Effective 31 March 2025, Visa will retire the Visa Dispute Monitoring Program (VDMP) and the Visa Fraud Monitoring Program (VFMP).
Additionally, effective 1 April 2025, Visa will enhance the Visa Acquirer Monitoring Program (VAMP) by implementing the following changes:
- A new transaction count-based metric that combines both fraud and non-fraud disputes will be introduced.
- New enumeration criteria based on confirmed enumerated transactions, identified and confirmed by the Visa (VAMP Enumeration Attacks) will be introduced.
The monthly VAMP ratio will be calculated at the merchant level as follows:
Count of fraud + Count of non-fraud disputes
――――――――――――――――――
Count of total settled transactions
VAMP Criteria
Seules les transactions de vente à distance VISA domestiques et internationales sont à prendre en compte dans le calcul du ratio VAMP.
- Only card-not-present (CNP), both domestic and cross-border VisaNet transactions are considered for VAMP.
- A monthly minimum of 1,000 combined fraudulent transactions and non-fraud disputes applies to merchant thresholds.
- Threshold calculations include non-fraud Dispute Condition Codes 11, 12 and 13.
- VAMP excludes Rapid Dispute Resolution (RDR) disputes and Cardholder Dispute Resolution Network (CDRN).
- VAMP excludes confirmed Compelling Evidence 3.0 except for fraud disputes.
VAMP Thresholds
Merchant VAMP Ratio | |
Threshold Effective Date 1 April 2025 | ≥1,50% |
Threshold Effective Date 1 January 2026 | ≥0,9% |
VAMP Enumeration Attacks
Enumeration attacks are where an attacker systematically submits transactions with a list of values such as the PAN, CVV2, expiration date and post code to derive legitimate payment card details or attempts low value transactions to verify if a stolen card number is valid.
The VAMP Enumeration Ratio is calculated as follows:
Count of enumerated authorization transactions (approved + declined)
―――――――――――――――――――――――――――――
Count of authorization transactions (approved + declined)
The VAMP Enumeration Threshold
Merchant VAMP Enumeration Threshold | |
Threshold Effective Date 1 April 2025 | ≥ 20% |
VAMP & VAMP Enumeration attacks Non-Compliance Assessments
For first-time identifications within a rolling 12- months, and for the first three months of the program, Visa will provide a three-month grace period before assessing fees:
USD 10 per each card-not-present (CNP) fraudulent transaction and non-fraud dispute will apply if indicators are met or exceed the program thresholds.
Exit Criteria
Remediation is considered successful and the VAMP case closes once the performance falls below the thresholds mentioned above.
Advisory Period
An advisory period will be implemented for the updated VAMP beginning 1 April 2025 and running through 30 June 2025. During the advisory period merchant identifications will count toward the 90-day grace period for enforcement. During this time, you will receive notifications labeled Advisory when your performance meets or exceeds the program thresholds.
VAMP overview
Thresholds Effective Date | VAMP ratio | VAMP Enumeration attacks ratio | Non compliance Assessments |
01-avr-25 | ≥ 1,5% | ≥ 20% |
$10 per each card-not-present (CNP) fraudulent transaction and non-fraud dispute |
01-janv-26 | ≥ 0,9% |