One requirement when processing payments is keeping your dispute rate and fraudulent dispute rate at reasonable levels. If these rates exceed certain limits set by the networks (i.e. Mastercard and Visa), you will be placed onto one of their monitoring programs. Upon entering the program, you may incur additional processing fees, monthly fines, and other associated penalties for being tagged as a risky merchant (for example increased payment declines). Extended participation in these fraud monitoring programs can lead to termination of your processing account.
It is reported less than 5% of merchant accounts ever enter VDMP (and less than 1% enter VFMP), though while rare, it is imperative if you enter either program you take immediate and aggressive steps to leaving. Failure to minimize dispute rates while in VDMP is putting your business' ability to accept credit payments at risk.
How is VFMP different from VDMP?
VFMP, unlike VDMP, only considers fraudulent coded disputes. That is, if a cardholder disputes a charge for a reason code other than fraud (for example, subscription cancelled, product not recieved etc.) it does not count towards your VFMP score.
Because VFMP only counts a subset of total disputes, and there are volume requirements for VFMP (unlike VDMP which has just count requirements), entering VFMP is exceedingly rare and is only applicable for merchants processing large volume.
VFMP: Visa Fraud Monitoring Program
VFMP applies to merchants with excessive levels of fraud. In order to qualify for VFMP, both fraud volume and fraud rate levels must be met. For this reason, the minimum amount of processing volume before a merchant would be at risk of VFMP is typically ~$10M/mo.
It is worth noting, that transaction refunded via EFWs (early fraud warning webhooks, sourced from TC40 reports), as well as certain kind of Ethoca alerts (Ethoca alerts sourced from card schemes rather than issuers) still count towards VFMP. Additionally, RDR refunded fraudulent disputes still count towards VFMP. For this reason, VFMP is much more challenging to avoid, however it is also much more difficult to be placed on.
Fraud rate = fraudulent disputes / total number of successful payments
| Tier | Fraud Volume | Fraud Rate | Fines |
|---|---|---|---|
| Early Warning | $50,000 | 0.65% | None. |
| Standard | $75,000 | 0.90% | Starting in Month 4: $25-75K/mo |
| Excessive | $250,000 | 1.80% | Starting in Month 1: $10-75K/mo |
Based on Chargeblast's connected account data, the average merchant has 55% of their disputes coded as fraud. Since the disputes coded for reasons other than fraud do not count towards VFMP, a merchant's organic dispute rate would need to be 2%+ for them to be at risk of hitting the fraud rate requirement.
Fraud code type 3 (fraudulent application) do not count per Visa rules. These are fraud disputes in card present environments where a bogus application is used.
How to get off VFMP
Exiting VFMP requires keeping fraudulent dispute rates at 0.65% for a prolonged period of 3 months. Some easy wins are to move disputes coded for fraud to non-fraud codes. This can be done through clear communications with cardholders and billing receipts directly embedded within cardholder banking apps.
Pre-dispute Alerts
Pre-dispute alerts, while not a magic bullet for VFMP, can help to reduce number of fraud coded disputes that ever hit the acquiring bank. Sign up for Chargeblast to receive pre-dispute notifications. Merchants on Chargeblast experience up to 99% reduction in all coded disputes & 60% reduction in fraud coded disputes.
Use 3DS
While certain stages of VFMP negate the ability of the merchant to get a liability shift from 3DS, mandating 3DS on all card types can be a great way to reduce fraud, and a way to avoid entering VFMP all together.
Fraud consultation services
Understanding the underlying reason for the fraud to occur can help to implement highly targeted blocking rules. Chargeblast agency partner, Yeeld, can work with you to develop these custom rulesets.
Chargeblast has experience working with large merchants on VFMP, including a merchant processing $40M GMV/mo who was placed on VFMP as a result of a fraud attack.
