Visa VAMP 2026: What Every Merchant Needs to Know

Visa's Visa Acquirer Monitoring Program (VAMP) was substantially restructured in April 2025, consolidating the old VDMP (Visa Dispute Monitoring Program) and VCMP (Visa Chargeback Monitoring Program) into a single, stricter framework. If you're still operating on pre-2025 mental models of how dispute monitoring works, this article will update your understanding.

What Changed with VAMP

The pre-2025 system had two separate programs with different thresholds and calculations. VAMP combined them but with a critical change: it measures enumeration attacks and fraud disputes together in a single ratio, giving Visa a more complete view of merchant risk.

The new calculation includes:

• TC40 fraud reports (fraud flagged by issuers even when no chargeback was filed)
• Dispute chargebacks (the traditional chargeback ratio)
• Enumeration attack transactions (BIN attacks, credential stuffing, card testing)

This expanded scope means merchants with good dispute ratios but elevated fraud scores can still enter monitoring. The combined metric makes it harder to manage your way around the program with accounting tricks.

The 2026 Threshold Landscape

Visa publishes the VAMP thresholds through acquirer communications, but the effective numbers that matter to most merchants in 2026:

Standard VAMP Threshold: 0.9% combined fraud/dispute ratio (down from the legacy 0.9% VDMP threshold, but now including the broader TC40 component)

High-Risk VAMP Threshold: 1.8% for designated high-risk merchant category codes

Once you breach the standard threshold for two consecutive months, your acquirer receives notification and is required to implement a remediation plan with you. The fees begin accruing in the third month of breach.

Fees: Monthly assessments begin at approximately $50 per dispute over threshold and escalate significantly if the breach continues past six months. At the Excessive level (typically 2x the standard threshold), acquirers face their own assessments from Visa, which they pass through to merchants with urgency.

Why TC40 Matters More Now

The TC40 fraud report is a signal issuers send to Visa when they believe a transaction was fraudulent, even if the cardholder hasn't filed a formal dispute. Many merchants are surprised to learn that TC40s affect their VAMP score even when they never receive a chargeback on those transactions.

TC40s are elevated by:

• Transactions where the cardholder's card was compromised and used fraudulently
• BIN attacks and card testing attempts that generate small auth attempts
• Account takeover scenarios where fraudsters use legitimate credentials

You can't win a representment against a TC40 because there's no chargeback to fight. The only solution is fraud prevention: velocity rules, device fingerprinting, 3DS authentication, and CVV enforcement. If your TC40 rate is elevated, the fix is upstream, not in the dispute queue.

Calculating Your Own VAMP Exposure

Your acquirer should provide monthly dispute and TC40 reporting. If they don't, request it — merchants in the dark about their VAMP position are the ones who get caught by surprise when monitoring fees begin.

The calculation:

1. Take all Visa disputes filed in the month
2. Add all TC40 reports for Visa transactions in the month
3. Divide by total Visa transactions in the month
4. Multiply by 100 for your percentage ratio

If you're consistently above 0.7%, start treating this as an active risk. VAMP thresholds can be crossed suddenly if you have a fraud spike or a seasonal complaint volume increase.

The VAMP calculator at Chargemate lets you model different scenarios and see at what fraud/dispute levels you'd breach the standard threshold, which is useful for setting internal alert levels.

Staying Below the Threshold: Operational Priorities

Implement 3DS properly. Authenticated 3DS transactions shift fraud liability to the issuer, meaning TC40s on those transactions don't count against your merchant VAMP score. For CNP merchants with elevated fraud rates, 3DS implementation is the highest-ROI fraud prevention investment available.

Tackle enumeration attacks. Card testing is often invisible until you see the TC40 reports. Velocity rules on authorization attempts, CAPTCHA on payment forms, and bot detection tools significantly reduce this exposure.

Fight and win disputes. This sounds obvious, but merchants who contest chargebacks and win reduce their dispute ratio directly. A 90% win rate versus a 50% win rate is a significant difference in your ratio calculation at volume.

Analyze your dispute patterns. If specific products, marketing channels, or customer segments are generating disproportionate disputes, the VAMP framework makes fixing those root causes urgent rather than nice-to-have.

For a detailed breakdown of the VAMP program including the full threshold table and fee schedule, the Chargemate guide to VAMP 2026 covers everything acquirers communicate to merchants in their remediation calls.

Working With Your Acquirer

If you're already in VAMP monitoring, the acquirer relationship matters. Acquirers have some discretion in how aggressively they enforce remediation timelines, and merchants who show a credible action plan with measurable progress typically receive more cooperation than those who are unresponsive.

Come to remediation calls with your VAMP data analyzed, root causes identified, and specific operational changes already in motion. Acquirers aren't adversaries in these conversations — they don't want to lose your volume either. Help them help you by demonstrating you understand the problem and have a plan.

At Fincoro, VAMP remediation is one of the situations where a specialist perspective consistently moves the needle faster than internal teams operating alone. The program mechanics are nuanced, and the fastest path to getting off the monitoring list involves simultaneous work on fraud prevention, dispute representment, and acquirer communication — all of which require different expertise.