Back to the blog

Visa Fraud and Chargeback Rules: Updated thresholds applicable to all merchants

0.9% is the new magic number for most merchants.

Back in 2016, Visa restructured its compliance programmes, namely Visa Fraud Monitoring Programme (VFMP) and Visa Chargeback Monitoring Programme (VCMP). Their purpose is to protect cardholders against fraud, protect the integrity of the Visa payment system, and introduce a standardised framework across the world. In February 2019, Visa issued a bulletin to announce a revision of these programs which will come into effect as of 1st October 2019.

What is VFMP and VCMP?

The two programmes are very similar, but one focuses on fraud, and the other on chargebacks. Both programs only take into consideration cross-border transactions. This means that only inter- and intraregional transactions are being reviewed.

In the case of VFMP, Visa looks at fraudulent transactions reported in the past month. These will then be divided by the sales of the merchant for the past month in order to get the fraud-to-sales ratio. Both fraud and amount of sales are calculated in USD. The VCMP takes into consideration the chargeback counts received and the sales count for the past month. By doing so, the chargeback ratio (CTR) is obtained.

If a merchant experiences extreme amounts of fraud/chargebacks from a particular card, Visa will only incorporate the first 10 fraudulent transactions or 10 chargebacks from this particular card.

Visa has three thresholds; one that qualifies for a warning, a standard, and an excessive. Whenever a merchant exceeds one of the thresholds, Visa will notify the acquirer. In return, the acquirer is obliged to notify the merchant. Both merchant and acquirer will then work on bringing down the fraud/chargeback levels.

Merchants qualified as high risk (MCC’s: 5962, 5966, 5967, 7995, 5912, 5122), will automatically follow the “excessive” Non-Compliance Assessments (fees/fines), even if they only break the “standard” threshold.

What has changed - the new thresholds

Visas current and new thresholds for their fraud and chargeback programmes

What happens if a merchant exceeds a threshold?

In Visa terms, non-compliant activity triggers a Non-Compliance Assessment, which is equivalent to a fine.

The threshold for “Early warning” triggers a warning. It is a notification to inform both merchant and acquirer to look into the root cause of the increasing levels of fraud and identify any gaps or issues before it becomes a breach.

If a merchant exceeds the “standard” threshold, the merchant will get a four-month workout period, during which they must try to bring down the fraud/chargeback levels. If they do not succeed, they will enter into the enforcement period.

In the VFMP “standard” enforcement period, there are no Non-Compliance Assessments involved. However, the possibility of refuting a chargeback with reason code 93 ‘Fraud’ is no longer an option, even if there is proof. Any fraud-related chargebacks are to be automatically accepted by the merchant.

The standard timeline for Visas fraud programme
VFMP Standard timeline

The VCMP has an enforcement period of 8 months which is split into three separate periods (month 5-7, 8-9, and 10-12). In the first period, the merchant must pay $50 per chargeback, and in the second and third period, the fee is $100. Furthermore, the merchant is subject to a $25,000 review fee in period three.

The standard timeline for Visas chargeback programme
VCMP Standard timeline

What about the excessive threshold?

For high-risk merchants or merchants breaching the VFMP “excessive” threshold, a Non-Compliance Assessment fine is assigned for each month of breaching.

The excessive/high risk timeline for Visas fraud programme
VFMP Excessive/High risk timeline

Furthermore, identified merchants must pay any chargebacks with reason code 93 (Fraud).

Merchants identified as high risk or merchants breaching the “excessive” thresholds must pay $100 per chargeback for the full 12 month period. After month 6, they must also pay a $25,000 review fee.

The excessive/high risk timeline for Visas chargeback programme
VCMP Excessive/High risk timeline

All Non-Compliance Assessments are charged via the acquirer which in return will charge the merchant accordingly.

Exit criteria

A merchant is considered out of the programme when they are below the “standard” thresholds for three consecutive months. Should the merchant ever exceed the thresholds again, it will be considered a new case.

If the merchant is below the threshold for less than three consecutive months before once more breaching the threshold, the programme will continue from the month of the merchant’s last breach. Here’s an example:

Example of a programme overview of merchant going below threshold for 1 month only to go above the month after

NOTE: If a merchant exceeds the “excessive” threshold, they will stay in this category until they manage to stay below the “standard” threshold for three consecutive months and thereby exiting the programme completely.

What if the merchant is in both VFMP and VCMP?

If a merchant exceeds the thresholds for both programmes, they will be tracked in both programmes and receive monthly reports on both but only be subject to the Non-Compliance Assessments of the VCMP.

If the merchant drops below the threshold for VCMP but is still above the VFMP-threshold, the merchant will continue on the VFMP timeline. The table below shows an example of this.

Example of timeline and Non-Compliance Assessments for a merchant in both fraud and chargeback programme

What happens if a merchant is not below the threshold after 12 months?

If a merchant is not below the threshold within 12 months they may be banned from Visa’s payment system, and hence will no longer be allowed to accept Visa payments in their online shop. If you have an acquirer like Clearhaus, we’ll do our best to help you exit the programmes. However, if the thresholds are not lowered within an adequate time frame, the acquiring contract may be terminated with the possibility of being listed on Visa Merchant Alert System (VMAS) due to high fraud or chargebacks.

How can merchants avoid fraud when doing e-Commerce?

These new thresholds encourage online merchants to amp up their fraud protection efforts. There are several measures to be taken to fend of fraudsters:

Want to know more about PSD2 and its Strong Customer Authentication requirement? Download our free e-book here.

If you have any questions regarding Visa’s new fraud thresholds, feel free to write us an email at support@clearhaus.com.

Back to Clearhaus.com