Understanding VAMP Thresholds: The Complete Merchant Reference

The Visa Acquirer Monitoring Program (VAMP) is Visa's unified framework for monitoring merchant fraud and dispute activity. Launched April 1, 2025, it replaced two legacy programs — the Visa Fraud Monitoring Program (VFMP) and the Visa Dispute Monitoring Program (VDMP) — consolidating them into a single ratio, a single set of thresholds, and a single global remediation process.

This article is the foundational reference for how VAMP works: the formula, what counts, what doesn't, how thresholds are structured by entity and region, and how fines are calculated. For coverage of the April 2026 threshold changes and how dispute response fits into VAMP compliance, see our update: Visa's VAMP Program in 2026.

What VAMP Replaced — and Why It Matters

Before VAMP, Visa ran two separate monitoring programs in parallel:

VFMP (Visa Fraud Monitoring Program) — tracked TC40 fraud alerts filed by issuers
VDMP (Visa Dispute Monitoring Program) — tracked TC15 chargeback disputes

Each program had its own ratio, its own threshold, and its own remediation track. A merchant could manage them independently and use tactics like pre-chargeback refunds to keep the VDMP number clean while accepting TC40 exposure — or vice versa.

VAMP ended that separation. It combines TC40s and TC15s into a single numerator divided against your settled transaction volume. The two metrics now interact directly: a single fraudulent transaction can generate both a TC40 and a TC15, contributing twice to the same ratio. That double-counting dynamic is the most significant practical change VAMP introduced, and it's the reason many merchants found their effective exposure higher than expected even before the 2026 threshold reduction.

The VAMP Ratio Formula

Per Visa's official program documentation, the core metric is defined as:

VAMP Ratio = Count of [Fraud (TC40) + Disputes (TC15)] ÷ Count of Settled Transactions (TC05)

This is a count-based ratio, not value-based. The dollar amount of each transaction is irrelevant — a $5 fraud report counts the same as a $5,000 one. This is a meaningful shift from older frameworks that weighted by transaction value and is why high-volume, lower-value merchants are more exposed under VAMP than they were under the prior programs.

What counts in the numerator

TC40 — Fraud alerts. Filed by the issuing bank when a cardholder reports a transaction as fraudulent. A TC40 does not require a chargeback to have been raised — issuers can file a TC40 on any authorized transaction, including small-value ones they decide aren't worth disputing. Every TC40 counts in your numerator regardless of whether a chargeback follows.

TC15 — All disputes. VAMP captures the full dispute universe across all reason codes: fraud-coded chargebacks (Dispute Condition 10.4), merchandise not received (13.1), item not as described (13.3), authorization disputes (11.x), and processing errors (12.x). Non-fraud disputes count equally alongside fraud disputes.

What counts in the denominator

TC05 — Settled CNP transactions only. Only card-not-present VisaNet transactions are included in VAMP calculations — domestic and cross-border. In-person, card-present transactions are excluded entirely. This means your card-present volume provides no ratio benefit; only your CNP settled volume is in the denominator.

What is excluded from the ratio

Two exclusions are documented in the Visa program fact sheet, both contingent on the timing of the data extract:

TC15 disputes resolved through pre-dispute solutions (RDR, CDRN, Order Insight) — excluded when resolved before the chargeback is filed, within the same calendar month
TC40 fraud alerts qualified for Compelling Evidence 3.0 — excluded when successfully resolved within the same calendar month as the dispute

These two exclusions are the primary operational levers available for reducing your ratio after transactions have already occurred. They are timing-sensitive — if resolution and dispute fall in different calendar months, the exclusion does not apply.

The Double-Counting Mechanic

The most important practical consequence of the unified formula is double-counting. When a cardholder reports fraud on a transaction:

The issuer files a TC40 → +1 to your VAMP numerator
If the TC40 is not resolved before a chargeback is raised, a TC15 follows → +1 to your VAMP numerator

One transaction, two VAMP events. Under the previous programs, a proactive pre-chargeback refund would have kept this out of the VDMP ratio entirely. Under VAMP, the TC40 remains in the ratio regardless of whether you refund — the only mechanism that removes a TC40 is Compelling Evidence 3.0. RDR resolves the TC15 but leaves the TC40 in place.

For merchants with high fraud-coded dispute rates, this mechanic is the primary driver of ratio inflation relative to what they experienced under VFMP/VDMP.

Minimum Event Count

VAMP does not assess every merchant regardless of size. The minimum monthly event count required for Excessive merchant classification is:

US, Canada, EU, APAC: ≥ 1,500 combined TC40s and TC15s per month
CEMEA: ≥ 150 combined events AND ≥ USD 75,000 in transaction value

Merchants below these counts are not formally assessed for Excessive classification by Visa. This does not mean acquirers cannot apply their own internal standards independently — many do, at thresholds below these floors.

Threshold Structure: Acquirers vs. Merchants

VAMP operates at two distinct levels — acquirer portfolio and individual merchant — with meaningfully different thresholds at each level.

Acquirer portfolio thresholds

Classification	VAMP Ratio	Fine per Event
Standard	< 0.5%	No fine
Above Standard	≥ 0.5% (50 bps)	$4 per TC40 / TC15
Excessive	≥ 0.7% (70 bps)	$8 per TC40 / TC15

Acquirer thresholds apply to the aggregate ratio across their entire merchant portfolio. An acquirer whose portfolio ratio reaches Above Standard must submit a remediation plan to Visa and is expected to apply pressure to the merchants within their portfolio contributing to the problem. At Excessive, fines apply directly to the acquirer on every TC40 and TC15 event across the affected portfolio.

The gap between the merchant Excessive threshold (1.5%) and the acquirer Excessive threshold (0.7%) is significant and deliberate. A merchant operating at 1.2% — technically compliant at the merchant level — can still be contributing disproportionately to an acquirer whose portfolio is approaching 0.5%. This is why acquirers routinely set internal merchant thresholds well below Visa's published 1.5% line.

Merchant thresholds by region

Region	Classification	VAMP Ratio	Fine per Event
US, Canada, EU, APAC	Excessive (from Apr 1, 2026)	≥ 1.5% (150 bps)	$8 per TC40 / TC15
LATAM	Excessive	≥ 1.5% (150 bps)	$8 per TC40 / TC15
CEMEA	Excessive	≥ 2.2% (220 bps) + ≥150 events + ≥USD 75k	$8 per TC40 / TC15

There is only one merchant classification tier under VAMP: Excessive. There is no "Above Standard" for merchants, no "Early Warning" tier, and no escalating fine structure based on severity. If you are above threshold in a given month, you are Excessive and fines apply. If you are below threshold, there is no monitoring classification.

How fines are calculated

Fines are assessed per individual TC40 and TC15 event in a month where the Excessive threshold is breached — not per total settled transaction. A merchant with 80 combined TC40s and TC15s in an Excessive month pays $8 × 80 = $640 in VAMP fines for that month. Because a single fraudulent transaction can generate both a TC40 and a TC15, that one transaction can cost $16 in fines on its own.

Fines apply to the entire month's TC40 and TC15 count — not just the events that pushed you over the threshold.

The Enumeration Ratio — A Separate Metric

In addition to the VAMP ratio, Visa separately monitors automated card testing attacks through the Enumeration Ratio. This is a distinct metric with its own threshold and minimum count:

Enumeration Ratio = Count of Enumerated Authorization Transactions (Approved + Declined) ÷ Count of Authorization Transactions (Approved + Declined)

Threshold	Minimum Count
≥ 2,000 bps (20%) of authorization attempts	≥ 300,000 enumerated transactions

Two things are critical to understand about this metric. First, enumerated transactions are confirmed by Visa's Account Attack Intelligence (VAAI) system — not self-reported. Second, both approved and declined authorization attempts count. A bot probing your payment gateway with stolen card numbers inflates the Enumeration Ratio whether every attempt is declined or not. Blocking at authorization is insufficient — detection must happen before transactions reach the authorization layer.

Exceeding the Enumeration Ratio carries the same Excessive classification and fine structure as exceeding the VAMP ratio.

VAMP Is Evaluated Monthly — With No Rolling Average

VAMP compliance is calculated on a calendar month basis with no rolling average, no grace window within a month, and no carry-forward provisions. If your ratio is Excessive in March, you are in the VAMP program for March — regardless of your February or April performance.

One provision exists for first-time program entry: merchants who have been outside the VAMP program for at least 12 months on a rolling basis receive a three-month grace period before fines are assessed on their first re-entry. This applies only to first re-entry after a clean 12-month window — it is not a general buffer.

There is no "exit period" requiring consecutive months below threshold. VAMP classification is simply the state of your ratio in each individual month.

How VAMP Is Calculated — Descriptor Level

VAMP metrics are calculated by merchant descriptor, not purely by MID. Visa has confirmed that merchants who believe their descriptors should be grouped differently should engage their acquirer directly. For merchants with multiple product lines or transaction types mapped to different descriptors, this means your ratio can vary meaningfully depending on how transaction volume is distributed. A single MID with multiple descriptors may have some descriptors well within compliance and others above threshold — and VAMP treats them separately.

The Acquirer Relationship Under VAMP

The most practically impactful dimension of VAMP for enterprise merchants is how it restructures the acquirer relationship. Before VAMP, acquirers had meaningful flexibility to balance high-risk and low-risk merchants within their portfolios. The new acquirer portfolio thresholds — 0.5% Above Standard, 0.7% Excessive — significantly constrain that flexibility.

An acquirer cannot afford to carry several merchants in the 1.0%–1.5% range without it threatening their own portfolio ratio. The practical result is that many processors have set internal merchant thresholds between 1.0% and 1.2%, well below Visa's published 1.5%. A merchant technically compliant with Visa's threshold may still face acquirer pressure, higher reserve requirements, or relationship termination if they are contributing disproportionately to the acquirer's portfolio ratio.

This means your VAMP compliance target is not Visa's published threshold — it is your acquirer's internal threshold. The only way to know what that is, is to ask directly.

Key Dates

Date	Event
April 1, 2025	VAMP launches, replaces VFMP and VDMP
June 1, 2025	Program thresholds take effect
September 30, 2025	Advisory period ends
October 1, 2025	Enforcement begins — fines for Excessive merchants
January 1, 2026	Stricter Above Standard thresholds for acquirers
April 1, 2026	Merchant Excessive threshold: 2.2% → 1.5% (US, Canada, EU, APAC)

Calculate Your Ratio

Use Disputed.ai's free VAMP Compliance Calculator to estimate your current ratio against the thresholds above — including modeling the double-counting impact of fraud-coded disputes.

Check Your VAMP Ratio

For the April 2026 enforcement update — what changed, why it matters, how CE3.0 and dispute response fit into compliance strategy — read: Visa's VAMP Program in 2026

Sources: Visa Acquirer Monitoring Program Fact Sheet (official, corporate.visa.com); Compelling Evidence 3.0 Merchant Readiness (official, usa.visa.com)