visa ecosystem from fraudulent activity.

Key Elements of the Visa Acquirer Monitoring Program

The Visa Acquirer Monitoring Program includes several important components that aim to maintain compliance and ensure the integrity of transactions:

  1. Risk Scoring and Monitoring: VAMP assigns risk scores to acquirers and merchants based on a variety of factors. Merchants with high chargeback rates, evidence of data breaches, or other signs of fraudulent behavior are placed under heightened scrutiny. Every month, Visa pulls data from your acquirer about:
    • How many of your online transactions were reported as fraud?
    • How many turned into disputes/chargebacks?
    • How many card-not-present transactions have you successfully processed?
    • Visa then plugs these numbers into one formula — the VAMP ratio — to see whether you (or your acquirer’s overall portfolio) are within acceptable limits.
  2. Risk Thresholds: The Visa VAMP ratio is calculated by Fraud Reports plus Disputes divided by the number of transactions.. For USA merchants, the excessive VAMP threshold ratio is 2.20% and a minimum of 1,500 transactions. Merchants who exceed these thresholds are flagged for further investigation. Fraud that turns into a chargeback gets double-counted. Effective April 1, 2026 the Excessive threshold drops to 1.50%, potentially flagging more merchants unless fraud and disputes are reduced.
  3. Corrective Actions and Penalties: Once a merchant is flagged, the acquirer is responsible for taking corrective actions. If corrective actions are not taken, Visa may impose penalties such as fines or even suspension of the merchant’s ability to accept Visa transactions. Acquirers then pass these costs along to merchants.
  4. Education and Resources: Visa provides acquirers with resources to help them better understand compliance and fraud prevention measures. This includes best practices, training, and guidance on preventing fraud and maintaining a secure payment environment.

Why VAMP Matters for Acquirers and Merchants

For acquirers, VAMP is a tool that ensures they are working with merchants who adhere to Visa’s standards for security and risk management. Acquirers are responsible for monitoring their merchants’ activities and reporting any fraudulent or non-compliant behavior to Visa. Failure to comply with VAMP can lead to increased fines, penalties, and even the termination of the ability to process Visa transactions.

For merchants, compliance with VAMP is essential for protecting the business from fraud-related losses. Non-compliance can result in financial penalties and loss of access to the Visa payment network, which can significantly impact the business’s ability to process payments.

How Payment Gateways Play a Role in VAMP Compliance

Payment gateways are a critical component of the payments infrastructure. Payment gateways play a key role in ensuring that merchants comply with proper authorization and Visa’s security protocols, including those outlined in VAMP. If you recall when EMV chips were launched, a lot of players in the payment ecosystem were not compliant, some of them took years to catch up and some never did.

  1. Fraud Detection and Prevention: Payment gateways incorporate various tools and technologies to detect and prevent fraudulent transactions. These tools include features such as Address Verification Service (AVS), CVV checks, velocity checks, 3-D Secure, other filters. By detecting and preventing fraud before it occurs, payment gateways help merchants stay within Visa’s risk thresholds. 3-D Secure can reduce merchant fees. Some gateways have more robust merchant manageable solutions than others.
  2. Security Features: Visa’s security standards require merchants to implement strong encryption and secure payment processes. Payment gateways are responsible for ensuring that all cardholder data is encrypted and stored securely. They also support features like tokenization, which replaces sensitive card data with unique identifiers, further reducing the risk of data breaches and fraud. All of the major payment gateways have robust security.
  3. Chargeback Management: A high chargeback ratio is a major red flag for the VAMP program. Payment gateways provide tools for merchants to manage and reduce chargebacks, such as implementing fraud prevention measures. The most effective solutions automate transaction management to mitigate risk of fraudulent attempts in the first place.
  4. PCI DSS Compliance: Payment gateways are required to comply with the Payment Card Industry Data Security Standard (PCI DSS), which mandates a set of security measures designed to protect cardholder data. PCI DSS compliance is directly linked to Visa’s security expectations and plays a critical role in VAMP compliance. All of the major payment gateways offer PCI compliant solutions.
  5. Reporting and Analytics: Payment gateways also provide merchants and acquirers with detailed transaction reports and analytics that can help identify trends, spot potential fraud, and ensure ongoing compliance with Visa’s monitoring criteria.
  6. Proper Authorization: This is one of the least talked about but critical component to mitigate chargebacks. Examples of challenging rules that many payment gateways don’t comply with are mismatched authorization and settlement, one dollar pre-authorizations, and expired authorizations.

Visa VAMP is a critical initiative for maintaining the security and integrity of the Visa payment ecosystem. It is a program that holds acquirers and merchants accountable for managing fraud risks and ensures that high-risk merchants are identified and monitored effectively. Payment gateways play a central role in compliance by offering essential fraud prevention tools, securing transactions, and supporting proper authorization compliance.

By staying proactive about security, monitoring transaction data, and implementing Visa’s recommended best practices, merchants and acquirers can ensure they remain compliant with Visa’s VAMP program, help protect themselves and their customers from fraud, and reduce fees.

For more detailed guidance on how to comply with Visa VAMP, visit Visa’s official Acquirer Monitoring Program page.

For a free consultation on compliant B2B payment gateways, contact 3D Merchant Services.

Microsoft Dynamics 365 Embedded Payments Solution Featured in Digital Transactions magazine

Posted on by

Embedded payments are exploding and U.S. Bank has embedded payment solutions within Microsoft Dynamics 365. “The Rise of Embedded Payments“, in DIGITAL TRANSACTIONS January 2023 issue, highlights U.S. Bank’s embedded payments solutions and benefits for both sellers and buyers. The U.S. Bank AP Optimizer® was announced last year. Additionally, Elavon Inc.’s payment gateway provides a secure and end-to-end accounts receivable payment solution for Dynamics 365 Finance. Elavon, a wholly owned subsidiary of U.S. Bank, has been a global leader in payment processing for more than 30 years.

Looking for Microsoft D365 secure payment processing solutions? Call Christine Speedy, 3D Merchant services founder, for simple solutions to B2B transaction problems. 954-942-0483, 9-5 ET.

CVV Card Verification Value vs 3-D Secure, D365, Dynamics Ax

Posted on by
Reply

What’s the difference between Card Verification Value verification and 3-D Secure cardholder authentication? How can each be used in Microsoft D365 F&O or Dynamics AX 2012? Both are solutions to reduce chargeback risk for card not present transactions, but not much else is the same.

The CVV, or Card Verification Value, is a three or four-digit number on credit cards to add an extra layer of security for phone and online purchases to help protect against identity theft. CVV or CSC, or Card Security Code, and CVV2 have the same purpose. The “2” means it was created using a newer process to make the number more difficult to guess.

3-D Secure is a protocol providing an additional layer of security for eCommerce transactions prior to authorization. 3-D secure 1.0 is being retired October 1, 2021 and legacy integrations often require an update.

What are merchant benefits for using 3-D Secure vs CVV?

  • More authorization approvals. False declines are a significant source of lost revenue.
  • Some cards have reduced interchange rates when the authentication is invoked, which are usually over 90% of fees.
  • Less friction for customers at checkout because it’s more likely to get approved and no need to chat or call for help.
  • Reduced risk of chargeback losses. Fraud liability for “it wasn’t me” automatically shifts to the issuer; Merchants do not have to defend those chargebacks, they never even see them.

At this stage of massive data breaches and stolen data globally, the CVV is just not enough to mitigate chargeback risk because too many compromised cards with CVV data are available on the dark web. Additionally, merchants can experience issuer generated chargebacks even if an authorization was granted. What? Yes, and there is no recourse. A big issue is following authorization rules. Here’s some examples:

  1. A merchant has customer card numbers on file (old school on paper). The merchant key enters each transaction. This fails the unscheduled credential on file rule, where after the initial authorization, a response code is submitted with each subsequent authorization.
  2. A merchant has customer card numbers on file via stored tokens, no access to cardholder data. The merchant uses token to get new authorizations. This can fail the unscheduled credential on file rule, where after the initial authorization, a response code is required with each subsequent authorization, however, the technology used does not support those protocols.
  3. A merchant gets a phone order and enters CVV. The merchant has higher risk of fraud because the customer must self-enter the card number to participate in 3-D Secure authentication.

If you have non-qualified, STD, and other classes of transactions on merchant statements, that usually means that an authorization rule was not followed. So while an authorization code may have been granted, the merchant is at higher risk of a chargeback and usually pays penalty fees.

How can Microsoft D365 and Dynamics AX users leverage the benefits of 3-D Secure 2.0 vs CVV verification? For B2B, I recommend all merchants require their customers self-manage their payment methods using a payment gateway that supports all the latest authorization rules. (Few do.) For cards that have been stored over multiple years, it’s unlikely that the token stored has the correct data (not visible to merchants) to send with newer transactions. For example, Authorize.net, a popular payment gateway, just started supporting unscheduled credential on file this year, and only on First Data. Ask about our integrated and standalone solutions that include a cloud portal for customers to self-manage payment methods, view payment history, and pay invoices, if applicable.

What payment gateways support customers self-managing payment methods in compliance with all the current rules? Contact us for stand alone, Dynamics integrated, Magento and other solutions. Remember, 3-D secure can only be invoked if the customer entered their cardholder data. For subsequent unscheduled credential on file transactions, CVV and 3-D secure are not needed, because the cardholder has already verified themselves.

Call Christine Speedy, PCI Council Qualified Integrator Reseller (QIR) certified, for all your card not present, Microsoft Dynamics AX and D365 payment processing needs from ACH to credit cards and more. Get a new merchant account or keep your existing. 954-942-0483, 9-5 ET.

3-D Secure 2.0 Merchant Overview 2020 2021

Posted on by
Reply

3-D Secure is a protocol providing an additional layer of security for eCommerce transactions prior to authorization. It enables the exchange of data between the merchant, card issuer and, when necessary, the consumer, to validate that the transaction is being initiated by the actual cardholder. Ecommerce transactions includes traditional shopping cart as well as any digital payment where the cardholder initiates and completes the payment process. For example, einvoicing or electronic bill presentment and payment are ecommerce transactions.

Each card network has a name for their product that uses 3-D secure, also referred to as 3D Secure, 3DS, 3-D Secure authentication or EMV 3-D Secure. Visa rebranded Verified by Visa to Visa Secure. MasterCard SecureCode (3DS 1.0) merchants are being encouraged to migrate to Mastercard Identity Check which uses EMV 3-D Secure 2.0. American Express SafeKey 2.0 is also available now. 3-D Secure 2.x helps reduce fraud and minimize the need for one-time passcodes, improving the user experience and reducing shopping cart abandonment.

What are merchant benefits for using 3-D Secure?

  • More authorization approvals. False declines are a significant source of lost revenue.
  • Some cards have reduced interchange rates when the authentication is invoked, which are usually over 90% of fees. American Express does reduce rates.
  • Less friction for customers at checkout.
  • Reduced risk of chargeback losses. Fraud liability for “it wasn’t me” automatically shifts to the issuer; Merchants do not have to defend those chargebacks, they never even see them.

How do merchants get started using 3-D Secure?

There are two elements- the payment gateway and the merchant account. Contact your payment gateway company to see if they support it and how to set it up. In most cases, this is simply a back office set up process. Merchants may also need to sign acceptance of pricing. The transaction fees are minimal and typically more than offset by the 11 to 20 basis point reduction in merchant fees on applicable cards.

Christine Speedy, Founder 3D Merchant Services, QIR certified, is a credit card processing expert with specialized expertise in card not present and B2B payment processing technology. Less than 1% of all merchant services sales representatives are QIR certified by the PCI Council. Christine is an authorized reseller for Elavon and CenPOS products and services, in addition to other solutions.

Credit Card Processing from AX to D365 F&O

Posted on by
Reply

Upgrading from Dynamics AX to D365 Finance & Operations?

Consultants help with planning and migration, however, when it comes to choosing a payment connector to capture revenues, engaging a payment processing professional can save boatloads of time and money. Why?

  1. The payment connector, including payment gateway, influences credit card processing fees. Compliance with authorization and settlement rules is complicated and connectors manage processes differently because of where they are in technology development. It’s the single largest influencer of fees and penalties you’ll pay. Look at this MasterCard Integrity Fee on a Chase Paymentech merchant statement:
mastercard PROCESSING INTEGRITY FINAL ATH

$536,042.54 multiplied by a .25% penalty fee for a total of $1,340.10 in avoidable costs. This is due to not properly authorizing and settling transactions, including reversals for unused authorizations. There are many ways to get authorization penalty fees and I’ve written multiple articles about them, including this on the Visa Stored Credential Mandate.

2. The payment connector makes a huge difference in internal automation for related processes, such as updating journals, as well as external customer automation including self-service access to invoices, payment history, managing payment methods and more.

3. The ISV payment connector package may include other items in your development road map. An independent payment processing professional will assess needs and provide insights on multiple connectors to help guide your business to the best choice. Which support the stored credential mandate for unscheduled credential on file? How will it help meet current and future Covid-19 side effect needs? How will it protect the business from a data breach as a result of workers at home?

In my experience, consultants don’t consider the payment connector until the project is defined and well under way, a contributing factor why more than 50% of ERP implementations fail to meet time, budget, or benefit objectives. Specification decisions are based on ‘securing payments’, without knowing how the connector might already have built-in solutions for other areas including customer service, sales, accounting, call center and more. If brought in sooner, the payments professional can eliminate some customization, reduce implementation time and costs, while improving immediate benefits.

To summarize, a flip phone and a smart phone are both capable of making phone calls, but the experience is completely different. Which would you prefer?

Christine Speedy, 3D Merchant blogger and CenPOS Global Sales, 954-942-0483 is an Independent Payments Professional and is independently Qualified Integrator Reseller (QIR) certified by the PCI Council.