Back to Insights
Compliance

VAMP After April 2026: What the Threshold Drop Actually Means for High-Risk Merchants

Visa's VAMP Excessive threshold dropped to 1.5% on April 1, 2026. For adult, dating, subscription, and gaming merchants, the real risk is not fines — it's your acquirer's portfolio math. Here is what you need to know now.

June 2026 · 10 min read
Share

What VAMP Actually Is (And What It Replaced)

Visa ran two separate monitoring programs for most of the last decade. The Visa Dispute Monitoring Program (VDMP) tracked chargeback ratios. The Visa Fraud Monitoring Program (VFMP) tracked fraud. Each had its own threshold, its own fine structure, and its own remediation process. Merchants could, in theory, manage them independently.

That changed on April 1, 2025, when Visa launched the Visa Acquirer Monitoring Program (VAMP), collapsing both into a single framework with a single ratio. The unification sounds administrative. It is not. Consolidating the two metrics into one number, applied at the acquirer portfolio level rather than just the merchant level, restructured the risk relationship between merchants, processors, and Visa in ways that most high-risk operators are still working out.

The program replaced the earlier VFMP and VDMP, filling the same conceptual space in the fraud and payments ecosystem but with significant differences: a unified metric, tighter thresholds, and acquirers placed front and center. That last point matters most. The “A” in VAMP signals where Visa’s compliance focus has landed: on the banks and processors that underwrite merchants, not on merchants directly.

The enforcement timeline unfolded in stages. If you are reading this now, you are operating under the final, tightest version of the program.

  1. 1 Apr 2025

    VAMP launches

    VDMP and VFMP collapse into a single ratio applied to acquirers and merchants.

  2. 1 Jun 2025

    New thresholds and minimum counts take effect

    The qualifying event minimums and initial ratio levels go live.

  3. 1 Oct 2025

    Enforcement begins

    The advisory period ends; fines start applying to flagged portfolios and merchants.

  4. 1 Apr 2026In force

    Merchant threshold tightens to 1.5%

    The stricter merchant excessive line, down from 2.2%, is the regime you operate under now.

The Numbers That Matter Right Now

The VAMP ratio formula is straightforward: (TC40 fraud reports + TC15 disputes) divided by TC05 settled transactions, applied to card-not-present transactions only.

VAMP threshold comparison: merchant 1.5%, acquirer 0.5% above standard and 0.7% excessive
VAMP thresholds in force from April 2026. The acquirer portfolio cap is three times tighter than the merchant threshold.
Where the lines sit from April 2026VAMP thresholds and fines currently in force, card-not-present transactions
WhoTriggerRatioFine
MerchantExcessive (down from 2.2%)1.5%$8 per item
AcquirerAbove Standard (since Jan 2026)0.5%$4 per item
AcquirerExcessive0.7%$8 per item

Merchants qualify only at 1,500+ combined TC40 + TC15 events per month; first-time offenders in a rolling 12 months get a three-month grace period. Source: Forter; Merchant Risk Council.

Enumeration (card testing) is monitored separately: a 20% enumeration ratio AND 300,000 or more enumerated authorization attempts per month puts a merchant in scope.

One number that keeps circulating online is a 0.9% merchant threshold. That figure does not appear in Visa’s published documentation. The confirmed April 2026 threshold for merchants is 1.5%. Verify any threshold figure against Visa’s official VAMP fact sheet before acting on it.

A useful framing: before VAMP, the combined ceiling across VDMP and VFMP was effectively 1.8%. VAMP’s initial rollout set the threshold at 2.2%, which already caused difficulties for some merchants due to the double-counting mechanics. From April 2026, that threshold is 1.5%. The direction of travel is clear.

The Double-Counting Problem Nobody Talks About

Here is the mechanics issue that makes VAMP structurally harder for high-risk merchants than the headline ratio suggests.

VAMP ratio formula showing TC40 fraud reports plus TC15 disputes divided by TC05 settled CNP transactions, with double-counting trap highlighted
The VAMP formula counts TC40 and TC15 separately. A single fraud-related dispute can hit your ratio twice: once as a TC40 report and again as a TC15 chargeback.

The VAMP ratio counts TC40 fraud reports and TC15 chargebacks as separate events. Many fraud-related chargebacks are effectively counted twice: once as a chargeback and again as a TC40 fraud report. A single disputed transaction can hit your ratio at two points.

If a fraud alert is issued and a merchant does not issue a refund quickly enough to stop a chargeback, both the TC40 and the TC15 count toward the ratio separately.

This matters most for merchants operating in verticals with high friendly fraud rates. Visa data indicates that approximately 75% of all disputes originate as friendly fraud. For subscription merchants, adult platforms, and dating operators, where cardholders routinely dispute legitimate charges after the fact, sometimes months later, the double-count is not an edge case. It is a structural feature of the business.

Consider a subscription box merchant running at what looks like a clean 0.8% chargeback rate. If half of those disputes also generated a TC40, the actual VAMP ratio is closer to 1.2%. Add modest card-testing exposure and you are looking at a ratio that needs active management to stay below 1.5%.

There is also a separate risk that many merchants miss: a cardholder’s bank can file a TC40 fraud report on a transaction it flagged as suspicious without the cardholder ever formally filing a chargeback. That report still counts in the VAMP numerator. Most merchants have no visibility into TC40 volume through standard reporting tools.

To get an accurate picture of your VAMP ratio, you need TC40 data from your acquirer directly, not just the dispute dashboard in your payment processor portal.

Why Your Acquirer Will Cut You Before Visa Does

This is the part of VAMP that most merchant-facing coverage underplays.

Acquirer portfolio math: how a 1.2% merchant ratio tips a 0.4% portfolio over the 0.5% acquirer threshold
A merchant compliant at 1.2% can still blow up an acquirer’s portfolio. One bad month spikes the blended ratio above the 0.5% Above Standard threshold, triggering fines and a termination conversation.

Visa’s direct relationship in the VAMP framework is primarily with acquirers. Merchants are one step removed. But that creates the real exposure: acquirers now have a portfolio cap of 0.5% to 0.7%. One high-dispute merchant can shift the portfolio ratio for an entire book of accounts.

The arithmetic is not subtle. An acquirer running a lean portfolio at 0.4% absorbs one high-volume adult merchant generating a 2.0% ratio. Depending on that merchant’s transaction volume relative to the portfolio, the acquirer’s blended ratio can tip above the Above Standard threshold, triggering $4-per-transaction fines across every flagged transaction in that portfolio.

Under the old programs, acquirers could offset having some high-risk merchants in their portfolio with other low-risk merchants. They had considerable flexibility to match risk appetite. With VAMP’s portfolio cap, that flexibility is largely gone.

The practical consequence: acquirers have strong financial incentive to identify and remove merchants whose individual ratios threaten compliance before Visa formally flags the portfolio. Internal acquirer thresholds are usually stricter than Visa’s published limits and are not shared with merchants. Merchants may not know they are at risk until they receive a notice from their processor.

The relevant threshold is not 1.5%. It is your acquirer’s internal risk tolerance, and that number is invisible to you.

TPE analysis

The risk is not abstract. Beyond Visa’s direct fines of $8 per dispute, processors may hold 5 to 20% of monthly volume in reserve, impose processing restrictions on transaction types or volumes, or move to full account termination. For high-volume merchants, fine exposure alone can escalate to tens of thousands of dollars monthly before termination becomes the cheaper option for the acquirer.

Your Actual Defence Options

VAMP provides mechanisms to exclude certain disputes from the ratio, but timing is the critical variable. Both resolution and dispute need to fall within the same month for the exclusion to be effective, because VAMP looks at each month in isolation.

Dispute exclusion tools timing chart: RDR, CDRN/Ethoca, CE 3.0 and Order Insight — same calendar month rule
Timing is everything. RDR and CE 3.0 exclusions only work if resolution falls in the same calendar month as the dispute. Winning a chargeback after the fact recovers revenue; it does not remove the event from your VAMP ratio.

Rapid Dispute Resolution (RDR): Visa’s automated refund tool. When a TC15 non-fraud dispute is resolved through RDR before formal filing, it can be excluded from the VAMP ratio. Requires pre-dispute enrollment and works best for subscription merchants where the dispute reason is clear.

Verifi CDRN / Ethoca Alerts: Alert networks that notify merchants of incoming disputes before they reach TC15. Acting within the alert window (issuing a refund) can prevent the TC15 from generating at all, keeping the event out of the denominator-inflating cycle.

Compelling Evidence 3.0 (CE3.0): Visa’s updated framework for challenging friendly fraud using prior legitimate transaction history. CE3.0 can exclude TC40 disputes that qualify from the VAMP ratio, but resolution must fall within the same monthly window as the dispute. For adult and subscription merchants with good transaction history data, CE3.0 is a genuine lever, but it requires clean records going back far enough to establish the pattern.

Order Insight: Visa’s pre-dispute data-sharing tool. Enriched transaction data delivered to the issuing bank can resolve a cardholder query before it escalates to a TC40 or TC15. Preventing disputes through Order Insight can avoid a TC40 report being filed, though this is at the issuer’s discretion.

One important caveat: chargebacks for which a merchant is not liable (counterfeit cards, account takeovers on the issuing bank side) still count toward VAMP metrics. Not being at fault does not protect the ratio.

What High-Risk Merchants Should Do This Month

Waiting until you receive a notice from your acquirer is too late. By that point, you are already in their remediation queue. Here is where to start:

Get your actual TC40 data. Your payment processor dashboard shows disputes. It does not show TC40 fraud reports from issuers who flagged transactions without opening a chargeback. Request the TC40 report directly from your acquirer. This is the single most important data gap for most high-risk merchants.

Calculate your real VAMP ratio. Take your TC40 count, add your TC15 count, divide by your total settled CNP transactions for the month. Do this for the last three months. If you are above 1.0%, you need active management. If you are above 1.3%, you are close enough to the 1.5% threshold that any spike will put you in enforcement territory.

Set internal thresholds below Visa’s. Consider setting internal thresholds well below the official limits. Your acquirer’s internal threshold is likely stricter than Visa’s and is not disclosed to you. An internal warning at 0.9% and an escalation threshold at 1.2% gives you operating room.

Talk to your acquirer before they talk to you. If your ratio is elevated, initiating the conversation positions you as a merchant managing the issue, not hiding it. Acquirers have more options when they are not already over their own portfolio threshold.

Audit your descriptor and billing terms. A significant share of friendly fraud disputes in subscription and adult verticals originates from cardholders who did not recognize a charge. Clear billing descriptors, upfront cancellation terms, and pre-charge reminder emails are operational fixes that reduce TC15 volume at the source.

Enroll in pre-dispute tooling. RDR, CDRN, and Ethoca Alerts all require setup time. If you are not already enrolled, start the process now. They are not instant, but they are the only structural tools available for keeping events out of the VAMP numerator before they count.

VAMP is not a temporary compliance cycle. The threshold direction is one-way, and Visa has signalled that the acquirer-portfolio framing is permanent. For merchants operating in adult, dating, gaming, subscription, and nutra verticals, the program raises the cost of business in a concrete way. The operators who manage through it will be the ones who understand what is actually being counted, why their acquirer’s risk tolerance matters more than Visa’s published threshold, and where the real leverage in the ratio sits.

    Sources
  1. Forter, “Visa’s Updated VAMP Program: What Merchants Need to Know,” forter.com.
  2. Merchant Risk Council, “Stricter VAMP Ratio Thresholds Are Now in Effect,” merchantriskcouncil.org.
  3. Chargeback Gurus, “Visa Acquirer Monitoring Program (VAMP),” chargebackgurus.com.
  4. Equifax, “The Visa Acquirer Monitoring Program (VAMP): What New Rules Mean for Acquirers and Merchants,” equifax.com.
Share
Relevant Guides
The Payments Edge
Independent payments intelligence

Analysis for merchants, acquirers, and compliance teams working in medium and high-risk verticals. No PSP affiliations.

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Keep Reading

Related Insights

Never Miss an Insight

Get the Edge

Join merchants and payments professionals getting independent insight every month.

0
Don't just read — weigh in.x
()
x