Fraud and dispute monitoring programs

As part of your financial obligations to card networks (for example, Visa and Mastercard), you need to ensure that disputes (chargebacks) and fraud in your store are kept at acceptable levels. If the amount of chargbacks or fraud exceed the thresholds as set by the card networks, then you might be placed in a dispute and/or fraud monitoring program. As part of these programs, you might incur monthly fines and additional fees.

Visa monitoring programs

Visa has two monitoring programs, the Visa Dispute Monitoring Program (VDMP) and the Visa Fraud Monitoring Program (VFMP). Every month, Visa reviews your transactions to determine if you've exceeded the threshold to be placed into a monitoring program.

There are three sets of thresholds for Visa's monitoring programs: Early Warning, Standard, and Excessive. When a merchant crosses a threshold, they remain in that monitoring level until they leave the program. For example, Sven's store receives chargebacks accounting for more than 0.9% of their total transactions, and are placed in the VDMP at the Standard level. The next month, this level of chargebacks increases to 2.1%. This crosses the threshold for the Excessive level of 1.8%. Sven's store remains in the Excessive monitoring level until they leave the program entirely, even if their disputes fall below the Excessive threshold of 1.8%.

Visa removes you from a monitoring program when your level of disputes or fraud is reduced to below the Standard threshold for three consecutive months, referred to as the tracking period. If the threshold is exceeded during the tracking period, then the original timeline resumes rather than starting over. For example, Susan's store has fraudulent transactions that account for more than 0.9% of their total transactions, and are placed in the VFMP. They remain at this level for six months. The next month, this level decreases to 0.6%, and they enter the tracking period. The month after that, fraudulent transactions account for 1.2% of their total transactions. The VFMP resumes at month seven, rather than starting over at month one.

Visa Dispute Monitoring Program

The VDMP applies to merchants with an unusually high level of chargebacks on their account. At the beginning of each month, Visa reviews your previous month's activity to determine if it exceeds their established thresholds.

Merchants are placed in the VDMP if they meet or exceed the thresholds on one or both of the following criteria:

Dispute count: The total number of transactions that have been disputed.
Dispute rate: The total percentage of disputed transactions compared to total transactions.

Descriptions of monitoring levels in the VDMP.
Monitoring level	Dispute count	Dispute rate	Penalties
Early warning	75	0.65%	No fines. Actions can be taken to reduce the amount of disputes before fines start to be applied.
Standard	100	0.9%	1-4 months: No fines. 5-9 months: 50 USD per dispute. 10-11 months: 50 USD per dispute. Merchants outside the European Union are subject to a 25,000 USD review fee. Merchants might be subject to an audit. 12+ months: 50 USD per dispute. Merchants are subject to a 25,000 USD review fee. Merchants might be subject to an audit. After 12 months, merchants in this program are eligible for disqualification by Visa. If disqualified, you can no longer process Visa payments.
Excessive	1,000	1.8%	1-6 months: 50 USD per dispute. 7-11 months: 50 USD per dispute. Merchants outside the European Union may be subject to a 25,000 USD review fee. 10-11 months: 50 USD per dispute. Merchants outside the European Union may be subject to a 25,000 USD review fee. 12+ months: 50 USD per dispute. Merchants may be subject to a 25,000 USD review fee. After 12 months, merchants are eligible for disqualification by Visa. If disqualified, you can no longer process Visa payments.

Visa Fraud Monitoring Program

The VFMP applies to merchants who have excessive amounts of fraud on their account. Fraud is defined as a transaction that isn't authorized by the cardholder. This isn't the same as a chargeback, though fraudulent transactions often lead to a chargeback issued by the cardholder. At the beginning of each month, Visa reviews your previous month's activity to determine if it exceeds their established thresholds.

Merchants are placed in the VFMP if they meet or exceed the thresholds on one or both of the following criteria:

Fraud volume: The total amount of fraudulent transactions in USD.
Fraud rate: The total percentage of fraudulent transactions compared to total transactions.

The following table lists the thresholds and penalties for the VFMP.

Descriptions of monitoring levels in the VFMP.
Monitoring level	Fraud volume	Fraud rate	Penalties
Early warning	50,000 USD	0.65%	No fines. Actions can be taken to reduce the amount of fraud before fines start to be applied.
Standard	75,000 USD	0.9%	US merchants lose liability shift for 3D Secure transactions immediately. Merchants in other countries and regions lose liability shift at month five. Liability shift isn't restored until the program is exited by reducing fraud levels and completing the three-month tracking period. 1-4 months: No fines. 5-6 months: 25,000 USD. 7-9 months: 50,000 USD. 10-12 months: 75,000 USD. After 12 months, merchants are eligible for disqualification by Visa. If disqualified, you can no longer process Visa payments.
Excessive	250,000 USD	1.8%	Merchants outside of the US lose liability shift for 3D Secure transactions immediately. Liability shift isn't restored until the program is exited by reducing fraud levels and completing the three-month tracking period. 1-3 months: 10,000 USD. 4-6 months: 25,000 USD. 7-9 months: 50,000 USD. 10-12 months: 75,000 USD. 12+ months: 75,000+ USD. After 12 months, merchants are eligible for disqualification by Visa. If disqualified, you can no longer process Visa payments.

Visa Fraud Monitoring Program (3DS for US merchants only)

Visa has a VFMP program specifically for US merchants who have excessive amounts of domestic 3D Secure fraud on their account. At the beginning of each month, Visa reviews your previous month's activity to determine if it exceeds their established thresholds.

US merchants are placed in the 3DS VFMP if they meet or exceed the thresholds on all of the following criteria:

Fraud volume: The total amount of domestic Visa 3DS fraudulent transactions in USD.
Fraud rate: The total percentage of fraudulent transactions compared to total domestic 3DS transactions.

Descriptions of monitoring levels in the US-only 3DS VFMP.
Monitoring level	Fraud volume	Fraud rate	Penalties
Early warning	50,000 USD	0.5%	No fines. Actions can be taken to reduce the amount of fraud before fines start to be applied.
Standard	75,000 USD	0.9%	No fines, but merchants lose liability shift for 3D Secure transactions. Liability shift isn't restored until the program is exited by reducing fraud levels and completing the three-month tracking period.

Visa Fraud Monitoring Program (Digital Merchants)

Visa also has a VFMP program specifically for merchants that sell digital goods. This program is in the advisory period and will become active as of April 1, 2024. This program affects merchants with the following merchant category codes:

5735 — Record Stores
5815 — Digital Goods Media — Books, Movies, Digital artwork/images, Music
5816 — Digital Goods — Games
5817 — Digital Goods — Applications (Excludes Games)
5818 — Digital Goods — Large Digital Goods Merchant

At the beginning of each month, Visa reviews your previous month's activity to determine if it exceeds their established thresholds.

Merchants are placed in the digital goods VFMP if they meet or exceed the thresholds on all of the following criteria:

Fraud volume: The total amount of fraudulent transactions in USD.
Fraud count: The total number of fraudulent transactions.
Fraud rate: The total percentage of fraudulent transactions compared to total transactions.

Descriptions of monitoring levels in the digital goods VFMP.
Monitoring level	Fraud volume	Fraud count	Fraud rate	Penalties
Early warning	15,000 USD	150	0.45%	No fines. Actions can be taken to reduce the amount of fraud before fines start to be applied.
Standard	25,000 USD	300	0.9%	Merchants lose liability shift for 3D Secure transactions at month five. Liability shift isn't restored until the program is exited by reducing fraud levels and completing the three-month tracking period. 1-4 months: No fines. 5-6 months: 25,000 USD. 7-9 months: 50,000 USD. 10-12 months: 75,000 USD. 12+ months: 75,000 USD. After 12 months, merchants are eligible for disqualification by Visa. If disqualified, you can no longer process Visa payments.

Mastercard monitoring programs

Mastercard has two monitoring programs, the Excessive Chargeback Program (ECP) and the Excessive Fraud Merchant (EFM) compliance program. Every month, Mastercard reviews your transactions to determine if you've exceeded the threshold to be placed into a monitoring program.

The ECP has two levels: Excessive Chargeback Merchant (ECM) and High Excessive Chargeback Merchant (HECM).

Mastercard removes you from ECM when your level of disputes is reduced to below ECM thresholds for three consecutive months. To be removed from EFM, you need to avoid at least one of the conditions for three consecutive months.

Mastercard Excessive Chargeback Program

Merchants are placed in the ECP if they meet or exceed the thresholds on both of the following criteria:

Dispute count: The total number of transactions that have been disputed.
Dispute rate: The total percentage of disputed transactions compared to total transactions.

Descriptions of monitoring levels in Mastercard's chargeback monitoring programs.
Monitoring level	Dispute count	Dispute rate	Penalties
ECM	100-299	1.5%-2.99%	1 month: No fines. 2 months: 1,000 USD. 3 months: 2,000 USD. 4-6 months: 5,000 USD, plus issuer recovery assessment. 7-11 months: 25,000 USD, plus issuer recovery assessment. 12-18 months: 50,000 USD, plus issuer recovery assessment. 19+ months: 100,000 USD, plus issuer recovery assessment. After four months, merchants are subject to issuer recovery assessment. This assessment adds an additional 5 USD fee for every chargeback after your 300th chargeback in a month.
HECM	300+	3%	1 month: No fines. 2 months: 1,000 USD. 3 months: 2,000 USD. 4-6 months: 10,000 USD, plus issuer recovery assessment. 7-11 months: 50,000 USD, plus issuer recovery assessment. 12-18 months: 100,000 USD, plus issuer recovery assessment. 19+ months: 200,000 USD, plus issuer recovery assessment. After four months, merchants are subject to issuer recovery assessment. This assessment adds an additional 5 USD fee for every chargeback after your 300th chargeback in a month.

Mastercard Excessive Fraud Merchant compliance program

Mastercard's process for determining if a merchant is placed into EFM is similar to their calculations for ECP, except that the fraud chargeback rate is calculated using only fraudulent chargebacks.

Merchants are placed in the EFM program if they meet or exceed the thresholds on all of the following criteria:

Payment count: The total number of ecommerce Mastercard payments.
Fraud volume: The total amount of fraudulent chargebacks in USD, calculated by using dispute reason codes (reason code 4837 and 4863).
Fraud rate: The total percentage of fraudulent transactions compared to total transactions.
3DS rate: The total percentage of 3DS Mastercard payments compared to total payments.

Description of monitoring in the EFM.
Payment count greater than	Fraud volume greater than	Fraud chargeback rate greater than	Total 3DS rate less than	Penalties
1,000 or more	50,000 or more	0.50% or more	10% of total Mastercard count (non-regulated countries) 50% of total Mastercard count (regulated countries)	1 month: No fines. 2 months: 500 USD. 3 months: 1,000 USD. 4-6 months: 5,000 USD. 7-11 months: 25,000 USD. 12-18 months: 50,000 USD. 19+ months: 100,000 USD.