Visa has updated its Visa Acquirer Monitoring Program (VAMP)—the rules that measure card‑not‑present (online, recurring, subscription) risk across fraud, disputes, and “enumeration” (card‑testing attacks). Below is a concise primer so you know what’s being measured and how to stay in a healthy range.
What VAMP measures
One combined metric (the “VAMP Ratio”). It’s simply: Fraud reports (TC40) + Disputes (TC15) divided by your settled CNP transactions (TC05) for the prior month.
What’s not counted: Pre‑dispute‑resolved cases (e.g., RDR) and certain fraud cases that qualify under Compelling Evidence 3.0—subject to Visa’s monthly data timing.
Enumeration monitoring: Visa separately tracks account‑testing activity using authorization data. Excessive enumeration triggers its own remediation.
Key thresholds (what “good” looks like)
Acquirer portfolio: “Above Standard” begins at 50 bps (0.50%); “Excessive” is 70 bps+.
Merchant Excessive (by region, when the acquirer itself isn’t flagged):
AP/Canada/EU/U.S.: ≥220 bps (drops to ≥150 bps starting Apr 1, 2026)
LAC: ≥150 bps
CEMEA: ≥220 bps (with specific monthly count and amount minimums)
Enumeration (global Excessive): Enumeration Ratio ≥2,000 bps and ≥300,000 enumerated authorizations.
What is a basis point (bps)? 50 bps = 0.50%. Example: If you settle 10,000 online transactions in a month, staying under 50 bps means keeping the combined count of TC40 + TC15 below 50.
What happens if thresholds are exceeded
Merchants may be asked (through their acquirer/processor) to submit an action plan and take corrective steps—e.g., stronger fraud controls, better dispute prevention, and enumeration hardening.
Visa provides an Early Warning band (40–49 bps) to prompt proactive action.
After sustained non‑compliance, fees and stricter oversight can apply per acquirer contracts and the Visa fee schedule.
Proven ways to keep your ratio healthy
Prevent friendly fraud: Clear descriptors, receipts with delivery/usage evidence, proactive customer support, easy cancellations/returns.
Deflect disputes earlier: Use Rapid Dispute Resolution (RDR) where appropriate; enroll in workflows that qualify for Compelling Evidence 3.0.
Harden against enumeration: Add CAPTCHA/rate‑limits, AVS/CVV checks, velocity rules, BIN/issuer throttles, bot detection, and 3DS step‑up where needed.
Tune fraud tools: Maintain dynamic rules and review declines/approvals by channel, product, BIN, issuer, and geography.
Operational hygiene: Ship with tracking, message subscription terms prominently, send renewal reminders, and make cancellations simple.
How we’ll help
We’ll monitor your VAMP health monthly and alert you early if you’re trending toward thresholds.
If risk rises, we’ll provide a 30/60/90‑day optimization plan (fraud settings, 3DS step‑up policy, enumeration patching, and dispute‑prevention playbooks).
We’ll guide you on RDR/CE3.0 eligibility and operational best practices that reduce numerator counts.
Questions? Contact Nexio Support at 801.623.4000. We’re here to help you stay well below the line.
For additional information please select Nexio and Vamp